You can do this via ADSI by passing alternate credentials
my $objConn =
Win32::OLE->CreateObject("ADODB.Connection");
$objConn-> = "ADsDSOObject";
$objConn->Properties->{'User ID'} = $user;
$objConn->Properties->{'Password'} = $pwd;
$objConn->Open("Active Directory Provider");
my $objComm =
Win32::OLE->CreateObject("ADODB.Command");
$objComm-> = $objConn;
$objComm->{"Page Size"} = 1000;
$objComm-> = "<LDAP:{yada, yada,
yada}";
my $objRS = $objComm->Execute();
$objRS->MoveFirst;
...
If you want to do this from a non-windows platform, you will
need to use
Net::LDAP. Be forewarned that AD requires a secure LDAP
connection to
change passwords of users.
-----Original Message-----
From: activeperl-bounces listserv.ActiveState.com
[mailto:activeperl-bounceslistserv.ActiveState.com]
On Behalf Of
ianmbrick.net
Sent: Monday, July 10, 2006 4:57 PM
To: activeperllistserv.ActiveState.com
Subject: Password Reset in Active Directory via a Web form
PROBLEM:
I would like to create a Web form that "resets"
a user's lost password
in one of our walled-off domains, which uses Active
Directory in native
mode.
Since the user does not have their old password, the
Win32::NetAdmin::UserChangePassword /
Win32::AdminMisc::UserChangePassword
(Chapter 3, page 122 in the Roth book I have) functions are
not an
option.
Clearly, Win32::AdminMisc::SetPassword is preferred.
So, how do I get my Web form to "elevate
privileges" to run under an
administrative account I designate? I obviously don't want
IIS running
under an admin account all the time. What functions should
I use to
accomplish this? Is this what Win32::AdminMisc::LogonAsuser
is for, or
am I mistaken? (Chapter 9, page 450 in the Roth book)
Other question: Must IIS be running on the domain controller
for the
domain in question, or can this be done from any Web server
joined to
the domain in question?
PROBLEM CONSTRAINTS:
I would like to use Win32 or ADSI.
It appears that the domain is using the whole Active
Directory/LDAP
thing.
I've had just a smidgen of experience with LDAP, none with
Active
Directory. Will the Win32 module even work with these?
BONUSES:
It would be even better if I could control all of this from
an
Apache/Solaris box, so I don't have to worry about asking
them to put
IIS (even locked down by a firewall) on my DC or any other
box in the
domain.
Does anyone have a good Perl ADSI book to recommend?
Has anyone already written a script that is similar?
ASSORTED VISUAL BASIC FUNCTIONS AND THEIR PERL ANALOGUES:
Get the user object via LDAP
VB:
GetObject("LDAP://cn=aaaa,ou=bbbb,dc=somesubdomain,dc=
company,dc=com");
Disable an account
VB: objUser.AccountDisabled = True
Perl: "UF_ACCOUNTDISABLE" (page 108 of the Roth
Win32 book)
Enable an account
VB: objUser.AccountDisabled = False
Perl: "UF_ACCOUNTDISABLE" (page 108 of the Roth
Win32 book)
Change a password
VB: objUser.SetPassword "Something"
Win32::AdminMisc::SetPassword (page 122 of the Roth Win32
book)
Miscellaneous
VB: objUser.pwdLastSet = 0
VB: objUser.lockoutTime = 0
------------------------------------------------------
Any tips would be appreciated. I might not even be in the
right Perl
mailing list for this!
Thanks,
Ian
_______________________________________________
ActivePerl mailing list
ActivePerllistserv.ActiveState.com
To unsubscribe: http:/
/listserv.ActiveState.com/mailman/mysubs
_______________________________________________
ActivePerl mailing list
ActivePerllistserv.ActiveState.com
To unsubscribe: http:/
/listserv.ActiveState.com/mailman/mysubs
|