[英]Force password change on next login with Active Directory using Apache LDAP API
我們使用 Active Directory (AD),當添加用戶時,他們會設置密碼和一個標志來強制執行“用戶必須在下次登錄時更改密碼”,這會導致 AD 屬性pwdLastSet=0
I have a Java application using Apache LDAP API to authenticate but when I am doing that I get error code 49 INVALID_CREDENTIALS and no indication to change password.
我如何使用 Apache LDAP API 檢測到用戶必須先更改密碼?
我的簡單身份驗證器:
public void authenticate(String uid, String password) {
String status = "";
try {
LdapConnectionConfig config = new LdapConnectionConfig();
config.setUseSsl(true);
config.setLdapHost("activedirectory.domain.net");
config.setLdapPort(636);
config.setTrustManagers(new NoVerificationTrustManager());
config.setName(_ldapMgmtUser);
config.setCredentials(_ldapMgmtPassword);
final DefaultPoolableLdapConnectionFactory factory = new DefaultPoolableLdapConnectionFactory(config);
final LdapConnectionPool pool = new LdapConnectionPool(factory);
pool.setTestOnBorrow(true);
final LdapConnectionTemplate ldapConnectionTemplate = new LdapConnectionTemplate(pool);
final PasswordWarning warning = ldapConnectionTemplate.authenticate(_rootDn, "(sAMAccountName=" + uid + ")",
SearchScope.SUBTREE, password.toCharArray());
status = "User credentials authenticated";
if (warning != null) {
status = status + " \n Warning!!" + warning.toString();
}
System.out.println(status);
} catch (final PasswordException e) {
System.err.println("############# PasswordException #############");
status = e.toString();
e.printStackTrace();
} catch (Exception e) {
System.err.println("############# Exception #############");
e.printStackTrace();
} finally {
}
return;
}
我注意到,當使用LdapConnectionTemplate和authenticate(...) (如上)時,它不會在異常中返回任何有用的錯誤代碼,也不會返回PasswordWarning 。 這種情況不應該返回PasswordWarning嗎? https://nightlies.apache.org/directory/api/2.0.1/apidocs/org/apache/directory/ldap/client/template/PasswordWarning.ZFC35FDC70D5FC69D2769883A82E
如果我使用: LdapNetworkConnection和connection.bind(...)它會返回帶有消息LdapException的80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 773, v3839 ,其中 773 是預期的。
感覺 LdapConnectionTemplate 有一個(幾個)錯誤。
完整代碼:
public void authenticateWithBind(String uid, String password) {
String status = "";
LdapConnection connection = null;
try {
LdapConnectionConfig config = new LdapConnectionConfig();
config.setUseSsl(true);
config.setLdapHost("activedirectory.domain.net");
config.setLdapPort(636);
config.setTrustManagers(new NoVerificationTrustManager());
config.setName(_ldapMgmtUser);
config.setCredentials(_ldapMgmtPassword);
connection = new LdapNetworkConnection(config);
connection.bind(_ldapMgmtUser, _ldapMgmtPassword);
EntryCursor cursor = connection.search(_rootDn, "(sAMAccountName=" + uid + ")", SearchScope.SUBTREE, "*");
while (cursor.next()) {
Entry entry = cursor.get();
System.out.println("DN: " + entry.getDn());
System.out.println("Attribute: " + entry.get("pwdLastSet"));
connection.bind(entry.getDn(), password);
status = "User credentials authenticated";
System.out.println(status);
}
} catch (LdapException e) {
System.err.println("############# LdapException #############");
e.printStackTrace();
System.err.println("Error message: " + e.getMessage());
} catch (Exception e) {
System.err.println("############# Exception #############");
e.printStackTrace();
System.err.println("Error message: " + e.getMessage());
} finally {
closeConnection(connection);
}
return;
}
Java使用Apache Directory的LDAP API調用Active Directory
[英]Java calling Active Directory using Apache Directory's LDAP API
使用Apache LDAP API從Active Director檢索當前密碼
[英]Retrieve current password from Active director using Apache LDAP API
我可以從LDAP更改自己的Active Directory密碼(沒有管理帳戶)
[英]Can I change myself Active Directory password from LDAP (without administrative account)
我在駱駝下使用apache shiro,無法將組映射到具有ldap / active目錄的角色
[英]I am using apache shiro under camel and I cannot map groups to roles with ldap/active directory
使用Java連接到LDAP Active Directory,無需用戶名和密碼
[英]Connect to the LDAP Active Directory in Java without username and password
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.