Home » RDBMS Server » Security » Active Directory Password change
Active Directory Password change [message #47520] Wed, 25 August 2004 13:35 Go to next message
Tony
Messages: 190
Registered: June 2001
Senior Member
Hello.

I am using the dbms_ldap package to connect to a Microsoft Active Directory LDAP server.  In particular, I am trying to change the user's password, which is stored in the unicodePwd attribute of Active Directory.

I believe I am having trouble forming the correct syntax for the password.  According the Microsoft...

"The syntax of the unicodePwd attribute is octet-string; however, the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). This means that any values for this attribute passed in LDAP must be UNICODE strings that are BER-encoded (Basic Encoding Rules) as an octet-string. In addition, the UNICODE string must begin and end in quotes that are not part of the desired password."

I successfully connect via SSL to the server, but so far, I have been unable to form the password as specified above.  That is, if I want the password to be "super", how would I go about coding this so that it meets the specifications above?

Any help and sample code would be greatly appreciated.

Thank you,

Tony

Report message to a moderator

Re: Active Directory Password change [message #48665 is a reply to message #47520] Tue, 07 December 2004 15:49 Go to previous messageGo to next message
Fred Bouchard
Messages: 1
Registered: December 2004
Junior Member
Hi,

I'm trying to do the same thing...Change the "unicodePwd" attribute in Active Directory with DBMS_LDAP.

Have you Succeeded ?

If yes, How did you form the password in format BER in PL/SQL ?

Do you have an example of code ?

Thanks in advance.
I hope you will answer, cause I really don't know where to find answer about that

Report message to a moderator

Re: Active Directory Password change [message #226455 is a reply to message #48665] Fri, 23 March 2007 16:30 Go to previous messageGo to next message
jbazil
Messages: 1
Registered: March 2007
Junior Member
Hi,

I am trying to change the password in Active Directory using the dbms_ldap. But I am unable to do it. I am getting the following error:

RA-31202: DBMS_LDAP: LDAP client/server error: DSA is unwilling to perform. 0000001F: SvcErr:
SID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

Following is my code:

DECLARE
l_retval PLS_INTEGER;
l_my_session DBMS_LDAP.SESSION;
l_ldap_host VARCHAR2(256) ;
l_ldap_port NUMBER ;
l_ldap_user VARCHAR2(256) ;
l_ldap_passwd VARCHAR2(256);
l_record_dn VARCHAR2(1000);
l_attr_values DBMS_LDAP.STRING_COLLECTION;
l_attr_mod_array DBMS_LDAP.MOD_ARRAY;
l_test number;
l_password RAW(1000):= UTL_RAW.cast_to_raw('P@ssw0rd1');

--- l_password NUMBER := (UTL_RAW.cast_to_raw('"P@ssw0rd1"'));
BEGIN
l_test := dbms_ldap.AUTH_SIMPLE;
l_ldap_host := '147.11.57.171';
l_ldap_port := 636 ;
l_ldap_passwd:='P@gfgfgfgfgg';
l_record_dn := 'CN=Firstname Lastname,OU=Contractors,OU=Accounts,OU=ALA,OU=AMER,OU=WRS-Regions,DC=corpt1,DC=adt1,DC=wrs,DC=com';
l_my_session := dbms_ldap.init(l_ldap_host,l_ldap_port);
l_retval := dbms_ldap.open_ssl(l_my_session, 'file:/opt/vendor/app/oracle/ERPWALLET/oracle', 'abcd1234', 2);
l_retval := dbms_ldap.bind_s(l_my_session, 'svc-oid' ,l_ldap_passwd, dbms_ldap.AUTH_SIMPLE);
l_attr_mod_array := dbms_ldap.create_mod_array(99);
l_attr_values(1) := '"'||l_password||'"';
dbms_ldap.populate_mod_array(l_attr_mod_array, dbms_ldap.mod_replace,'unicodePwd', l_attr_values);
l_retval := dbms_ldap.modify_s(l_my_session, l_record_dn, l_attr_mod_array);
l_retval := dbms_ldap.unbind_s(l_my_session);
exception
when others then
dbms_output.put_line(substr(sqlerrm, 1, 200));
END;
/

Report message to a moderator

Re: Active Directory Password change [message #275219 is a reply to message #48665] Thu, 18 October 2007 17:43 Go to previous messageGo to next message
motikem
Messages: 1
Registered: October 2007
Location: Los Angeles
Junior Member
Did you ever figure out how to do this? I'm trying to do the same thing, but some AD experts in my organization say that you can't just mod the password field because AD won't do other functions it performs when a password is changed, such as set the change date. I am attempting the same thing in a very similar fashion.

Report message to a moderator

Re: Active Directory Password change [message #363307 is a reply to message #275219] Fri, 05 December 2008 15:10 Go to previous message
anand_study
Messages: 2
Registered: November 2005
Location: USA
Junior Member
Following Oracle Metalink Notes may be of use:

NOTE:344560.1 How To Create a Custom On Demand Change Password Application for OID users

NOTE:263700.1 How to use SSL mode with the DBMS_LDAP API routines

AA

Report message to a moderator

Previous Topic: SELECT_CATALOG_ROLE
Next Topic: password creation in oracle 10g
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Jan 02 18:27:00 CST 2025
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.