Thanks Rowland. That makes sense :-)
BTW, Is the following code enough to change the password with python-ldap?
con.sasl_interactive_bind_s("", sasl_auth)
mod_attrs = [
(ldap.MOD_REPLACE, 'unicodePwd', new_password),
(ldap.MOD_REPLACE, 'unicodePwd', new_password)
]
con.modify_s('CN=%s,CN=Users,DC=lxc,DC=com % username, mod_attrs)
Thanks!
Regards,
Norberto
2015-05-06 4:32 GMT-03:00 Rowland Penny <rowlandpenny at
googlemail.com>:> On 05/05/15 20:31, ?? wrote:
>>
>> Hello,
>>
>> For a portal I'm working on, I need to know if changing the
unicodePwd
>> attr with LDAP also updates pwdLastSet (so the account doesn't get
>> locked). It seems the answer is yes, but the value I get from
>> pwdLastSet is somewhat weird:
>>
>> pwdLastSet: 130753269490000000
>>
>> That is Wed, 08 Jun 2011 11:31:34 GMT
>>
>> Why? Is that epoch or something else? Is there anything else I need to
>> update when I change the user password using ldap?
>>
>> Thanks!
>>
>> Regards,
>> Norberto
>
>
> Not weird, wrong epoch :-)
>
> With windows epoch: Tue, 05 May 2015 19:15:49
> with windows epoch: Wed, 08 Jun 2011 11:31:34
>
> Windows uses an epoch staring at Jan 1, 1601
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2015-May-07 08:06 UTC
[Samba] Using ldap to check last password modification date
On 06/05/15 15:59, ?? wrote:> Thanks Rowland. That makes sense :-) > > BTW, Is the following code enough to change the password with python-ldap? > > con.sasl_interactive_bind_s("", sasl_auth) > mod_attrs = [ > (ldap.MOD_REPLACE, 'unicodePwd', new_password), > (ldap.MOD_REPLACE, 'unicodePwd', new_password) > ] > con.modify_s('CN=%s,CN=Users,DC=lxc,DC=com % username, mod_attrs) > > > Thanks! > > Regards, > Norberto > > > > 2015-05-06 4:32 GMT-03:00 Rowland Penny <rowlandpenny at googlemail.com>: >> On 05/05/15 20:31, ?? wrote: >>> Hello, >>> >>> For a portal I'm working on, I need to know if changing the unicodePwd >>> attr with LDAP also updates pwdLastSet (so the account doesn't get >>> locked). It seems the answer is yes, but the value I get from >>> pwdLastSet is somewhat weird: >>> >>> pwdLastSet: 130753269490000000 >>> >>> That is Wed, 08 Jun 2011 11:31:34 GMT >>> >>> Why? Is that epoch or something else? Is there anything else I need to >>> update when I change the user password using ldap? >>> >>> Thanks! >>> >>> Regards, >>> Norberto >> >> Not weird, wrong epoch :-) >> >> With windows epoch: Tue, 05 May 2015 19:15:49 >> with windows epoch: Wed, 08 Jun 2011 11:31:34 >> >> Windows uses an epoch staring at Jan 1, 1601 >> >> Rowland >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/sambaI have said this before, but I will say it again, to me python is a very big snake :-D Or in other words, I have no idea, what I do know is that you either need to do the password change on the DC acting directly on sam.ldb, or you need to do it over ssl from another machine. The password needs to be a unicode password, if you were using bash, you would do this to get the password: echo -n "\"${PASSWORD}\"" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0 Rowland
2015-05-07 5:06 GMT-03:00 Rowland Penny <rowlandpenny at googlemail.com>:> I have said this before, but I will say it again, to me python is a very big > snake :-DYes, I'm sorry. I didn't meant to scare you... btw, I also said "ldap" :-)> Or in other words, I have no idea, what I do know is that you either need to > do the password change on the DC acting directly on sam.ldb, or you need to > do it over ssl from another machine.I'll take the risk. If I find problems I'll switch to some ssh glue to update the password with samba-tool. Thanks Rowland! Best regards, Norberto