1. 首页
  2. 问答
  3. 改变从java程序Active Directory用户密码

改变从java程序Active Directory用户密码

2013-03-11 47 views
1

我有Active Directory中,有用户,我试图从Java程序更改用户密码如下:改变从java程序Active Directory用户密码

Properties prop = new Properties(); 
prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); 
prop.put(Context.SECURITY_AUTHENTICATION, "simple"); 
prop.put(Context.SECURITY_PRINCIPAL,"user1"); 
prop.put(Context.SECURITY_CREDENTIALS,"pass1"); 
prop.put(Context.SECURITY_PROTOCOL,"ADSecurityProtocol"); 
prop.put(Context.PROVIDER_URL, "ldap://host:389/OU=My Org,DC=domain,DC=com"); 
try 
{ 
    LdapContext ctx =new InitialLdapContext(prop,null); 
    String oldPassword="pass1"; 
    String newPassword="passnew1"; 
    ModificationItem[] mods = new ModificationItem[2]; 
    String oldQuotedPassword = "\"" + oldPassword + "\""; 
    byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE"); 
    String newQuotedPassword = "\"" + newPassword + "\""; 
    byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); 

    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
        new BasicAttribute("unicodePwd", oldUnicodePassword)); 
    mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
        new BasicAttribute("unicodePwd", newUnicodePassword)); 

    String theUserName="CN="+"user1"+",OU=My Org,DC=domain,DC=com"; 
    // Perform the update 
    ctx.modifyAttributes(theUserName, mods); 
    System.out.println("Changed Password for successfully"); 
    ctx.close(); 
} 
    catch (Exception e) { 
      System.err.println("Problem changing password: " + e); 
}

错误消息我得到的是:

Problem changing password: javax.naming.NamingException: 
[LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, 
problem 5012 (DIR_ERROR), data 0]; remaining name 
'CN=user1,OU=My Org,DC=domain,DC=com'

编辑1:

根据建议,我已经与端口636和LDAPS作为尝试这种好:

prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com"); 
Also tried 
prop.put(Context.PROVIDER_URL, "ldaps://host:636/OU=My Org,DC=domain,DC=com"); 

I am getting MalformedURLException: Invalid URI: 
Invalid URI: Org,DC=domain,DC=com]

当我尝试(不知道什么是对636听,看来它是寿):

$ telnet LDAPHost 636 
Escape character is '^]'. 
Connection closed by foreign host.

EDIT2:

Changed: 
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com"); 
to: 
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My%20Org,DC=domain,DC=com");

错误是:

javax.naming.CommunicationException: simple bind failed: host:636 
[Root exception is java.net.SocketException: Connection reset]

也许LDAP服务器没有监听SSL端口:636

来源

2013-03-11 Jasper

+0

你已经解决了这个问题? – 2016-02-23 08:27:58

回答

4

[The unicodePwd ] attribute can be written under restricted conditions [...] In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.

你只需要一个简单的不安全ldap://连接,而不是ldaps://,这样就不会根据上述限制工作。

看到更多的细节: http://support.microsoft.com/kb/269190

来源

2013-03-11 10:08:51 zagyi

+0

试过了,查看其他详细信息。我得到了一个不同的错误:MalformedURLException:无效的URI:Org,DC = domain,DC = com]。 – Jasper 2013-03-11 11:06:33

+0

我认为使用SSL安全连接除了更改网址之外还需要做更多的工作。查看一些资源[here](http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html),[here](http://docs.oracle。com/javase/jndi/tutorial/ldap/security/ssl.html#CLIENT)和[here](http://ldapwiki.willeke.com/wiki/UsingLDAPSWithJNDI)。 – zagyi 2013-03-11 11:20:11

+0

另外,你有没有尝试用url中的“%20”替换空格字符? – zagyi 2013-03-11 11:26:04

2

的JVM中执行密码更改呼叫需要通过目录服务提供商的信任。这意味着将从AD生成的证书导入到JVM信任库中。

来源

2013-04-04 14:48:13 Ozzy

0

您必须更改属性。尝试改变unicodePwduserpassword

来自:

mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
       new BasicAttribute("unicodePwd", oldUnicodePassword)); 
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
       new BasicAttribute("unicodePwd", newUnicodePassword));

到:

mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
        new BasicAttribute("userpassword", oldUnicodePassword)); 
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
        new BasicAttribute("userpassword", newUnicodePassword));

来源

2017-01-29 07:57:51 alexanderarda

相关问题

 相关问题