1. 技术文章
  2. Change AD user expired password in Java

Change AD user expired password in Java

让人想犯罪 __ 提交于 2019-12-04 07:08:32

问题


I'm using JNDI to change LDAP user's password. In most cases (when user's password isn't expired) this code works just fine: 

public InitialLdapContext connect(String url, String securityPrincipal, String password) throws AuthenticationException, NamingException {
        System.setProperty("javax.net.ssl.trustStore", truststore);
        Properties env = new Properties();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, url);
        env.put(Context.SECURITY_PRINCIPAL, "EE\\" + securityPrincipal);
        env.put(Context.SECURITY_CREDENTIALS, password);
        env.put(Context.SECURITY_PROTOCOL, "ssl");
        env.put("java.naming.ldap.version", "3");
        env.put(Context.REFERRAL, "follow");
        return new InitialLdapContext(env,null);
    }

But when user with expired password tries to change it my app throws:

Exception: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]
          com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
          com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
          com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
          com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
          com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
          com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
          com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)

So my question is: Is it possible to change LDAP expired passwords? If it's possible, then tell how.

Thanx for help!


回答1:


If you're using the password policy overlay you have to use the change-password extended request. It's not supported in the JDK but I've posted code for it in the Oracle Java JNDI forum.




回答2:


The problem was resolved by creating Super User in Ad, which has rights to change every AD password. And when AD user password is expired, then the Super User changes his password.



来源:https://stackoverflow.com/questions/13342808/change-ad-user-expired-password-in-java

标签
java
ldap
jndi
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!