Java – Active Directory password reset without SSL

Java

I tried to reset the password of an active directory user without SSL Through this link, we can learn that the impulse of SSL can be disabled in AD But use this Code:

import javax.naming.*; 
import javax.naming.directory.*; 
import javax.naming.ldap.*; 
import java.util.*; 
import java.security.*; 
public class ADConnection { 
DirContext ldapContext; 
String baseName = ",cn=users,DC=fabrikam,DC=com"; 
String serverIP = "10.1.1.7"; 
public ADConnection() { 
try { 
Hashtable ldapEnv = new Hashtable(11); 
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); 
ldapEnv.put(Context.PROVIDER_URL,"ldap://" + serverIP + ":389"); 
ldapEnv.put(Context.Security_AUTHENTICATION,"simple"); 
ldapEnv.put(Context.Security_PRINCIPAL,"cn=administrator" + baseName); 
ldapEnv.put(Context.Security_CREDENTIALS,"PA$$w0rd"); 
ldapContext = new InitialDirContext(ldapEnv); 
} 
catch (Exception e) { 
System.out.println(" bind error: " + e); 
e.printStackTrace(); 
System.exit(-1); 
} 
} 
public void updatePassword(String username,String password) { 
try { 
String quotedPassword = "\"" + password + "\""; 
char unicodePwd[] = quotedPassword.tocharArray(); 
byte pwdArray[] = new byte[unicodePwd.length * 2]; 
for (int i=0; i<unicodePwd.length; i++) { 
pwdArray[i*2 + 1] = (byte) (unicodePwd[i] >>> 8); 
pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff); 
} 
ModificationItem[] mods = new ModificationItem[1]; 
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("UnicodePwd",pwdArray)); 
ldapContext.modifyAttributes("cn=" + username + baseName,mods); 
} 
catch (Exception e) { 
System.out.println("update password error: " + e); 
System.exit(-1); 
} 
} 
public static void main(String[] args) { 
ADConnection adc = new ADConnection(); 
adc.updatePassword("Java User2",pass@word3); 
} 
}

Cause:

javax.naming.OperationNotSupported: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190F0A,problem 5003 (WILL_NOT_PERFORM)....

Assuming that we can trust Microsoft documents (passwords can be reset through non SSL port 389), I doubt the Java API and want to use sockets to establish a direct connection with AD and run the reset password command. In fact, I am looking for an alternative method, javax *. In naming Is that possible? Has anyone tried to SSL reset the ad password?

P. S: application server and ad server are in a private security network. I'm not worried about sniffing

Solution

Windows does not allow changing passwords in active directory on normal LDAP

Sometimes you may encounter the following exceptions:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190F4C,problem 5003 (WILL_NOT_PERFORM),data 0 ]

Solution: use SSL certificate

Further reading

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>