从 Java 程序更改 Active Directory 用户密码 [英] Changing Active Directory user password from java program

问题描述

我有 Active Directory，其中有用户，我正在尝试从 Java 程序更改用户密码，如下所示:

I have Active Directory, with Users in it, i am trying to change a users password from a Java Program as follows:

Properties prop = new Properties();
prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
prop.put(Context.SECURITY_AUTHENTICATION, "simple");
prop.put(Context.SECURITY_PRINCIPAL,"user1");
prop.put(Context.SECURITY_CREDENTIALS,"pass1");
prop.put(Context.SECURITY_PROTOCOL,"ADSecurityProtocol");
prop.put(Context.PROVIDER_URL, "ldap://host:389/OU=My Org,DC=domain,DC=com");
try
{
     LdapContext ctx =new InitialLdapContext(prop,null);
     String oldPassword="pass1";
     String newPassword="passnew1";
     ModificationItem[] mods = new ModificationItem[2];
     String oldQuotedPassword = """ + oldPassword + """;
     byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
     String newQuotedPassword = """ + newPassword + """;
     byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

     mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
                   new BasicAttribute("unicodePwd", oldUnicodePassword));
     mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
                   new BasicAttribute("unicodePwd", newUnicodePassword));

     String theUserName="CN="+"user1"+",OU=My Org,DC=domain,DC=com";
     // Perform the update
     ctx.modifyAttributes(theUserName, mods);
     System.out.println("Changed Password for successfully");
     ctx.close();
}
     catch (Exception e) {
          System.err.println("Problem changing password: " + e);
}

我得到的错误信息是:

Problem changing password: javax.naming.NamingException: 
[LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, 
problem 5012 (DIR_ERROR), data 0]; remaining name 
'CN=user1,OU=My Org,DC=domain,DC=com'

编辑 1:

根据建议，我也尝试过使用端口 636 和 ldaps:

prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com");  
Also tried
prop.put(Context.PROVIDER_URL, "ldaps://host:636/OU=My Org,DC=domain,DC=com");  

I am getting MalformedURLException: Invalid URI: 
Invalid URI: Org,DC=domain,DC=com] 

当我尝试时(不确定是否有任何东西在 636 上侦听，看起来是这样):

When i try (not sure if anything is listening on 636, it appears it is tho):

$ telnet LDAPHost 636
Escape character is '^]'.
Connection closed by foreign host.

编辑 2:

Changed:
 prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My Org,DC=domain,DC=com");  
to:
 prop.put(Context.PROVIDER_URL, "ldap://host:636/OU=My%20Org,DC=domain,DC=com"); 

错误是:

javax.naming.CommunicationException: simple bind failed: host:636 
[Root exception is java.net.SocketException: Connection reset]

可能 LDAP 服务器甚至没有监听 ssl 端口:636

Probably the LDAP Server is not even listening on ssl port: 636

推荐答案

[unicodePwd] 属性可以在受限条件下写入 [...] 为了修改这个属性，客户端必须有一个 128 位的安全套接字层 (SSL) 连接到服务器.

[The unicodePwd] attribute can be written under restricted conditions [...] In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.

您只有一个普通的不安全的ldap:// 连接而不是ldaps://，因此根据上述限制，这将不起作用.

You only have a plain unsecure ldap:// connection instead of ldaps://, so that won't work according to the above restrictions.

查看更多详情:http://support.microsoft.com/kb/269190

这篇关于从 Java 程序更改 Active Directory 用户密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！