3 Replies Latest reply on Mar 20, 2007 10:35 AM by cgsj_usa@yahoo.com

    LDAP password update

    cfMak
      I'm trying to provide the ability for our users to change their domain password from our website.

      The website is located in the DMZ and is not part of the domain.

      I have sucessfully connected and run several LDAP queries. I can authenticate via ldap and all is well.

      When I try to change a password I get various errors depending on the code.

      I'm not sure if the following attribut is even correct. I've seen it used in a php example.

      <CFLDAP ACTION="MODIFY"
      MODIFYTYPE="replace"
      port = "636"
      server = "#serverIP#"
      username = "#domain#\#adminuser#"
      password = "#adminpassword#"
      ATTRIBUTES="unicodepwd=#newtestpassword#"
      DN="#ldapDNLookup.DN#">

      this code provides the following error:
      An error has occured while trying to execute modify :Request: 1 cancelled.
      One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server

      if i don't specify a secure port i get this error:
      An error has occured while trying to execute modify :[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 ].

      Is this possible to do with CFLDAP


        • 1. Re: LDAP password update
          Dmadzia Level 1
          cfMak,
          Have you figured out how to do this yet? I am trying to figure this out as well. I do LDAP querys/updates all of the time, but replacing a user's password has me stumped. I get the exact same error (WILL_NOT_PERFORM). I have been trying to decipher Microsoft's KB article:
          http://support.microsoft.com/?kbid=269190 and am trying to figure out how to covert the password to:
          "the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). This means that any values for this attribute passed in LDAP must be UNICODE strings that are BER-encoded (Basic Encoding Rules) as an octet-string. In addition, the UNICODE string must begin and end in quotes that are not part of the desired password."
          Also LDAP must be using SSL (which I am using).
          There has got to be a way!?!

          P.S. I found an workaround from this forum which I haven't tried yet (and really don't want to use, as you should be able to do this through LDAP.) It is to to a <cfexecute> net user <username> <password> /domain

          Thanks,
          Dan
          • 2. Re: LDAP password update
            Dmadzia Level 1
            Well, since no one reads or answers these forums (especially Adobe), does anyone know a better CF forum I can ask this question?
            • 3. Re: LDAP password update
              cgsj_usa@yahoo.com Level 1
              Hello all. I change/re-set a user's password by calling, via cfexecute, a batch file which uses dsmod.exe. I hope that this helps. Thanks.

              Chris