Fatal编程技术网
  • android/
  • Android LDAP正在更改Active Directory上的用户密码

Android LDAP正在更改Active Directory上的用户密码

android active-directory passwords

Android LDAP正在更改Active Directory上的用户密码,android,active-directory,passwords,unboundid-ldap-sdk,Android,Active Directory,Passwords,Unboundid Ldap Sdk,我声明我是LDAP的完全初学者。 我必须让用户通过安卓设备更改自己的密码。用户没有管理权限。 使用for Java,我可以绑定到服务器并使用以下代码获取用户条目: final SocketFactory _socket_factory; final SSLUtil _ssl_util = new SSLUtil(new TrustAllTrustManager()); try { _socket_factory = _ssl_util.createSSLSock

我声明我是LDAP的完全初学者。 我必须让用户通过安卓设备更改自己的密码。用户没有管理权限。 使用for Java,我可以绑定到服务器并使用以下代码获取用户条目:

final SocketFactory _socket_factory;
final SSLUtil _ssl_util = new SSLUtil(new TrustAllTrustManager());
try {               
  _socket_factory = _ssl_util.createSSLSocketFactory();             
}
catch (Exception e) {
  Log.e(LOG_TAG, "*** Unable to initialize ssl", e);
}

LDAPConnectionOptions _ldap_connection_options = new LDAPConnectionOptions();
_ldap_connection_options.setAutoReconnect(true);
_ldap_connection_options.setConnectTimeoutMillis(30000);
_ldap_connection_options.setFollowReferrals(false);
_ldap_connection_options.setMaxMessageSize(1024*1024);

LDAPConnection _ldap_connection = new LDAPConnection(_socket_factory, _ldap_connection_options, [host ip], 636, [username], [password]);

Filter _filter = Filter.create("(userPrincipalName=" + [username] + ")");
SearchRequest _search_request = new SearchRequest([base DN], SearchScope.SUB, _filter);
_search_request.setSizeLimit(1000);
_search_request.setTimeLimitSeconds(30);            

SearchResult _search_result = _connection.search(_search_request);
这是可行的,我得到1个条目和所有相关属性。现在我的任务是用新的[新密码]更改密码[密码]。 我的尝试:

PasswordModifyExtendedRequest _password_modify_request = new PasswordModifyExtendedRequest([found entry DN], [password], [new password]);
PasswordModifyExtendedResult _password_modify_result = (PasswordModifyExtendedResult)_ldap_connection.processExtendedOperation(_password_modify_request);
由于LDAPException,这不起作用

LDAPException(resultCode=2 (protocol error), errorMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece��', diagnosticMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece��')

LDAPException(resultCode=50 (insufficient access rights), errorMessage='00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0)

LDAPException(resultCode=19 (constraint violation), errorMessage='00000005: AtrErr: DSID-03190F00, #1:0: 00000005: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)��', diagnosticMessage='00000005: AtrErr: DSID-03190F00, #1: 0: 00000005: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) ��')
那我试过了

final Modification _replace_modification = new Modification(ModificationType.REPLACE, "unicodePwd", _get_quoted_string_bytes([new password]));
LDAPResult _result = _connection.modify([found entry DN], _replace_modification);
由于LDAPException,这不起作用

LDAPException(resultCode=2 (protocol error), errorMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece��', diagnosticMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece��')

LDAPException(resultCode=50 (insufficient access rights), errorMessage='00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0)

LDAPException(resultCode=19 (constraint violation), errorMessage='00000005: AtrErr: DSID-03190F00, #1:0: 00000005: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)��', diagnosticMessage='00000005: AtrErr: DSID-03190F00, #1: 0: 00000005: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) ��')
我终于试过了

final Modification _delete_old_modification = new Modification(ModificationType.DELETE, "unicodePwd", _get_quoted_string_bytes([password]));
final Modification _add_new_modification = new Modification(ModificationType.ADD, "unicodePwd", _get_quoted_string_bytes([new password]));
final ArrayList<Modification> _modifications = new ArrayList<Modification>();
_modifications.add(_delete_old_modification);
_modifications.add(_add_new_modification);
LDAPResult _result = _connection.modify([found entry DN], _modifications);
现在我没有更多的想法。。。任何帮助都将不胜感激,提前感谢

final Modification _delete_old_modification = new Modification(ModificationType.DELETE, "unicodePwd", ('"' + oldPassword + '"').getBytes("UTF-16LE"));
final Modification _add_new_modification = new Modification(ModificationType.ADD, "unicodePwd", ('"' + newPassword + '"').getBytes("UTF-16LE"));
成功了

成功了。

最后,我能够解决密码更改中的约束类型问题。我已经将密码的最短使用期限设置为4天,所以广告不允许我更新密码。AD为所有此类违规行为抛出通用错误约束类型。将最小密码期限设置为0无后,一切正常。广告密码历史记录也会更新

参考:

最后,我能够解决密码更改中的约束类型问题。我已经将密码的最短使用期限设置为4天,所以广告不允许我更新密码。AD为所有此类违规行为抛出通用错误约束类型。将最小密码期限设置为0无后,一切正常。广告密码历史记录也会更新

参考: