问题
Our user store is an LDAP server called eDirectory. How do you change user passwords using System.DirectoryServices.Protocols?
回答1:
I've used code similar to this to connect to a Sun One-based LDAP to change a user's password. (Shouldn't be that different from Novell eDirectory...)
using System.DirectoryServices.Protocols;
using System.Net;
//...
// Connect to the directory:
LdapDirectoryIdentifier ldi = new LdapDirectoryIdentifier("theServerOrDirectoryName");
// You might need to specify a full DN for "theUsername" (I had to):
NetworkCredential nc = new NetworkCredential("theUsername", "theOldPassword");
// You might need to experiment with setting a different AuthType:
LdapConnection connection = new LdapConnection(ldi, nc, AuthType.Negotiate);
DirectoryAttributeModification modifyUserPassword = new DirectoryAttributeModification();
modifyUserPassword.Operation = DirectoryAttributeOperation.Replace;
modifyUserPassword.Name = "userPassword";
modifyUserPassword.Add("theNewPassword");
ModifyRequest modifyRequest = new ModifyRequest("theUsername", modifyUserPassword);
DirectoryResponse response = connection.SendRequest(modifyRequest);
回答2:
You need to remove the password and then re-add it. When I did this I used the LDAP library from Novell. You may have to play around with DirectoryEntry to get it to work.
Deleting non readable attribute from eDirectory - LDAP through ADSI/System.DirectoryServices
you might run into issues depending on the type of password you are using in eDirectory
LDAP / Universal Password with eDirectory 8.8
How to change eDirectory or Universal Password through LDAP here is an ldif sample
dn: cn=<myuser>,ou=<myou>,o=<myo>
changetype: modify
replace: userPassword
userPassword: <newPassWord>
回答3:
I agree with the approaches of two of Per Noalt and Matthew Whited. But there is one subtlty of import.
There is a difference between a user password change and an administrative password change.
If you replace the userPassword, that is an Admin password change, and depending on password policies, might expire the password right away. (eDir uses password expiry, and then a count of grace logins).
If you provide the old and new password, then you are doing a user initiated password reset.
回答4:
There is a code example for both user changing password and administrative password change using System.DirectoryServices.Protocols in the book the .net developer's guide to directory services programming. I assume that I can't paste the code example here for copyright reasons but I can recommend buying the book if you are interested working with System.DirectoryServices.Protocols and System.DirectoryServices.
来源:https://stackoverflow.com/questions/1544336/how-to-change-passwords-using-system-directoryservices-protocols