stackoom
  简体   繁体   中英

Get reason for Password Policy Violation from Red Hat Directory Server via UnboundID LDAPSDK

 原文  2017-09-15 10:27:14       java/ apache/ redhat/ unboundid-ldap-sdk

Question

I'm trying to extract a reason why a certain password is denied, using UnboundID LDAPSDK and connecting to Red Hat Directory Server . However, after performing the following request: 

PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(userDN, currPassword, newPassword, new Control[]{new Control("1.3.6.1.4.1.42.2.27.8.5.1")});
passwordModifyExtendedRequest.setResponseTimeoutMillis(1000);
LDAPConnection ldapConnection = ldapManager.getLdapConnection();
PasswordModifyExtendedResult extendedResult = (PasswordModifyExtendedResult) ldapConnection.processExtendedOperation(passwordModifyExtendedRequest);
System.out.println(extendedResult);

I get this as a response (which is not descriptive enough): 

PasswordModifyExtendedResult(resultCode=19 (constraint violation), messageID=2, diagnosticMessage='Failed to update password', responseControls={PasswordPolicyResponseControl(errorType='insufficient password quality', isCritical=false)})

However, when I change the password via Apache Directory Studio , it provides perfectly fine error message: 

[LDAP: error code 19 - invalid password syntax - password must be at least 8 characters long]

Just for example, it returns the following when used on ApacheDS (which is fine as well): 

[LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST Message ID : 15     Modify Request         Object : 'cn=josef,ou=users,o=test'             Modification[0]                 Operation :  replace                 Modification userPassword: 0x70 0x65 0x70 0x61 org.apache.directory.api.ldap.model.message.ModifyRequestImpl@196d9db6: Password should have a minimum of 5 characters]

The question is, is there a way to get the information that Apache Directory Studio manages to get? I've tried searching through their codebase , but was unable to find it.

In other words, I need to get the "password must be at least 8 characters long" in the response somehow.

1 answers

solution1
 0 ACCPTED  2017-09-15 15:50:50

Found a solution, using a regular ModifyRequest as follows: 

// ...
import com.unboundid.util.Base64;
// ...
Modification passwordReplacementModification = new Modification(
        ModificationType.REPLACE, "userPassword",
        newPassword.getBytes());
ModifyRequest modifyRequest = new ModifyRequest(
        user.getDn(), passwordReplacementModification);
LDAPResult modifyResult = ldapManager.getLdapConnectionAsAdmin().modify(modifyRequest);

This results in the following exception: 

LDAPException(resultCode=19 (constraint violation), errorMessage='invalid password syntax - password must contain at least 1 uppercase characters', diagnosticMessage='invalid password syntax - password must contain at least 1 uppercase characters', ldapSDKVersion=4.0.1, revision='26090')

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question querying ldap server with java unboundid-ldapsdk Red Hat Directory Server - Escape special characters Hostname from Red Hat Enterprise Linux Server How to get DN and password with UnboundID Password Reset Enforcing Directory Policies with UnboundID java application deployment on tomcat server on red hat? java.lang.IllegalArgumentException in Red Hat server How to get decoded objectGUID from Active directory using UnboundID LDAP SDK in java? Is Red Hat's JBoss EAP a fork of the JBoss AS code you get from JBOSS.org? Using UnboundID SDK In-Memory Directory Server in Android App Code
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM