通过UnboundID LDAPSDK从Red Hat Directory Server获取违反密码策略的原因
[英]Get reason for Password Policy Violation from Red Hat Directory Server via UnboundID LDAPSDK
问题描述
I'm trying to extract a reason why a certain password is denied, using UnboundID LDAPSDK and connecting to Red Hat Directory Server . 
我试图使用UnboundID LDAPSDK并连接到Red Hat Directory Server来提取拒绝某个密码的原因。 However, after performing the following request: 但是,执行以下请求后:
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(userDN, currPassword, newPassword, new Control[]{new Control("1.3.6.1.4.1.42.2.27.8.5.1")});
passwordModifyExtendedRequest.setResponseTimeoutMillis(1000);
LDAPConnection ldapConnection = ldapManager.getLdapConnection();
PasswordModifyExtendedResult extendedResult = (PasswordModifyExtendedResult) ldapConnection.processExtendedOperation(passwordModifyExtendedRequest);
System.out.println(extendedResult);
I get this as a response (which is not descriptive enough): 我将其作为响应(描述性不足):
PasswordModifyExtendedResult(resultCode=19 (constraint violation), messageID=2, diagnosticMessage='Failed to update password', responseControls={PasswordPolicyResponseControl(errorType='insufficient password quality', isCritical=false)})
However, when I change the password via Apache Directory Studio , it provides perfectly fine error message: 但是,当我通过Apache Directory Studio更改密码时,它会提供非常好的错误消息:
[LDAP: error code 19 - invalid password syntax - password must be at least 8 characters long]
Just for example, it returns the following when used on ApacheDS (which is fine as well): 例如,在ApacheDS上使用时,它返回以下内容(也可以):
[LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST Message ID : 15 Modify Request Object : 'cn=josef,ou=users,o=test' Modification[0] Operation : replace Modification userPassword: 0x70 0x65 0x70 0x61 org.apache.directory.api.ldap.model.message.ModifyRequestImpl@196d9db6: Password should have a minimum of 5 characters]
The question is, is there a way to get the information that Apache Directory Studio manages to get? 问题是,有没有办法获取Apache Directory Studio设法获取的信息? I've tried searching through their codebase , but was unable to find it. 我尝试搜索他们的代码库 ,但找不到它。
In other words, I need to get the "password must be at least 8 characters long" in the response somehow. 换句话说,我需要以某种方式获得“密码必须至少8个字符长” 。
1 个解决方案
解决方案1
0 已采纳 2017-09-15 15:50:50
Found a solution, using a regular ModifyRequest as follows: 使用常规的ModifyRequest找到了一个解决方案,如下所示:
// ...
import com.unboundid.util.Base64;
// ...
Modification passwordReplacementModification = new Modification(
ModificationType.REPLACE, "userPassword",
newPassword.getBytes());
ModifyRequest modifyRequest = new ModifyRequest(
user.getDn(), passwordReplacementModification);
LDAPResult modifyResult = ldapManager.getLdapConnectionAsAdmin().modify(modifyRequest);
This results in the following exception: 这导致以下异常:
LDAPException(resultCode=19 (constraint violation), errorMessage='invalid password syntax - password must contain at least 1 uppercase characters', diagnosticMessage='invalid password syntax - password must contain at least 1 uppercase characters', ldapSDKVersion=4.0.1, revision='26090')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.