views:

398

answers:

2

I have a good connection to AD. I can authenticate and check error messages from failed auths.

The issue I'm having comes from trying to change the password. I have an LDAPContext established at this point (yes it is an SSL connection). The issue comes from not knowing what value to use in the "username" parameter. I've tried all variations I can think of and end up getting one of three errors:

A) NO_OBJECT - I'm assuming this means it is connecting to AD properly but can't find what I'm looking for.

B) DIR_ERROR - I'm assuming this means it can get into AD properly but doesn't know wtf I want it to do after that.

C) Some type of ref error that only happens when I don't qualify the DC, so I think that's pretty much a given.

Here is the code I am using:

public void changePassword(String username, String password) {
 ModificationItem[] mods = new ModificationItem[1];
 String newQuotedPassword = "\"" + password + "\"";
 byte[] newUnicodePassword = newQuotedPassword.getBytes();
 try {
  newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
 } catch (UnsupportedEncodingException e) {
  e.printStackTrace();
 }
 mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
 try {

  ldapContext.modifyAttributes(username, mods);
 } catch (NamingException e) {
  System.out.println("Error changing password for '" + username + "': " + e.getMessage());
  e.printStackTrace();
 }   
}
A: 

You cannot change the password of a user by just modifying the property that stores it. Instead, you need to use a special LDAP operation SetPassword. I couldn't find a Java reference, but a C# one, and a Perl one.

Martin v. Löwis
A: 

Spring has an LDAP module that works very nicely. I'll bet it will do what you need.

duffymo