I will test on a rig with SSL.
> A few thoughts. If the error is raised on the GetObject
> statement, then the binding string is wrong. No admin
> privileges are needed to bind to the user object. However,
> you seem to have ruled this out.
> I assume the user is already authenticated. If not, you
> will have to use alternate credentials with OpenDSObject.
> If the error is raised on objUser.ChangePassword, then
> perhaps there is not a SSL connection. Changing passwords
> is the only time a SSL connection is required.
> >-----Original Message-----
> >Thanks for your comments Richard,
> >I haven't had a problem with my binding string with any
> of my other
> >adsi code but I took on your suggestions and reconfigured
> my binding
> >string as suggested.
> >In my system my cn is always the same as the
> SamAccountName so I don't
> >think the problem is there.
> >I use serverless binding to derive the domain and use a
> constant for
> >the ou name.
> >My LDAP string is now as below:
> > "LDAP://cn=UserName,ou=MyOU,dc=MyDomain,dc=com"
> >but I still get the same error.
> >> Hi,
> >> I believe your problem is with the binding string used
> >> with the LDAP provider. Examples for strUserPath would
> >> similar to:
> >> "LDAP://cn=UserName,ou=Sales,dc=MyDomain,dc=com"
> >> "LDAP://cn=Joe Smith,cn=users,dc=MyDomain,dc=com"
> >> I would guess that UserName in your code is the NT user
> >> name, also called the pre-Windows 2000 logon name (the
> >> sAMAccountName). LDAP requires the cn (common name)
> >> instead. Also, strDomain is the NetBIOS domain name,
> >> may or may not match what I called "MyDomain" above.
> >> need to determine the Distinguished Name of the user to
> >> bind with LDAP, which is the cn (common name) of the
> >> and the full path of the user object in Active
> >> If the client is W2k or XP, you should be able to use
> >> ADSystemInfo object:
> >> Set oSysInfo = CreateObject("ADSystemInfo")
> >> sUserAdsPath = oSysInfo.UserName
> >> Set oUser = GetObject("LDAP://" & sUserAdsPath)
> >> If the clients are NT or Win9x, you can use the
> >> NameTranslate object to convert your UserName and
> >> strDomain:
> >> Set oTrans = CreateObject("NameTranslate")
> >> oTrans.Init 1, strDomain
> >> oTrans.Set 2, strDomain & "\" & UserName
> >> sAdsPath = oTrans.Get(1)
> >> Set oUser = GetObject("LDAP://" & sAdsPath)
> >> Richard
> >> >-----Original Message-----
> >> >Hi,
> >> >I'm trying to change the password of a user using VB
> ADSI with the
> >> >LDAP provider. The VB is built as a COM component and
> running as a
> >> >server application and has an identity set to a user
> account with
> >> >administrative rights.
> >> >The method call is from an ASP page where a user types
> the relevant
> >> >information to change their password.
> >> >My code in brief is as below :
> >> > strUserPath = "LDAP://" & strDomain & "/CN=" &
> UserName & "," &
> >> >strContainer
> >> > Set objUser = GetObject(strUserPath)
> >> > objUser.ChangePassword OldPassword, NewPassword
> >> >which results in the following error :
> >> > Error Number : -2147023545 (0x80070547)
> >> > Description : Automation error
> >> > Configuration information could not be read from
> >> >controller, either because the machine is
> unavailable, or access
> >> >has been denied.
> >> >The security error that occurs on the DC is as
> follows :
> >> >Event Type: Failure Audit
> >> >Event Source: Security
> >> >Event Category: Account Logon
> >> >Event ID: 681
> >> >Date: 04/02/2003
> >> >Time: 10:12:47
> >> >User: NT AUTHORITY\SYSTEM
> >> >Computer: CRISDVLPDC
> >> >Description:
> >> >The logon to account: 100099
> >> > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> >> > from workstation: GBCRISS193
> >> > failed. The error code was: 3221226020
> >> >The error code translates to User Logon with 'Change
> Password at Next
> >> >Logon' Flagged.
> >> >This works no problem with the WinNT provider but I
> to use the
> >> >LDAP provider.
> >> >Any thoughts or suggestions are most welcome
> >> >Paul Jackson
> >> >.