using CFLDAP to set passwords in Active Directory

[Joe Bickley]

Hi

Im using CFLDAP to create users in an active directory. This is working fine
however im creating accounts with blank passwords.

When i try to put something into the UnicodePwd schema item i get a nasty
error. When i searched for the error in google i came accross and article from
a Java app that said it needed to speak to the LDAP server via SSL and also
encode the password being sent.

At this point i run out of knowlege. Has any one achieved this, can you help?

Joe

[dmichailov]

Hey Joe,

Have you found a solution? I have the exact same problem with setting a password in Active Directory via LDAP - and I am running out of ideas now?

[Joe Bickley]

Hi dmichailov,

Kind of. Ok first of all you have to get SSL set up with your active
directory. Post back if your stuggling to do this and i can help, i found it to
be a huge pain in the neck! Passwords CAN NOT be set in AD/LDAP without SSL
being available.

Now i dont have the code to do it at the moment i never got round to working
it out before we ditched it in favour of asp.net however we have some coders
over from india working on a project that will include it! I will post it when
i have it as there is very little out there to help with this.

Joe

[dmichailov]

Joe,

if you could forward some working CF code, that would be awesome. I have
created the SSL connection between the CF box and the AD box. I can run other
modify or add operations via CFLDAP/SSL. So, the problem I am experiencing
seems to be either in the encodinig of the password (doesn't it need to be
unicode and then base64 encoded before being sent to AD) or somewhere in the AD
settings.

I would appreciate if you share some working code so that I can see what is
different and take it from there. The unicodePwd change call is below and the
error I get is "UNWILLING TO PERFORM"

Thanks in advance!!

<CFLDAP action="MODIFY"
server="#this.ldapServer#"
DN="#getUserDNRet#"
attributes="unicodePwd=IgBUAGUAcwB0AGkAbgBnADEAMgA zADQANQAiAA=="
modifyType="replace"
username="DOMAIN\ACCOUNTOPERATORUSERID"
password="ACCOUNTOPERATORPASSWORD"
secure="CFSSL_BASIC"
port="636"

>

[Joe Bickley]

Yeah your having the exact same problem i ran into. I could do everything but
set the password which lets face it is the most important thing!

Hope these guys can solve the problem and i will deffinately post the code.

Failing that u would have to use something else to set the password. I tried
asking macromedia directly for some help but non was given !

[Flashhhgordon]

Joe,

Do you have the code already?

Thank you in forward.

Gordon

[Wendall Mosemann]

You can set the password using <cfexecute> like so:

<cfexecute name="NET" arguments="user #sAMAccountName# Test123$ /domain"></cfexecute>

[Unregistered]

the cfexecute line is awesome and all, but what if I don't want to be running coldfusion from an account that could compromise my entire domain if someone exploits a CF flaw?
(sorry if I come from a house of "run sandboxed and at low privileges whenever possible)