从Java程序更改Active Directory用户密码 [英] Changing Active Directory user password from java program
问题描述
我有Active Directory,其中包含用户,我正尝试通过Java程序更改用户密码,如下所示:
I have Active Directory, with Users in it, i am trying to change a users password from a Java Program as follows:
Properties prop = new Properties();
prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
prop.put(Context.SECURITY_AUTHENTICATION, "simple");
prop.put(Context.SECURITY_PRINCIPAL,"user1");
prop.put(Context.SECURITY_CREDENTIALS,"pass1");
prop.put(Context.SECURITY_PROTOCOL,"ADSecurityProtocol");
prop.put(Context.PROVIDER_URL, "ldap://host:389/OU=My Org,DC=domain,DC=com");
try
{
LdapContext ctx =new InitialLdapContext(prop,null);
String oldPassword="pass1";
String newPassword="passnew1";
ModificationItem[] mods = new ModificationItem[2];
String oldQuotedPassword = "\"" + oldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "\"" + newPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
String theUserName="CN="+"user1"+",OU=My Org,DC=domain,DC=com";
// Perform the update
ctx.modifyAttributes(theUserName, mods);
System.out.println("Changed Password for successfully");
ctx.close();
}
catch (Exception e) {
System.err.println("Problem changing password: " + e);
}
我收到的错误消息是:
Problem changing password: javax.naming.NamingException:
[LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB,
problem 5012 (DIR_ERROR), data 0]; remaining name
'CN=user1,OU=My Org,DC=domain,DC=com'
基于建议,我也尝试使用端口636和ldaps进行此操作:
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com");
Also tried
prop.put(Context.PROVIDER_URL, "ldaps://host:636/OU=My Org,DC=domain,DC=com");
I am getting MalformedURLException: Invalid URI:
Invalid URI: Org,DC=domain,DC=com]
当我尝试(不确定636是否正在监听任何内容时,似乎是tho):
When i try (not sure if anything is listening on 636, it appears it is tho):
$ telnet LDAPHost 636
Escape character is '^]'.
Connection closed by foreign host.
Changed:
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com");
to:
prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My%20Org,DC=domain,DC=com");
错误是:
javax.naming.CommunicationException: simple bind failed: host:636
[Root exception is java.net.SocketException: Connection reset]
LDAP服务器甚至没有在ssl端口636上侦听
Probably the LDAP Server is not even listening on ssl port: 636
推荐答案
[
unicodePwd
]属性可以在受限条件下写入[...]为了修改此属性,客户端必须具有与服务器的128位安全套接字层(SSL)连接.
[The
unicodePwd
] attribute can be written under restricted conditions [...] In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.
您只有一个普通的不安全的ldap://
连接,而不是ldaps://
,因此根据上述限制,该连接将不起作用.
You only have a plain unsecure ldap://
connection instead of ldaps://
, so that won't work according to the above restrictions.
有关更多详细信息,请访问: http://support.microsoft.com/kb/269190
See more details at: http://support.microsoft.com/kb/269190
这篇关于从Java程序更改Active Directory用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!