How to change passwords using System.DirectoryServices.Protocols

落爺英雄遲暮 提交于 2019-12-11 05:34:31

问题


Our user store is an LDAP server called eDirectory. How do you change user passwords using System.DirectoryServices.Protocols?


回答1:


I've used code similar to this to connect to a Sun One-based LDAP to change a user's password. (Shouldn't be that different from Novell eDirectory...)

using System.DirectoryServices.Protocols;
using System.Net;

//...

// Connect to the directory:
LdapDirectoryIdentifier ldi = new LdapDirectoryIdentifier("theServerOrDirectoryName");
// You might need to specify a full DN for "theUsername" (I had to):
NetworkCredential nc = new NetworkCredential("theUsername", "theOldPassword");
// You might need to experiment with setting a different AuthType:
LdapConnection connection = new LdapConnection(ldi, nc, AuthType.Negotiate);

DirectoryAttributeModification modifyUserPassword = new DirectoryAttributeModification();
modifyUserPassword.Operation = DirectoryAttributeOperation.Replace;
modifyUserPassword.Name = "userPassword";
modifyUserPassword.Add("theNewPassword");

ModifyRequest modifyRequest = new ModifyRequest("theUsername", modifyUserPassword);
DirectoryResponse response = connection.SendRequest(modifyRequest);



回答2:


You need to remove the password and then re-add it. When I did this I used the LDAP library from Novell. You may have to play around with DirectoryEntry to get it to work.

Deleting non readable attribute from eDirectory - LDAP through ADSI/System.DirectoryServices


you might run into issues depending on the type of password you are using in eDirectory

LDAP / Universal Password with eDirectory 8.8


How to change eDirectory or Universal Password through LDAP here is an ldif sample

dn: cn=<myuser>,ou=<myou>,o=<myo>
changetype: modify
replace: userPassword
userPassword: <newPassWord>



回答3:


I agree with the approaches of two of Per Noalt and Matthew Whited. But there is one subtlty of import.

There is a difference between a user password change and an administrative password change.

If you replace the userPassword, that is an Admin password change, and depending on password policies, might expire the password right away. (eDir uses password expiry, and then a count of grace logins).

If you provide the old and new password, then you are doing a user initiated password reset.




回答4:


There is a code example for both user changing password and administrative password change using System.DirectoryServices.Protocols in the book the .net developer's guide to directory services programming. I assume that I can't paste the code example here for copyright reasons but I can recommend buying the book if you are interested working with System.DirectoryServices.Protocols and System.DirectoryServices.



来源:https://stackoverflow.com/questions/1544336/how-to-change-passwords-using-system-directoryservices-protocols

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!