I authenticated cn=administrator... and so I could change the password for any user. I did not try it with a 'normal' user.Christian Were you able to authenticate users from ADS...using OpenLDap.. Vishal
Christian Pohl wrote:
Ron Wahler wrote:
I need access to Active Directory User passwords from A remote client. I would like to use ldapsearch has anyone
Configured a client to do that ? what other tools do I need ?
Thanks,
Ron.
I used this config to _change_ the password. Perhaps it works also for reading.
1. Enable SSL for ldap (Microsoft Knowledgebase Article 247078)
2. Root Certificate to openldap-tools: (openldap:.../etc/openldap/ldap.conf: TLS_CACERT /path/to/pem/ca/cert.crt)
5. connect to server here: write new password
ldapmodify -H ldaps://myadserver.company.de -D "cn=administrator,cn=users,dc=mydomain,dc=mycountry" -w -f myldif.ldif
Remark: the servername in the subject _must_ match the one used in the connect string.
See:
247078 HOWTO: Enable Secure Socket Layer (SSL) Communication Over LDAP For Windows 2000 Domain Controllers
269190 HOWTO: Change a Windows 2000 User's Password Through LDAP
Perhaps this helps.
Kind regards,
Chris
Chris
-- Christian Pohl »|secaron
-- The From: and Reply-To: addresses are internal news2mail gateway addresses. Reply to the list or to Christian Pohl <pohl@secaron.de>