I'm currently trying to modify the password of a user on an AD with Python (3) and LDAP module. When my script is finished, everything looks like to be OK. However, the password is the same as before.
Here is my script:
LDAP_SERVER = <domain>
LDAP_USERNAME = <admin_username>
LDAP_PASSWORD = <admin_password>
dn = <DN>
quoted_new_password = '\"' + <new_password> + '\"'
quoted_new_password_bytes = quoted_new_password.encode('UTF-16LE')
ldap_client = ldap.initialize(LDAP_SERVER)
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
ad_user_filter = '(&(objectClass=user)(sAMAccountName=<username-for-password-modification>))'
res = ldap_client.search_s(dn, ldap.SCOPE_SUBTREE, ad_user_filter)
user_dn = (res[0][1]['distinguishedName'][0]).decode("utf-8")
modlist = [ (ldap.MOD_REPLACE, "userPassword", quoted_new_password_bytes)]
ldap_client.modify_s(user_dn, modlist)
The result is a tuple like
(<number>, [], <number>, [])
Then, when I try to connect to the AD (with the same domain), the old password works, but not the new one.
Did I forget something?
EDIT: The result is the same when I put, for example, an empty string as a new password, even if my AD requires at least 14 characters.
EDIT: The last result of "modify_s" is
(103, [], 3, [])
However, 103 code doesn't correspond to anything...
RESOLVED
The domain was ldap://the_domain:389. But it couldn't work because I had to use the secured server: ldaps and not ldap, port 636 and not 389.
So I changed LDAP_SERVER to ldaps://the_domain:636
However, my script didn't work anymore. I taked this script from another post before adapt it:
import ldap3
SERVER = 'ldaps://thedomain:636'
BASE_DN = "DC=domain,DC=com"
LDAP_USERNAME = "admin_username@thedomain.com"
LDAP_PASSWORD = "admin_password"
CURRENT_PWD = "the_current_password"
NEW_PWD = "the_new_password"
SEARCHED_USERNAME = "M_tete_en_l_air"
SEARCH_FILTER = '(&(objectClass=User)(samaccountname='+SEARCHED_USERNAME +'))'
USER_DN = ""
ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, LDAP_USERNAME, LDAP_PASSWORD, auto_bind=True)
conn.start_tls()
conn.search(search_base = BASE_DN,
search_filter = SEARCH_FILTER,
search_scope = ldap3.SUBTREE,
attributes = ['cn', 'givenName'],
paged_size = 5)
for entry in conn.response:
if entry.get("dn") and entry.get("attributes"):
if entry.get("attributes").get("cn"):
USER_DN=entry.get("dn")
print(USER_DN)
success = ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEW_PWD, CURRENT_PWD, controls=None)
print("Password modified: ", success)
(I don't have exactly this script)