![](/img/trans.png)
[英]Getting Connection reset Exception when storing/retrieving InitialLdapContext in session
[英]When Changing Password in AD through ldap and SSl Connection,its not creating InitialLdapContext ,exception:connection reset
我正在嘗試使用 LDAP 在我的站點中實現更改密碼功能。 問題:-當通過 ldap 和 SSl 連接更改 AD(服務器)中的密碼時,它沒有創建InitialLdapContext
,得到異常:連接重置。附加了異常的屏幕截圖。還添加了認證。
我也檢查了端口。 它是通過 telnet 連接的。
任何幫助表示贊賞。
public String changePassword(String username,String currentPassword, String newPassword, String
confirmPassword) {
String retVal="failed";
String domain = "edw.obc.co.in";
Properties prop = new Properties();
String LdapUserName="CN="+username ; //g
//+ "ou=users" + "dc=edw,dc=obc,dc=co,dc=in" ; g
String DomainUseName = username+"@" + domain;
prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
prop.put(Context.PROVIDER_URL, "ldap://172.xx.xx.xx:636");
prop.put(Context.SECURITY_AUTHENTICATION, "simple");
prop.put(Context.SECURITY_PROTOCOL,"ssl");
//prop.put("javax.net.ssl.truststore","C:\\Program Files\\Java\\jdk-12.0.1\\lib\\security\\cacerts");
//prop.put("javax.net.ssl.truststorePassword","changeit");
System.setProperty("javax.net.ssl.truststore", "C:\\Program Files\\Java\\jdk-12.0.1\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.truststorePassword", "changeit");
//prop.put(Context.SECURITY_PRINCIPAL,LdapUserName);
prop.put(Context.SECURITY_PRINCIPAL,"winadmin");
//prop.put("LDAP_BASEDN","ou=edw,dc=obc,dc=co.in");
prop.put(Context.SECURITY_CREDENTIALS,"wipro@123");
//prop.put(Context.SECURITY_CREDENTIALS,"wipro@123");
prop.put(Context.REFERRAL,"follow");
try
{
LdapContext ctx =new InitialLdapContext(prop,null);
System.out.print("XXXXXXXXXXXXXXXXXXXXXXXXXXX");
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration objects = null;
try {
objects=ctx.search("cn="+username+",ou=Users,"+"dc=edw"+","+"dc=obc"+","+"dc=co"+","+"dc=in", String.format("(&(objectClass=person)(sAMAccounName=%s))", LdapUserName),searchControls);
}
catch(NamingException e) {
e.printStackTrace();
}
String theUserName="cn="+username+",ou=Users";
// Perform the update
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "\"" + newPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userpassword", newUnicodePassword));
ctx.modifyAttributes(theUserName, mods);
retVal="success";
System.out.println("Changed Password for user successfull");
ctx.close();
}
catch (Exception e) {
e.printStackTrace();
System.err.println("Problem changing password: " + e);
}
return retVal;
}
private static byte[] getPasswordByteArray(String password)
{
String quotedPassword = "\"" + password + "\"";
try
{
return quotedPassword.getBytes("UTF-16LE");
}
catch(UnsupportedEncodingException e)
{
e.printStackTrace();
return null;
}
}
}
更改密碼的協議必須是ldaps
而不是ldap
:
prop.put(Context.PROVIDER_URL, "ldap://172.xx.xx.xx:636");
^^^^
另外,考慮更換:
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userpassword", newUnicodePassword));
和:
ModificationItem[] mods = {new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordBytes)),
new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordBytes))};
能夠在沒有 Active Directory 管理員權限的情況下更改用戶的密碼。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.