Unable to reset AD User password using python

Question

I am working on project which requires me to reset AD User password. But I have not found useful resources so far in the web.

I am using ldap3 to reset AD User password but it's not working. I have visited these links to get some idea to implement the code 1. Update Active Directory Password using ldap python 2.Python 3.5, ldap3 and modify_password() 3.https://serverfault.com/questions/937330/update-ad-password-from-python-ldap-code-insuff-access-rights/937361 4. https://ldap3.readthedocs.io/welcome.html

from ldap3 import Server, Connection, NTLM, ALL
server = Server('mydomain.com',use_ssl=True, get_info=ALL)
conn = Connection(server, user='user1', password='oldpassword', authentication=NTLM, auto_bind=True)
print(conn)

pwd = 'newpassword'
enc_pwd = '"{}"'.format(newpassword).encode('utf-16-le')
conn.modify('cn=user1, ou=ou_name, dc=mydomain, dc=com', {'unicodePwd': [(MODIFY_REPLACE, [enc_pwd])]})
print(conn.result)

Error: raise LDAPSocketOpenError('unable to open socket', exception_history) ldap3.core.exceptions.LDAPSocketOpenError: ('unable to open socket', [(LDAPSocketOpenError('socket ssl wrapping error: [WinError 10054] An existing connection was forcibly closed by the remote host'),

Answer 1

It's a network level error, in my case I was using AWS Managed AD and out of the box it does not support TLS and needed to spin up a CA to enable TLS over LDAP.

Basically LDAP is there a connection is established but when trying to lift the connection to TLS it fails because TLS was not supported on my LDAP server at the time.