By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,617 Members | 1,896 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,617 IT Pros & Developers. It's quick & easy.

Deleting non readable attribute from eDirectory - LDAP through ADSI/System.DirectoryServices

P: n/a
hi,
does anyone know if it is possible to remove an attribute that can not
be read into the ADSI property cache/collection.

i'm trying to do an eDirectory password change from .net directory
services. eDirectory uses the "userPassword" property to change the
password and for a normal user, this has to be deleted and then added
to in one LDAP modify operation to successfully change the password. As
far as i know eDirectory schema does not allow this property to be
read.

i've tried doing the following, but it seems only the Add operation is
sent to the eDir server.

DirectoryEntry ldapConnection = // set to the exact user, authenticated
with old password
_ldapConnection.RefreshCache();
_ldapConnection.Properties["userPassword"].Remove(oldPassword);
_ldapConnection.Properties["userPassword"].Add(newPassword);
_ldapConnection.CommitChanges();

i've contacted the novell support forums and they suggested to check if
there's an ADSI limitation that's affecting this.

if anyone's come across this issue before or can shed some light on if
it can be done, that'll be very much appreciated.

regards
chat

May 29 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
I don't think so. ADSI doesn't want to remove items that aren't in the
property cache, so it will be difficult to convince it to do this. I don't
think you can even do it with ADSI and PutEx as the same limitation applies.
This is actually one of the reasons ADSI needs a ChangePassword method on
IADsUser. LDAP password modifications in AD have similar limitations.

You can do this with S.DS.Protocols in .NET 2.0 though. It is a little more
work, but isn't too bad. There is a sample of doing something similar in
ch. 10 of our book, which you can get as a free download. It is designed
for AD with the unicodePwd attribute which takes a special syntax, but you
can simplify it to do what you want.

HTH,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<ch********@hotmail.com> wrote in message
news:11**********************@j33g2000cwa.googlegr oups.com...
hi,
does anyone know if it is possible to remove an attribute that can not
be read into the ADSI property cache/collection.

i'm trying to do an eDirectory password change from .net directory
services. eDirectory uses the "userPassword" property to change the
password and for a normal user, this has to be deleted and then added
to in one LDAP modify operation to successfully change the password. As
far as i know eDirectory schema does not allow this property to be
read.

i've tried doing the following, but it seems only the Add operation is
sent to the eDir server.

DirectoryEntry ldapConnection = // set to the exact user, authenticated
with old password
_ldapConnection.RefreshCache();
_ldapConnection.Properties["userPassword"].Remove(oldPassword);
_ldapConnection.Properties["userPassword"].Add(newPassword);
_ldapConnection.CommitChanges();

i've contacted the novell support forums and they suggested to check if
there's an ADSI limitation that's affecting this.

if anyone's come across this issue before or can shed some light on if
it can be done, that'll be very much appreciated.

regards
chat

May 30 '06 #2

P: n/a
thanks for the info joe, as you mentioned i had tried doing the PutEx
as well and that didn't work either.

unfortunately we can't take the .net 2.0 path at the moment so we'll
have to find a work around this.

chat

May 31 '06 #3

P: n/a
In that case, you are kind of screwed. You'll need your own direct LDAP API
wrapper of some sort.

I used to have one that worked ok that was a p/invoke wrapper around
wldap32, but it did have some weird memory issues at times. If you really
wanted to look at it, I might be able to dig it up, but there aren't really
any docs or samples for it.

Best of luck,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<ch********@hotmail.com> wrote in message
news:11**********************@j55g2000cwa.googlegr oups.com...
thanks for the info joe, as you mentioned i had tried doing the PutEx
as well and that didn't work either.

unfortunately we can't take the .net 2.0 path at the moment so we'll
have to find a work around this.

chat

May 31 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.