connection not secure enough
Quote from: http://support.microsoft.com/kb/269190
In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.
So even if everything else looks right, you may still get an SvcErr: DSID-03190F4C, problem 5003 (WILL_NOT_PERFORM)
if the connection is deemed insecure.
lacking admin rights
A modify request may fail if you try to do a replace
without insufficient rights.
dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd:: base64(utf16le(quoted(password)))
-
You will get an SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS)
in that case. This happens if you try to bind
with an unprivileged account.
password history
Some admins like to have a long password history (e.g. last 24 passwords saved). You will get a CONSTRAINT_ATT_TYPE
if you are using an old password that is already in the history.
regular user
-
secure the connection
-
use a
delete
–add
combo.
e.g.
dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
delete: unicodePwd
unicodePwd:: base64(utf16le(quoted(old password)))
-
add: unicodePwd
unicodePwd:: base64(utf16le(quoted(new password)))
-