Deleting non readable attribute from eDirectory - LDAP through ADSI/System.DirectoryServices

C

chat_devil

hi,
does anyone know if it is possible to remove an attribute that can not
be read into the ADSI property cache/collection.

i'm trying to do an eDirectory password change from .net directory
services. eDirectory uses the "userPassword" property to change the
password and for a normal user, this has to be deleted and then added
to in one LDAP modify operation to successfully change the password. As
far as i know eDirectory schema does not allow this property to be
read.

i've tried doing the following, but it seems only the Add operation is
sent to the eDir server.

DirectoryEntry ldapConnection = // set to the exact user, authenticated
with old password
_ldapConnection.RefreshCache();
_ldapConnection.Properties["userPassword"].Remove(oldPassword);
_ldapConnection.Properties["userPassword"].Add(newPassword);
_ldapConnection.CommitChanges();

i've contacted the novell support forums and they suggested to check if
there's an ADSI limitation that's affecting this.

if anyone's come across this issue before or can shed some light on if
it can be done, that'll be very much appreciated.

regards
chat
 
J

Joe Kaplan \(MVP - ADSI\)

I don't think so. ADSI doesn't want to remove items that aren't in the
property cache, so it will be difficult to convince it to do this. I don't
think you can even do it with ADSI and PutEx as the same limitation applies.
This is actually one of the reasons ADSI needs a ChangePassword method on
IADsUser. LDAP password modifications in AD have similar limitations.

You can do this with S.DS.Protocols in .NET 2.0 though. It is a little more
work, but isn't too bad. There is a sample of doing something similar in
ch. 10 of our book, which you can get as a free download. It is designed
for AD with the unicodePwd attribute which takes a special syntax, but you
can simplify it to do what you want.

HTH,

Joe K.
 
C

chat_devil

thanks for the info joe, as you mentioned i had tried doing the PutEx
as well and that didn't work either.

unfortunately we can't take the .net 2.0 path at the moment so we'll
have to find a work around this.

chat
 
J

Joe Kaplan \(MVP - ADSI\)

In that case, you are kind of screwed. You'll need your own direct LDAP API
wrapper of some sort.

I used to have one that worked ok that was a p/invoke wrapper around
wldap32, but it did have some weird memory issues at times. If you really
wanted to look at it, I might be able to dig it up, but there aren't really
any docs or samples for it.

Best of luck,

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to fetch attributes of LDAP entry? 3
LDAP Search 1
Accessing LDAP through VB 1
LDAP search 1
System.DirectoryServices - Constraint violation 5
LDAP Search 1
help with directoryentry WinNT 0
Active Directory LDAP PwdLastSet attribute 3

Top