如何在Ldap中将用户帐户控制属性固定为512
[英]How to fix the user account control attribute to 512 in Ldap
问题描述
Using Java code I am trying to crate user in AD LDAP but I am not able to set the userAccountControl status to 512 though I am trying to pass the status as 512 through my code but the user is created with different userAccountControl status as 544. 
使用Java代码,我试图在AD LDAP中创建用户,但是我无法通过代码将userAccountControl状态设置为512,但我将userAccountControl状态设置为512,但是创建的用户具有不同的userAccountControl状态,即544。
And when the user is created I am not able to login with his id (DN) and password into LDAP. 创建用户后,我无法使用其ID(DN)和密码登录LDAP。
I am using the code : 我正在使用代码:
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "Password@1"));
Is there any other way I can set the userAccountControl to 512? 还有其他方法可以将userAccountControl设置为512吗?
1 个解决方案
解决方案1
1 2019-08-17 19:50:31
A userAccountControl value of 544 is 512 + 32, which means NORMAL_ACCOUNT + PASSWD_NOTREQD , probably because it doesn't have a password when you created it. userAccountControl值544为512 + 32,这意味着 NORMAL_ACCOUNT + PASSWD_NOTREQD ,可能是因为在创建密码时没有密码。 You can't set it to 512 if it doesn't have a password. 如果没有密码,则不能将其设置为512。
Setting the password has to be done in a second step, after you create the account. 创建帐户后,必须在第二步中设置密码。 AD is a bit weird in that the userPassword attribute even exists, when it only sometimes behaves as you imagine it should. AD有点奇怪,因为userPassword属性有时甚至按照您想象的那样运行,甚至存在。 You can read about that here if you want. 如果需要,可以在这里阅读。 But you would be better off just setting unicodePwd instead, which always works the same way, although it is a bit of a weird format. 但是您最好只设置unicodePwd ,它总是以相同的方式工作,尽管它有点奇怪。
There is a Java example of doing this here : 有这样的Java示例在这里 :
public void updateUserPassword(String username, String password)
{
try
{
System.out.println("updating password...\n");
String quotedPassword = "\"" + password + "\"";
char unicodePwd[] = quotedPassword.toCharArray();
byte pwdArray[] = new byte[unicodePwd.length * 2];
for (int i = 0; i < unicodePwd.length; i++)
{
pwdArray[i * 2 + 1] = (byte) (unicodePwd[i] >>> 8);
pwdArray[i * 2 + 0] = (byte) (unicodePwd[i] & 0xff);
}
System.out.print("encoded password: ");
for (int i = 0; i < pwdArray.length; i++)
{
System.out.print(pwdArray[i] + " ");
}
System.out.println();
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("UnicodePwd", pwdArray));
ldapContext.modifyAttributes("cn=" + username + BASE_NAME, mods);
}
catch (Exception e)
{
System.out.println("update password error: " + e);
}
}
Note that you must be using LDAPS (LDAP over SSL, usually on port 636) to be able to set the password. 请注意,您必须使用LDAPS(LDAP over SSL,通常在端口636上)才能设置密码。
You can set the userAccountControl to 512 in the same request where you set the password. 您可以在设置密码的同一请求中将userAccountControl设置为512。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.