How can I change password for domain user(windows Active Directory) using Python?

Question

How can I change the password for a domain user with Python? I have the ldap modules on board but have no solution. I managed to query the current settings via ldap, but how

Answer 1

Python is not my language, but changing the Active-Directory password via LDAP is something I do.

As far as your URL is concerned :

Your LDAP URL should be like :

host = 'LDAP://10.172.0.79/dc=directory,dc=example,dc=com'

With 'LDAP' and not 'ldap' and the good directory path behind.

As far as the password is concerned :

First : As far as I understand you can change the AD pasword unicode_pass only if you server has a certificate and if you contact if via LDAPS (SSL).

Second : the password is given with double qote password test.2006 becomes "test.2006".

Third : the resutl must be coded in unicode.

---

Edited :

Once you have installed Certificate Server you just have to reboot your server to have AD waiting on port 636 (LDAPS). On Python side, here is what I found :

ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l = ldap.initialize("LDAPS://10.172.0.79:636")
l.set_option(ldap.OPT_REFERRALS, 0)
l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
l.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
l.set_option( ldap.OPT_X_TLS_DEMAND, True )
l.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
l.simple_bind_s("admin@tester.com","password")