我如何解决“WILL_NOT_PERFORM"问题?尝试使用 unboundid LDAP SDK 在 Scala 中更改密码时 MS AD 回复? [英] How do I resolve "WILL_NOT_PERFORM" MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

查看：37 发布时间：2021/12/7 13:26:51 java scala active-directory ldap unboundid-ldap-sdk

本文介绍了我如何解决“WILL_NOT_PERFORM"问题?尝试使用 unboundid LDAP SDK 在 Scala 中更改密码时 MS AD 回复?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在努力使用 Active Directory，试图让它让我更改密码.我找到了大量有用的信息，但我仍然收到一个持续性错误.

I'm wrestling with Active Directory, trying to get it to let me change a password. I've found tons of useful information, but I'm still getting a persistent error.

一些代码:

import com.unboundid.ldap.sdk._
import com.unboundid.util.ssl._


def main(args: Array[String]) : Unit = {

var sslUtil = new SSLUtil( new TrustAllTrustManager() )
var con = new LDAPConnection(sslUtil.createSSLSocketFactory())
con.connect("ldap.example.net", 636)
con.bind("ldapadmin", "adminpasswd")
val newPass = "Jfi8ZH8#k".getBytes("UTF-16LE");
val modRequest = new ModifyRequest("dn: cn=Tester Dude,ou=Lab,ou=Org,ou=Provider,DC=example,DC=net",
  "changetype: modify",
  "replace: unicodePwd",
  "unicodePwd: " + '"' + newPass + '"')

println("
Going to try to set password to " + newPass + " with: " + modRequest.toString())

try {
  con.modify(modRequest)
} catch {
  case lde:LDAPException => println("failed LDAPException: " + lde.toString())
}

}

所以，我认为这是一个运行时错误:

So, I get this as a runtime error:

打算尝试将密码设置为 [B@6dd1627e，其中:ModifyRequest(dn='cn=Tester Dude,ou=Lab,ou=Org,ou=Provider,DC=example,DC=net', mods={替换 unicodePwd})

Going to try to set password to [B@6dd1627e with: ModifyRequest(dn='cn=Tester Dude,ou=Lab,ou=Org,ou=Provider,DC=example,DC=net', mods={REPLACE unicodePwd})

失败的 LDAPException: LDAPException(resultCode=53 (unwilling to perform), errorMessage='0000001F: SvcErr: DSID-031A11E5, 问题 5003 (WILL_NOT_PERFORM), 数据 0',diagnosticMessage='0000001F: SvcErr: DSID-031A11E5，问题 5003 (WILL_NOT_PERFORM)，数据 0')

failed LDAPException: LDAPException(resultCode=53 (unwilling to perform), errorMessage='0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0 ', diagnosticMessage='0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0 ')

因此，我知道可能导致此错误的原因之一:

So among the things I know can cause this error:

未通过 SSL 连接.(这里不是这种情况，我已经使用 netstat 检查 100% 确定我在端口 636 上)
传递违反 Active Directory 密码政策的密码.(我已经测试过手动设置该确切密码；它会拒绝短/简单密码，但它接受我在此代码中使用的密码)

我已经尝试过在密码周围使用和不使用额外引号.

I've tried it both with and without the extra quotes around the password.

迄今为止最有用的信息来源是:

The most useful source of info thusfar was:

http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html

但我已经用尽了那里(以及许多其他地方)的所有建议.

But I've exhausted every suggestion there (and a lot of other places).

我还尝试了其他几件事，包括为手动添加的其他有效用户设置密码.(这个也是通过 sdk 添加的.)

I've also tried several other things, including setting the password for a different valid user that was added manually. (This one was added via the sdk also.)

其他操作正常.我已经删除了不相关的代码，但我可以毫无问题地搜索、打印属性、添加和删除用户；但是这个修改请求失败了.如果我将 ModifyRequest 设置为更改其他一些属性，例如关联的电子邮件，那也可以正常工作.

Other operations are working fine. I've removed the irrelevant code but I was able to search, print attributes, add, and delete a user with no problem; but this modify request fails. If I set the ModifyRequest to change some other attribute, such as the email associated, that also works fine.

连接不够安全

引自:http://support.microsoft.com/kb/269190

为了修改这个属性，客户端必须有一个到服务器的 128 位安全套接字层 (SSL) 连接.

In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.

因此，即使其他一切看起来都正确，如果连接被认为不安全，您仍然可能会收到 SvcErr: DSID-03190F4C，问题 5003 (WILL_NOT_PERFORM).

So even if everything else looks right, you may still get an SvcErr: DSID-03190F4C, problem 5003 (WILL_NOT_PERFORM) if the connection is deemed insecure.

如果您在权限不足的情况下尝试执行replace，则修改请求可能会失败.

A modify request may fail if you try to do a replace without insufficient rights.

dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd:: base64(utf16le(quoted(password)))
-

在这种情况下，您将收到 SecErr:DSID-03150E47，问题 4003 (INSUFF_ACCESS_RIGHTS).如果您尝试使用非特权帐户绑定，就会发生这种情况.

You will get an SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS) in that case. This happens if you try to bind with an unprivileged account.

有些管理员喜欢有很长的密码历史记录(例如保存的最后 24 个密码).如果您使用的是历史记录中已有的旧密码，您将获得 CONSTRAINT_ATT_TYPE.

Some admins like to have a long password history (e.g. last 24 passwords saved). You will get a CONSTRAINT_ATT_TYPE if you are using an old password that is already in the history.

保护连接

secure the connection

使用 delete-add 组合.

例如

dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
delete: unicodePwd
unicodePwd:: base64(utf16le(quoted(old password)))
-
add: unicodePwd
unicodePwd:: base64(utf16le(quoted(new password)))
-

这篇关于我如何解决“WILL_NOT_PERFORM"问题?尝试使用 unboundid LDAP SDK 在 Scala 中更改密码时 MS AD 回复?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

我如何解决“WILL_NOT_PERFORM"问题?尝试使用 unboundid LDAP SDK 在 Scala 中更改密码时 MS AD 回复? [英] How do I resolve "WILL_NOT_PERFORM" MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

问题描述

推荐答案

连接不够安全

相关文章

Java开发最新文章

热门教程

热门工具

登录关闭

我如何解决“WILL_NOT_PERFORM"问题?尝试使用 unboundid LDAP SDK 在 Scala 中更改密码时 MS AD 回复? [英] How do I resolve &quot;WILL_NOT_PERFORM&quot; MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

问题描述

推荐答案

连接不够安全

相关文章

Java开发最新文章

热门教程

热门工具

登录 关闭

我如何解决“WILL_NOT_PERFORM"问题?尝试使用 unboundid LDAP SDK 在 Scala 中更改密码时 MS AD 回复? [英] How do I resolve "WILL_NOT_PERFORM" MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

登录关闭