How to change passwords using System.DirectoryServices.Protocols

Our user store is an LDAP server called eDirectory. How do you change user开发者_Python百科 passwords using System.DirectoryServices.Protocols?

I've used code similar to this to connect to a Sun One-based LDAP to change a user's password. (Shouldn't be that different from Novell eDirectory...)

using System.DirectoryServices.Protocols;
using System.Net;

//...

// Connect to the directory:
LdapDirectoryIdentifier ldi = new LdapDirectoryIdentifier("theServerOrDirectoryName");
// You might need to specify a full DN for "theUsername" (I had to):
NetworkCredential nc = new NetworkCredential("theUsername", "theOldPassword");
// You might need to experiment with setting a different AuthType:
LdapConnection connection = new LdapConnection(ldi, nc, AuthType.Negotiate);

DirectoryAttributeModification modifyUserPassword = new DirectoryAttributeModification();
modifyUserPassword.Operation = DirectoryAttributeOperation.Replace;
modifyUserPassword.Name = "userPassword";
modifyUserPassword.Add("theNewPassword");

ModifyRequest modifyRequest = new ModifyRequest("theUsername", modifyUserPassword);
DirectoryResponse response = connection.SendRequest(modifyRequest);

You need to remove the password and then re-add it. When I did this I used the LDAP library from Novell. You may have to play around with DirectoryEntry to get it to work.

Deleting non readable attribute from eDirectory - LDAP through ADSI/System.DirectoryServices

you might run into issues depending on the type of password you are using in eDirectory

LDAP / Universal Password with eDirectory 8.8

How to change eDirectory or Universal Password through LDAP here is an ldif sample

dn: cn=<myuser>,ou=<myou>,o=<myo>
changetype: modify
replace: userPassword
userPassword: <newPassWord>

I agree with the approaches of two of Per Noalt and Matthew Whited. But there is one subtlty of import.

There is a difference between a user password change and an administrative password change.

If you replace the userPassword, that is an Admin password change, and depending on password policies, might expire the password right away. (eDir uses password expiry, and then a count of grace logins).

If you provide the old and new password, then you are doing a user initiated password reset.

There is a code example for both user changing password and administrative password change using System.DirectoryServices.Protocols in the book the .net developer's guide to directory services programming. I assume that I can't paste the code example here for copyright reasons but I can recommend buying the book if you are interested working with System.DirectoryServices.Protocols and System.DirectoryServices.