Announcement Announcement Module
Collapse
No announcement yet.
Change LDAP Password Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change LDAP Password

    Does anyone have some sample code for changing a password? We're using eDirectory.

    Thanks,
    Jon

  • #2
    The procedure of changing password varies somewhat among LDAP servers. Active Directory, for example, requires an SSL connection and some Unicode string manipulation. Other servers regard the password pretty much as a normal attribute.

    Perhaps you can describe the problems you're having?

    Comment


    • #3
      Try with something like this:
      Code:
      BasicAttribute userPasswordAttribute = new BasicAttribute("userpassword");
      ModificationItem replacedPassword = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,userPasswordAttribute);
      ModificationItem[] modificationItemArray = new ModificationItem[1];
      modificationItemArray[0] = "newPasswordString";
      try { ldapTemplate.modifyAttributes(distinguishedName.toString(),modificationItemArray);
      } catch (DataAccessException e) { ...
      I use Apache Directory ( DS 1.0 ) .. but I have a problem too .. the password is refreshed only when the Apache DS is restarted.

      ... huh .. may be the problem is that the password is not a BasicAttribute?!

      Comment


      • #4
        Originally posted by Ghed View Post
        I use Apache Directory ( DS 1.0 ) .. but I have a problem too .. the password is refreshed only when the Apache DS is restarted.
        This sounds like something specific to ApacheDS. You should contact Alex Karasulu, the lead of the ApacheDS project. Could it be akarasulu at apache dot org perhaps?

        Comment


        • #5
          I've worked with eDirectory in this manner before. I'll try and dig out some old stuff later!

          Comment


          • #6
            I got this from the Novell site a while ago, I think it was around v6.2. You'll have to use this all at your own risk, it's been while since I even looked at this.

            ChangePassword
            Code:
            			LdapContext pwdContext = getContext ().newInstance ( new Control [] { new SimplePasswordControl () } );
            			ModificationItem [] modificationItems = new ModificationItem [ 1 ];
            			Attribute userPasswordAttribute = new BasicAttribute ( "userPassword", "password" );
            			modificationItems [ 0 ] = new ModificationItem ( DirContext.REPLACE_ATTRIBUTE, userPasswordAttribute );
            			pwdContext.modifyAttributes ( dn, modificationItems );
            SimplePasswordControl
            Code:
            public class SimplePasswordControl implements Control
            {
            	public static final String OID = "2.16.840.1.113719.1.27.101.5";
            
            	public String getID ()
            	{
            		return OID;
            	}
            
            	public boolean isCritical ()
            	{
            		return false;
            	}
            
            	public byte [] getEncodedValue ()
            	{
            		return new byte [ 0 ];
            	}
            }
            I seem to also remember that you needed to remove an attribute if the password has already been set (e.g. the attribute exists).

            If it exists
            Code:
                        Attributes attributes = getUserAttributes ( context, new String [] { SAS_LOGIN_CONFIGURATION } );
                        Attribute attribute = attributes.get ( "SASloginConfiguration" );
                        return attribute != null;
            Delete it before you set the password
            Code:
            			ModificationItem [] modificationItems = new ModificationItem [ 1 ];
            			Attribute userPasswordAttribute = new BasicAttribute ( "SASloginConfiguration" );
            			modificationItems [ 0 ] = new ModificationItem ( DirContext.REMOVE_ATTRIBUTE, userPasswordAttribute );
            			getContext ().modifyAttributes ( dn, modificationItems );

            Comment


            • #7
              If you are wanting password changes in Active Directory this would help.....
              http://forum.java.sun.com/thread.jsp...2103&tstart=15

              If you want general LDAP password changes then take a look at JXplorer.
              http://www.jxplorer.org/

              Comment


              • #8
                Did you ever find a solution to this? I am having the same problem where I am able to change the password on disk but ApacheDS is caching. Thanks.

                Comment


                • #9
                  I was able to fix this by upgrading to ApacheDS 1.5.4, but now both the old and new passwords work during login.

                  Comment


                  • #10
                    OpenLDAP shows the same problem - both passwords work until I restart Tomcat.

                    Comment

                    Working...
                    X