Java 当通过ldap和SSl连接更改AD中的密码时,不会创建InitialLdapContext,异常:连接重置
我正在尝试使用LDAP在我的站点中实现更改密码功能。 问题:-通过ldap和SSl连接更改AD(服务器)中的密码时,未创建Java 当通过ldap和SSl连接更改AD中的密码时,不会创建InitialLdapContext,异常:连接重置,java,ssl,active-directory,ldap,Java,Ssl,Active Directory,Ldap,我正在尝试使用LDAP在我的站点中实现更改密码功能。 问题:-通过ldap和SSl连接更改AD(服务器)中的密码时,未创建InitialLdapContext,获取异常:连接重置。附加了异常的屏幕截图。还添加了证书 我也检查了港口。它是通过telnet连接的 谢谢你的帮助 public String changePassword(String username,String currentPassword, String newPassword, String confirmPassword)
InitialLdapContext
,获取异常:连接重置。附加了异常的屏幕截图。还添加了证书
我也检查了港口。它是通过telnet连接的
谢谢你的帮助
public String changePassword(String username,String currentPassword, String newPassword, String
confirmPassword) {
String retVal="failed";
String domain = "edw.obc.co.in";
Properties prop = new Properties();
String LdapUserName="CN="+username ; //g
//+ "ou=users" + "dc=edw,dc=obc,dc=co,dc=in" ; g
String DomainUseName = username+"@" + domain;
prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
prop.put(Context.PROVIDER_URL, "ldap://172.xx.xx.xx:636");
prop.put(Context.SECURITY_AUTHENTICATION, "simple");
prop.put(Context.SECURITY_PROTOCOL,"ssl");
//prop.put("javax.net.ssl.truststore","C:\\Program Files\\Java\\jdk-12.0.1\\lib\\security\\cacerts");
//prop.put("javax.net.ssl.truststorePassword","changeit");
System.setProperty("javax.net.ssl.truststore", "C:\\Program Files\\Java\\jdk-12.0.1\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.truststorePassword", "changeit");
//prop.put(Context.SECURITY_PRINCIPAL,LdapUserName);
prop.put(Context.SECURITY_PRINCIPAL,"winadmin");
//prop.put("LDAP_BASEDN","ou=edw,dc=obc,dc=co.in");
prop.put(Context.SECURITY_CREDENTIALS,"wipro@123");
//prop.put(Context.SECURITY_CREDENTIALS,"wipro@123");
prop.put(Context.REFERRAL,"follow");
try
{
LdapContext ctx =new InitialLdapContext(prop,null);
System.out.print("XXXXXXXXXXXXXXXXXXXXXXXXXXX");
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration objects = null;
try {
objects=ctx.search("cn="+username+",ou=Users,"+"dc=edw"+","+"dc=obc"+","+"dc=co"+","+"dc=in", String.format("(&(objectClass=person)(sAMAccounName=%s))", LdapUserName),searchControls);
}
catch(NamingException e) {
e.printStackTrace();
}
String theUserName="cn="+username+",ou=Users";
// Perform the update
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "\"" + newPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userpassword", newUnicodePassword));
ctx.modifyAttributes(theUserName, mods);
retVal="success";
System.out.println("Changed Password for user successfull");
ctx.close();
}
catch (Exception e) {
e.printStackTrace();
System.err.println("Problem changing password: " + e);
}
return retVal;
}
private static byte[] getPasswordByteArray(String password)
{
String quotedPassword = "\"" + password + "\"";
try
{
return quotedPassword.getBytes("UTF-16LE");
}
catch(UnsupportedEncodingException e)
{
e.printStackTrace();
return null;
}
}
}更改密码的协议必须是
ldaps
而不是ldap
:
prop.put(Context.PROVIDER_URL, "ldap://172.xx.xx.xx:636");
^^^^
也可考虑更换:
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userpassword", newUnicodePassword));
与:
无法在Active Directory上无管理员权限更改用户密码。我尝试了此操作,但仍然获得javax.naming.CommunicationException:Simple bind失败:172.XX.XX.XX:636[根异常为javax.net.ssl.SSlException:连接重置]查看:对于由对等方重置的连接,似乎SSL/TLS连接存在问题
ModificationItem[] mods = {new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordBytes)),
new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordBytes))};