On Mon, 2017-07-10 at 16:39 -0300, Alberto Viana wrote:
> William,
>
> Yes, there's a flag on AD that forces users to reset their passwords, and
> we're using it.... that is the same flag that is set when an account has
> been expired (forcing the user to reset his password).
>
> I don't think that is the problem, my replication user has FULL permission
> in the whole tree, and like I said before I made a script in perl to change
> password directly in AD using the exactly same user that I use on
> replication, and it works, so I've been able to change the user password
> through this script even if this flag is set on AD side.
>
> Here's a snippet of it:
>
> $mesgad = $ldapad->bind("CN=389 Sync Account,OU=APPS,DC=my,DC=domain",
> password => "MY_USER_PASS",
> version => 3 );
>
>
> if ($mail =~ /my_user_test/) {
> printf "$dnad -- $mail -- $san\n";
>
> $mesgad = $ldapad->modify( $dnad,
> replace => {
> unicodePwd => $newUniPW,
> }
>
>
>
> So, basically it does a ldap operation to replace the user password (I
> think that is the same behavior of 389 plugin, am I right?)
I would assume so - but I have not worked on the AD sync code myself. I
was hoping only to eliminate a trivial case. :(
--
Sincerely,
William Brown
Software Engineer
Red Hat, Australia/Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
