setting passwords via LDAPS

R

rohit mehta

Hi, I have written a perl script to set Active Directory 2003 passwords
via LDAP-SSL (using Net::LDAPS). It works when run as administrator.
The administrator can change his own or another user's password
successfully.

However, when I try to run this as a regular domain user (to set that
domain user's password), I get the error:
00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

I have the Change Password permission checked in the Active Directory
Users and Computers MMC. Is anything else required to make this work?

Please let me know if you need any more information, or if you would
like to see my perl script.

Would appreciate any advice/assistance,

Rohit Kumar Mehta
University of Connecticut
Computer Systems Manager
 
J

Joe Kaplan \(MVP - ADSI\)

To change the password (instead of reset the password), you must remove the
old password with a delete op and add the new one with an add op in the same
LDAP modify operation. This means you must have the old password. This is
what you are allowed to do when you have change password permission.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

problem seizing domain naming master 2
Insufficient Rights to Modify LDAP Policy? 3
Changing (not setting) a user password trough LDAP 0
Can't publish Windows Server 2003 Certificates in Win2k Active Directory properly 1
event id 80 & 77 certsvc 0
ADAM SCP and replication issues 0
Oops - How to recover Administrator password? 7
Step-by-Step Guide to Using Active Directory Schema and Display Specifiers 0

Top