我正在尝试使用以下命令通过 ldifde 更改当前登录用户的密码:
ldifde -i -f 密码.ldif -t 636
我的 AD 服务器以 SSL 模式运行,使用自签名证书。pwd.ldif 包含以下内容:
dn: CN=test,cn=users,dc=skenzo,dc=ad,dc=com
changeType: modify
replace: unicodePwd
unicodePwd:: InF3ZWRzYUAxMjMi
-
现在,当我以管理员身份运行命令时,此方法有效,因为存在更改密码的默认权限。但是,每个用户都应该有权更改自己的密码。这就是我尝试此方法的原因。
完整日志在此处给出:
Connecting to "<server-name>"
Logging in as current user using SSPI
Importing directory from file "pwd.ldif"
Loading entries.
Add error on entry starting on line 1: Insufficient Rights
The server side error is: 0x5 Access is denied.
The extended server error is:
00000005: SecErr: DSID-031A1190, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.