1. 首頁
  2. 問答
  3. 改變從java程序Active Directory用戶密碼

改變從java程序Active Directory用戶密碼

2013-03-11 76 views
1

我有Active Directory中,有用戶,我試圖從Java程序更改用戶密碼如下:改變從java程序Active Directory用戶密碼

Properties prop = new Properties(); 
prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); 
prop.put(Context.SECURITY_AUTHENTICATION, "simple"); 
prop.put(Context.SECURITY_PRINCIPAL,"user1"); 
prop.put(Context.SECURITY_CREDENTIALS,"pass1"); 
prop.put(Context.SECURITY_PROTOCOL,"ADSecurityProtocol"); 
prop.put(Context.PROVIDER_URL, "ldap://host:389/OU=My Org,DC=domain,DC=com"); 
try 
{ 
    LdapContext ctx =new InitialLdapContext(prop,null); 
    String oldPassword="pass1"; 
    String newPassword="passnew1"; 
    ModificationItem[] mods = new ModificationItem[2]; 
    String oldQuotedPassword = "\"" + oldPassword + "\""; 
    byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE"); 
    String newQuotedPassword = "\"" + newPassword + "\""; 
    byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); 

    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
        new BasicAttribute("unicodePwd", oldUnicodePassword)); 
    mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
        new BasicAttribute("unicodePwd", newUnicodePassword)); 

    String theUserName="CN="+"user1"+",OU=My Org,DC=domain,DC=com"; 
    // Perform the update 
    ctx.modifyAttributes(theUserName, mods); 
    System.out.println("Changed Password for successfully"); 
    ctx.close(); 
} 
    catch (Exception e) { 
      System.err.println("Problem changing password: " + e); 
}

錯誤消息我得到的是:

Problem changing password: javax.naming.NamingException: 
[LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, 
problem 5012 (DIR_ERROR), data 0]; remaining name 
'CN=user1,OU=My Org,DC=domain,DC=com'

編輯1:

根據建議,我已經與端口636和LDAPS作爲嘗試這種好:

prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com"); 
Also tried 
prop.put(Context.PROVIDER_URL, "ldaps://host:636/OU=My Org,DC=domain,DC=com"); 

I am getting MalformedURLException: Invalid URI: 
Invalid URI: Org,DC=domain,DC=com]

當我嘗試(不知道什麼是對636聽,看來它是壽):

$ telnet LDAPHost 636 
Escape character is '^]'. 
Connection closed by foreign host.

EDIT2:

Changed: 
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com"); 
to: 
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My%20Org,DC=domain,DC=com");

錯誤是:

javax.naming.CommunicationException: simple bind failed: host:636 
[Root exception is java.net.SocketException: Connection reset]

也許LDAP服務器沒有監聽SSL端口:636

來源

2013-03-11 Jasper

+0

你已經解決了這個問題? – 2016-02-23 08:27:58

回答

4

[The unicodePwd ] attribute can be written under restricted conditions [...] In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.

你只需要一個簡單的不安全ldap://連接,而不是ldaps://,這樣就不會根據上述限制工作。

看到更多的細節: http://support.microsoft.com/kb/269190

來源

2013-03-11 10:08:51 zagyi

+0

試過了,查看其他詳細信息。我得到了一個不同的錯誤:MalformedURLException:無效的URI:Org,DC = domain,DC = com]。 – Jasper 2013-03-11 11:06:33

+0

我認爲使用SSL安全連接除了更改網址之外還需要做更多的工作。查看一些資源[here](http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html),[here](http://docs.oracle。com/javase/jndi/tutorial/ldap/security/ssl.html#CLIENT)和[here](http://ldapwiki.willeke.com/wiki/UsingLDAPSWithJNDI)。 – zagyi 2013-03-11 11:20:11

+0

另外,你有沒有嘗試用url中的「%20」替換空格字符? – zagyi 2013-03-11 11:26:04

2

的JVM中執行密碼更改呼叫需要通過目錄服務提供商的信任。這意味着將從AD生成的證書導入到JVM信任庫中。

來源

2013-04-04 14:48:13 Ozzy

0

您必須更改屬性。嘗試改變unicodePwduserpassword

來自:

mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
       new BasicAttribute("unicodePwd", oldUnicodePassword)); 
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
       new BasicAttribute("unicodePwd", newUnicodePassword));

到:

mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
        new BasicAttribute("userpassword", oldUnicodePassword)); 
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
        new BasicAttribute("userpassword", newUnicodePassword));

來源

2017-01-29 07:57:51 alexanderarda

相關問題

 相關問題