Announcement Announcement Module
No announcement yet.
Implementing a reset password method for Active Directory Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implementing a reset password method for Active Directory

    I am developing an AD Webapplication with Spring LDAP. At the moment I get suck by implemting a password reset method. I searched with a google a while an tried to implement the function. But I have a problem with javax.naming.NameNotFoundException exception. As far as I found out the reson for this is that, if a base is configured in spring ldap I cannot use the cn of the user in the modifyAttributes method. And that is my problem.

    I need the base for nearly all other methods in the application therefor I cannot remove it from springldap. But if I have a base specified how can I use the modifyAttributes method?

    This is my current code for reset password:
    PHP Code:
    public boolean resetPassword(ADUser userString password) {
            try {
    ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodepwd"encodePassword(password)) );
    //DistinguishedName userDN = userToDistinguishedName( luzer );
                //String distName = user.getDistinguishedName().replace(",DC=nettania,DC=at", "");
    log.debug("DistName: "+user.getDistinguishedName());
    //try {
    ldapTemplate.modifyAttributes(user.getDistinguishedName(), new ModificationItem[] { repitem });
                //catch(org.springframework.ldap.NameNotFoundException e) {
                    //ldapTemplate.modifyAttributes("CN=Max Mustermann,OU=Internal,OU=Users,OU=Nettania", new ModificationItem[] { repitem });
    return true;
            catch ( 
    Exception e ) {
    //throw new PasswordStrengthException( exc.getMessage() );
    return false;
    byte[] encodePassword(String passwordthrows UnsupportedEncodingException {
    String newQuotedPassword "\"" password "\"";
    I hope someeone can help me!
    Thanks Florian

  • #2
    After some new tries, finally I got it work. I had to do some change of code:
    public List<ADUser> searchUser(String searchBase, String attribute, String searchValue){
    		AndFilter andFilter = new AndFilter();
    		andFilter.and(new EqualsFilter("objectclass","person"));
    		andFilter.and(new EqualsFilter(config.getProperty(attribute),searchValue));
    		log.debug("LDAP Query " + andFilter.encode());
    		List<ADUser> result =, andFilter.encode(), new ADUserAttributeMapper());
    		return result;
    	public boolean resetPassword(ADUser user, String password) {
    		try {
    		    ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodepwd", encodePassword(password)) );
    		     * This is a workaround for the springldap base problem.
    		     * If a AD base is defined in the springldap.xml file it is not possible to
    		     * use the complete distinguished name because this includes the base of the AD.
    		     * Therefore it is necessary to remove the base from the dinstinguished name.
    		     * This is done in the following lines
    		    try {
    		    	String dn[] = user.getDistinguishedName().split(",DC");
    		    	 // "cn=Max Mustermann,ou=Internal,ou=Users,ou=myOrgan"
    		    	ldapTemplate.modifyAttributes(dn[0], new ModificationItem[] { repitem });
    		    	return true;
    		    catch(ArrayIndexOutOfBoundsException e ) {
    		    	log.error("Domain controller split did not work, dn size is null!", e);
    		    	return false;
    		catch ( Exception e ) {
    			log.error( "changePassword()", e);
    			return false;