How to retrieve UnicodePwd attribute over LDAP?
Jan Solarek
local Document Management System. So I would like to store in our database
password of users in OWF.
Username, description etc. I can obtain by LDAP well but UnicodePwd no.
I tested Ldap over SSL, but again nothing. I found many examples how to
change password, but no one to get UnicodePwd string.
I can't get UnicodePwd nor by ldp.exe.
Can anyone help me with this problem?
Any help will be appreciated
Regards,
Jan
// Get the firt attribute name.
pAttribute = ldap_first_attribute(
m_pLdapConnection, // Session handle
m_pEntry, // Current entry
&pBer); // [out] Current BerElement
// Output all the attribute names for the current object
// and output values for the first 2 attributes.
while(pAttribute != NULL)
{
ppValue = ldap_get_values(
m_pLdapConnection, // Session Handle
m_pEntry, // Current entry
pAttribute); // Current attribute
if ( strcmp(pAttribute ,"cn") == 0 )
{
tUser->sUserLogin.sprintf("%s", *ppValue);
}
else if ( strcmp(pAttribute ,"unicodepwd") == 0 )
{
tUser->sUserPassword.sprintf("%s", *ppValue);
}
Joe Kaplan (MVP - ADSI)
The only way that you may be able to get around this that I know of is to
run as the SYSTEM account on a domain controller, but I'm not sure if that
will work either.
Joe K.
"Jan Solarek" <sol...@atlas.cz> wrote in message
news:OYNyJp0a...@TK2MSFTNGP10.phx.gbl...
Dmitri Gavrilov [MSFT]
hashes.
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Joe Kaplan (MVP - ADSI)" <joseph....@removethis.accenture.com> wrote
in message news:#YnCua1a...@TK2MSFTNGP11.phx.gbl...
Joe Kaplan (MVP - ADSI)
good that does him). Is it possible to get that with the SYSTEM account?
Joe K.
"Dmitri Gavrilov [MSFT]" <dmi...@online.microsoft.com> wrote in message
news:Ongo6C3a...@TK2MSFTNGP10.phx.gbl...
Joe Richards [MVP]
won't do it. The hash is worthless for this purpose though, he can't do any
syncronization with it.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI)
Joe K.
"Joe Richards [MVP]" <humore...@hotmail.com> wrote in message
news:u6KHviAb...@TK2MSFTNGP11.phx.gbl...
Dmitri Gavrilov [MSFT]
think it can read the hash that way. But I never actually looked at this in
detail.
Another option is to use a pwd filter on the DC -- this is how MIIS works
(or is going to work in the next release? not sure). This way you intercept
clear-text pwd on the way in. But it is only accessible when the user
changes the pwd.
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Joe Kaplan (MVP - ADSI)" <joseph....@removethis.accenture.com> wrote
in message news:On21#8BbEH...@TK2MSFTNGP12.phx.gbl...
Jan Solarek
So result for me is => It is not possible to do this over LDAP. Is it
right?
Can you tell me how other software do this? What I should use to
synchronize user's passwords ?
Marc Scheuner
>right?
Yes.
> Can you tell me how other software do this? What I should use to
>synchronize user's passwords ?
As Joe and Dmitri already mentioned - you'd either have to hook deep
into LSASS and inject a library of yours into that process, or you'd
have to write a password filter for use on your server(s).
Marc
________________________________________________________________
Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
Microsoft MVP for Directory Services Programming
http://www.dirteam.com/blogs/mscheuner/default.aspx
Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
Joe Richards [MVP]
Controller.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net