無法與Active Directory連接以重置密碼

Question

我是這個領域的新手，對Java也沒有太多經驗。 我被分配了此任務，我可以以簡單模式以admin身份連接並檢索信息，但無法重置密碼。 我在許多網站上發現必須為此使用ssl，但是當我得到一個

“簡單綁定失敗”

錯誤我將我的代碼發布在我所做的事情以及我注釋掉的代碼下面（我之前嘗試過）。 請請幫助。 我無法從收到的任何來源解決問題。 我使用了從服務器復制到密鑰庫中的證書。 這是使用它的正確方法嗎？ 如果我刪除ssl部分

 env.put(Context.SECURITY_PROTOCOL,"ssl");

我收到握手異常

Problem with TLS: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed


public class ActiveDirectory {
private DirContext ctx;

public boolean connect(String username,String password){
    Hashtable<String, String> env = new Hashtable<String, String>();
//      Properties env=new Properties();
    env.put(Context.SECURITY_PROTOCOL,"ssl");
    env.put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.PROVIDER_URL, "ldap://192.168.1.199:389");
    env.put(Context.REFERRAL, "follow");

    // The value of Context.SECURITY_PRINCIPAL must be the logon username
    // with the domain name
    env.put(Context.SECURITY_PRINCIPAL, username+"@xxxx.net");

    // The value of the Context.SECURITY_CREDENTIALS should be the user's
    // password
    env.put(Context.SECURITY_CREDENTIALS, password);

    try {
        // Authenticate the logon user
        ctx = new InitialLdapContext(env,null);
        return true;
    }catch(NamingException e){
        System.out.println("Error in connecting : " + e.getMessage());
        return false;
    }

}


public boolean changePasswordAdmin(String userName,String newPassword){
    try {

        //set password is a ldap modfy operation
        //Secure the session with TLS

        StartTlsResponse tls = (StartTlsResponse)((LdapContext) ctx).extendedOperation(new StartTlsRequest());
        tls.negotiate();

        //set password is a ldap modfy operation
        ModificationItem[] mods = new ModificationItem[1];

        //Replace the "unicdodePwd" attribute with a new value
        //Password must be both Unicode and a quoted string
        String newQuotedPassword = "\"" + newPassword + "\"";
        byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

        mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));

        // Perform the update
        ctx.modifyAttributes(userName, mods);

        System.out.println("Reset Password for: " + userName);
        tls.close();
        ctx.close();
        return true;
    } 
    catch (NamingException e) {
        System.out.println("Problem resetting password: " + e);
    }
    catch (UnsupportedEncodingException e) {
        System.out.println("Problem encoding password: " + e);
    }
    catch (IOException e) {
        System.out.println("Problem with TLS: " + e);
    }
    return false;
}

public static void main(String args[]) throws NamingException {
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); 
    // the keystore that holds trusted root certificates 
    System.setProperty("javax.net.ssl.trustStore", "C:\\keystore.jks"); 
    System.setProperty("javax.net.ssl.trustStorePassword", "****"); 
    System.setProperty("javax.net.ssl.keyStore", "C:\\keystore.jks"); 
    System.setProperty("javax.net.ssl.keyStorePassword", "****"); 


    ActiveDirectory d= new ActiveDirectory();
    d.connect("Administrator", "Group&Team2");
    System.out.println(d.fetchData("MG"));
    System.out.println(d.changePasswordAdmin("CN=Manager MG. Manager,OU=Manager,DC=xxxxx,DC=net", "Abcd@10"));
}
}

Answer 1

您的活動目錄沒有有效的證書。

這可能是因為根證書不是用Java導入的。

這是一個小教程，介紹如何將證書導入Java。