LDAP在Active Directory上更改用户密码

Question

我声明我是LDAP的完整初学者。
我必须让用户通过Android设备更改自己的密码。用户没有管理权限。
使用UnboudId LDAP SDK为Java我能够绑定到服务器并使用该代码的用户条目：

final SocketFactory _socket_factory; 
final SSLUtil _ssl_util = new SSLUtil(new TrustAllTrustManager()); 
try {    
    _socket_factory = _ssl_util.createSSLSocketFactory();    
} 
catch (Exception e) { 
    Log.e(LOG_TAG, "*** Unable to initialize ssl", e); 
} 

LDAPConnectionOptions _ldap_connection_options = new LDAPConnectionOptions(); 
_ldap_connection_options.setAutoReconnect(true); 
_ldap_connection_options.setConnectTimeoutMillis(30000); 
_ldap_connection_options.setFollowReferrals(false); 
_ldap_connection_options.setMaxMessageSize(1024*1024); 

LDAPConnection _ldap_connection = new LDAPConnection(_socket_factory, _ldap_connection_options, [host ip], 636, [username], [password]); 

Filter _filter = Filter.create("(userPrincipalName=" + [username] + ")"); 
SearchRequest _search_request = new SearchRequest([base DN], SearchScope.SUB, _filter); 
_search_request.setSizeLimit(1000); 
_search_request.setTimeLimitSeconds(30);    

SearchResult _search_result = _connection.search(_search_request); 

这工作，我得到1项，所有的相关属性。现在我的任务是用新的[新密码]更改密码[密码]。
我尝试：

这并不是由于LDAPException

LDAPException(resultCode=2 (protocol error), errorMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece��', diagnosticMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece��') 

然后我tryed

final Modification _replace_modification = new Modification(ModificationType.REPLACE, "unicodePwd", _get_quoted_string_bytes([new password])); 
LDAPResult _result = _connection.modify([found entry DN], _replace_modification);   

这并不工作，由于LDAPException

工作

LDAPException(resultCode=50 (insufficient access rights), errorMessage='00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0) 

最后我tryed

final Modification _delete_old_modification = new Modification(ModificationType.DELETE, "unicodePwd", _get_quoted_string_bytes([password])); 
final Modification _add_new_modification = new Modification(ModificationType.ADD, "unicodePwd", _get_quoted_string_bytes([new password])); 
final ArrayList<Modification> _modifications = new ArrayList<Modification>(); 
_modifications.add(_delete_old_modification); 
_modifications.add(_add_new_modification); 
LDAPResult _result = _connection.modify([found entry DN], _modifications); 

这并不工作，由于LDAPException

LDAPException(resultCode=19 (constraint violation), errorMessage='00000005: AtrErr: DSID-03190F00, #1:0: 00000005: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)��', diagnosticMessage='00000005: AtrErr: DSID-03190F00, #1: 0: 00000005: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) ��') 

，现在我没有更多的想法...任何帮助将不胜感激，提前

感谢

Answer 1

final Modification _delete_old_modification = new Modification(ModificationType.DELETE, "unicodePwd", ('"' + oldPassword + '"').getBytes("UTF-16LE")); 
final Modification _add_new_modification = new Modification(ModificationType.ADD, "unicodePwd", ('"' + newPassword + '"').getBytes("UTF-16LE")); 

窍门。

Answer 2

最后，我能够解决密码更改中的CONSTRAINT_ATT_TYPE问题。我将密码最小年龄设置为4天，所以AD不允许我更新密码。 AD为所有此类违规抛出通用错误CONSTRAINT_ATT_TYPE。将最小密码年龄设置为0（无）后，一切工作正常。 AD密码历史记录也会更新。

参考： http://www.javaxt.com/Tutorials/Windows/How_to_Authenticate_Users_with_Active_Directory