|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Deleting non readable attribute from eDirectory - LDAP through ADSI/System.DirectoryServicesdoes anyone know if it is possible to remove an attribute that can not be read into the ADSI property cache/collection. i'm trying to do an eDirectory password change from .net directory services. eDirectory uses the "userPassword" property to change the password and for a normal user, this has to be deleted and then added to in one LDAP modify operation to successfully change the password. As far as i know eDirectory schema does not allow this property to be read. i've tried doing the following, but it seems only the Add operation is sent to the eDir server. DirectoryEntry ldapConnection = // set to the exact user, authenticated with old password _ldapConnection.RefreshCache(); _ldapConnection.Properties["userPassword"].Remove(oldPassword); _ldapConnection.Properties["userPassword"].Add(newPassword); _ldapConnection.CommitChanges(); i've contacted the novell support forums and they suggested to check if there's an ADSI limitation that's affecting this. if anyone's come across this issue before or can shed some light on if it can be done, that'll be very much appreciated. regards chat I don't think so. ADSI doesn't want to remove items that aren't in the
property cache, so it will be difficult to convince it to do this. I don't think you can even do it with ADSI and PutEx as the same limitation applies. This is actually one of the reasons ADSI needs a ChangePassword method on IADsUser. LDAP password modifications in AD have similar limitations. You can do this with S.DS.Protocols in .NET 2.0 though. It is a little more work, but isn't too bad. There is a sample of doing something similar in ch. 10 of our book, which you can get as a free download. It is designed for AD with the unicodePwd attribute which takes a special syntax, but you can simplify it to do what you want. HTH, Joe K. -- Show quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- <chat_de***@hotmail.com> wrote in message news:1148942492.935485.229550@j33g2000cwa.googlegroups.com... > hi, > does anyone know if it is possible to remove an attribute that can not > be read into the ADSI property cache/collection. > > i'm trying to do an eDirectory password change from .net directory > services. eDirectory uses the "userPassword" property to change the > password and for a normal user, this has to be deleted and then added > to in one LDAP modify operation to successfully change the password. As > far as i know eDirectory schema does not allow this property to be > read. > > i've tried doing the following, but it seems only the Add operation is > sent to the eDir server. > > DirectoryEntry ldapConnection = // set to the exact user, authenticated > with old password > _ldapConnection.RefreshCache(); > _ldapConnection.Properties["userPassword"].Remove(oldPassword); > _ldapConnection.Properties["userPassword"].Add(newPassword); > _ldapConnection.CommitChanges(); > > i've contacted the novell support forums and they suggested to check if > there's an ADSI limitation that's affecting this. > > if anyone's come across this issue before or can shed some light on if > it can be done, that'll be very much appreciated. > > regards > chat > thanks for the info joe, as you mentioned i had tried doing the PutEx
as well and that didn't work either. unfortunately we can't take the .net 2.0 path at the moment so we'll have to find a work around this. chat In that case, you are kind of screwed. You'll need your own direct LDAP API
wrapper of some sort. I used to have one that worked ok that was a p/invoke wrapper around wldap32, but it did have some weird memory issues at times. If you really wanted to look at it, I might be able to dig it up, but there aren't really any docs or samples for it. Best of luck, Joe K. -- Show quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- <chat_de***@hotmail.com> wrote in message news:1149035024.351644.176060@j55g2000cwa.googlegroups.com... > thanks for the info joe, as you mentioned i had tried doing the PutEx > as well and that didn't work either. > > unfortunately we can't take the .net 2.0 path at the moment so we'll > have to find a work around this. > > chat >  |
|||||||||||||||||||||||
Other interesting topics