Python 3.5, ldap3 and modify_password()

Question

I\'ve been pulling my hair out trying to send a request to update my own password via a script. here is the code:

#!/usr/bin/python3.5

from ldap3 import Server,         


        

Answer 1

Try with ldaps:// instead of ldap://. or dont use the scheme at all and pass use_ssl=True in the Server definition. AD connection must use ssl to modify the password.

Answer 2

ldap3.modify_password() as of version 0.9.4.2 doesn't work with Active Directory, because it uses the Password Modify Extended Operation, which isn't supported by AD. MS found a way to do things different with AD, it seems. The ldap3 author (cannatag) was aware of this and added ad_modify_password() shortly after. You'll have to use a newer release of ldap3.

Answer 3

Which version of ldap3 are you using? From the source code of ldap3 version 2.2 it would seem to me that the function should be use in a similar way:

#!/usr/bin/python3.5
from ldap3 import Server, Connection, NTLM, ALL
server = Server('ldap://192.168.0.80', use_ssl=True)
conn = Connection(server, user="local\\dctest", password="Pa55word1", authentication=NTLM, auto_bind=True)
res = ldap3.extend.microsoft.modifyPassword(conn, user, "new_Pa55word2", "old_Pa55word1")

Answer 4

OK thank you to everyone for your help, and the developers on github.

the code i used to make this work in the end was...

from ldap3 import Server, Connection

server = Server('ldaps://<AD server address>', use_ssl=True)
conn = Connection(server, user="<domain>\\<username>", password="<current password>", auto_bind=True)

dn = 'CN=<username>,OU=Users,DC=<dominaname>'

res = conn.extend.microsoft.modify_password(dn, old_password='<current password>', new_password='<new password>')
print(res)

Thought i'd post the working solution as there doesn't seem to be any on the internets!! God speed my fellow devops people.