Announcement Announcement Module
Collapse
No announcement yet.
Implementing a reset password method for Active Directory Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implementing a reset password method for Active Directory

    Hello!
    I am developing an AD Webapplication with Spring LDAP. At the moment I get suck by implemting a password reset method. I searched with a google a while an tried to implement the function. But I have a problem with javax.naming.NameNotFoundException exception. As far as I found out the reson for this is that, if a base is configured in spring ldap I cannot use the cn of the user in the modifyAttributes method. And that is my problem.

    I need the base for nearly all other methods in the application therefor I cannot remove it from springldap. But if I have a base specified how can I use the modifyAttributes method?

    This is my current code for reset password:
    PHP Code:
    public boolean resetPassword(ADUser userString password) {
            try {
                
    ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodepwd"encodePassword(password)) );
                
    //DistinguishedName userDN = userToDistinguishedName( luzer );
                //String distName = user.getDistinguishedName().replace(",DC=nettania,DC=at", "");
                
    log.debug("DistName: "+user.getDistinguishedName());
                
    //try {
                    
    ldapTemplate.modifyAttributes(user.getDistinguishedName(), new ModificationItem[] { repitem });
                
    //}
                //catch(org.springframework.ldap.NameNotFoundException e) {
                    //ldapTemplate.modifyAttributes("CN=Max Mustermann,OU=Internal,OU=Users,OU=Nettania", new ModificationItem[] { repitem });
                //}
                
    return true;
            } 
            catch ( 
    Exception e ) {
                
    log.error"changePassword()"e);
                
    //throw new PasswordStrengthException( exc.getMessage() );
                
    return false;
            }
        }
        
        private 
    byte[] encodePassword(String passwordthrows UnsupportedEncodingException {
            
    String newQuotedPassword "\"" password "\"";
            return 
    newQuotedPassword.getBytes("UTF-16LE");
        } 
    I hope someeone can help me!
    Thanks Florian

  • #2
    Hello!
    After some new tries, finally I got it work. I had to do some change of code:
    Code:
    public List<ADUser> searchUser(String searchBase, String attribute, String searchValue){
    		AndFilter andFilter = new AndFilter();
    		andFilter.and(new EqualsFilter("objectclass","person"));
    		andFilter.and(new EqualsFilter(config.getProperty(attribute),searchValue));
    		
    		log.debug("LDAP Query " + andFilter.encode());
    		@SuppressWarnings("unchecked")
    		List<ADUser> result = ldapTemplate.search(searchBase, andFilter.encode(), new ADUserAttributeMapper());
    		
    		return result;
    	}
    	
    	public boolean resetPassword(ADUser user, String password) {
    		try {
    		    ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodepwd", encodePassword(password)) );
    		   
    		    /**
    		     * This is a workaround for the springldap base problem.
    		     * If a AD base is defined in the springldap.xml file it is not possible to
    		     * use the complete distinguished name because this includes the base of the AD.
    		     * Therefore it is necessary to remove the base from the dinstinguished name.
    		     * This is done in the following lines
    		     */
    		    try {
    		    	String dn[] = user.getDistinguishedName().split(",DC");
    		    	 // "cn=Max Mustermann,ou=Internal,ou=Users,ou=myOrgan"
    		    	ldapTemplate.modifyAttributes(dn[0], new ModificationItem[] { repitem });
    		    	return true;
    		    }
    		    catch(ArrayIndexOutOfBoundsException e ) {
    		    	log.error("Domain controller split did not work, dn size is null!", e);
    		    	return false;
    		    }
    		} 
    		catch ( Exception e ) {
    			log.error( "changePassword()", e);
    			return false;
    		}
    	}

    Comment

    Working...
    X