Re: unicodePwd

[Christian Kratzer <ck-lists@cksoft.de>]

Hi,

On Thu, 3 Apr 2014, Jean-Marc Choulet wrote:

> Hello Michael,
>
> And, if I want to use openldap API to change AD user password in C/C++. I can 
> do that with Perl without problem but not with openldap library and C/C++. Do 
> you have a example (or some documentation) for me ?

see the ldpapasswd cli tool in the openldap source code.

Greetings
Christian
> Thanks,
>
> Jean-Marc
>
> Le 02/04/2014 20:55, Michael StrÃder a Ãcrit :
> > Jean-Marc Choulet wrote:
> > > I want to convert my client (ADSI and C++) for use OpenLDAP. I know I must
> > > encode the unicodePwd. With ADSI, Miscrosoft give me some functions to do
> > > that. How can I do same things from OpenLDAP ?
> > The best way of setting a password is to use the LDAP Password Modify 
> > Extended
> > Operation as described in RFC 3062 and let the server generate the password 
> > hash:
> >
> > http://tools.ietf.org/html/rfc3062
> >
> > The second way is to send a modify request for replacing password with a
> > client-side hashed userPassword value.
> >
> > An (incomplete) attempt to describe the variants was made here:
> > http://tools.ietf.org/html/draft-stroeder-hashed-userpassword-values
> >
> > Some more information here:
> > http://www.openldap.org/faq/data/cache/419.html
> >
> > Some server implementations are capable of auto-hashing clear-text
> > userPassword values at the server-side, e.g. OpenLDAP with slapo-ppolicy 
> > and
> > config directive ppolicy_hash_cleartext. But that depends on server 
> > configuration.
> >
> > Ciao, Michael.

--
Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/