How do I resolve “WILL_NOT_PERFORM” MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

Question

I\'m wrestling with Active Directory, trying to get it to let me change a password. I\'ve found tons of useful information, but I\'m still getting a persistent error.

Answer 1

connection not secure enough

Quote from: http://support.microsoft.com/kb/269190

In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.

So even if everything else looks right, you may still get an SvcErr: DSID-03190F4C, problem 5003 (WILL_NOT_PERFORM) if the connection is deemed insecure.

lacking admin rights

A modify request may fail if you try to do a replace without insufficient rights.

dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd:: base64(utf16le(quoted(password)))
-

You will get an SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS) in that case. This happens if you try to bind with an unprivileged account.

password history

Some admins like to have a long password history (e.g. last 24 passwords saved). You will get a CONSTRAINT_ATT_TYPE if you are using an old password that is already in the history.

regular user

1. secure the connection

2. use a delete-add combo.

e.g.

dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
delete: unicodePwd
unicodePwd:: base64(utf16le(quoted(old password)))
-
add: unicodePwd
unicodePwd:: base64(utf16le(quoted(new password)))
-