[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active directory and openldap

Or simply because I forgot to put :: after the unicodePwd.
It has been under my nose for two days and I haven't been able to see it!


Mark.Benson@propero.net wrote:

keep on meeting the
following error:

Constraint violation
additional info: 0000216C: AtrErr: DSID-031D0AC0, #1:
0: 0000216C: DSID-031D0AC0, problem 1005 (CONSTRAINT_ATT_TYPE),
data 0, Att 9005a (unicodePwd)

This happens in AD when the unicodePwd is badly formatted.

Create an LDIF file like this with the dn set correctly. (This changes the
user password to secret).

dn: CN=yourname,cn=users,dc=aaa,dc=bbb,dc=ccc
changetype: modify
replace: unicodePwd
unicodePwd:: IgBzAGUAYwByAGUAdAAiAA===

Modify the AD LDAP entry with

ldapmodify -H ldaps://your-ad-server -D "cn=Administrator",cn=Users,
dc=aaa, dc=bbb,dc=ccc" -W -x -f yournew.ldif

If this works, then your problem is that your unicodePwd is not formatted
correctly. Check my earlier mail. You *must* put it in double-quotes then
put it in unicode then base64 it for binary representation.

Mark Benson

Propero Ltd. UK.