<i id='epg3u'><tr id='epg3u'><dt id='epg3u'><q id='epg3u'><span id='epg3u'><b id='epg3u'><form id='epg3u'><ins id='epg3u'></ins><ul id='epg3u'></ul><sub id='epg3u'></sub></form><legend id='epg3u'></legend><bdo id='epg3u'><pre id='epg3u'><center id='epg3u'></center></pre></bdo></b><th id='epg3u'></th></span></q></dt></tr></i><div id='epg3u'><tfoot id='epg3u'></tfoot><dl id='epg3u'><fieldset id='epg3u'></fieldset></dl></div>
  1. <legend id='epg3u'><style id='epg3u'><dir id='epg3u'><q id='epg3u'></q></dir></style></legend>

      <small id='epg3u'></small><noframes id='epg3u'>

      • <bdo id='epg3u'></bdo><ul id='epg3u'></ul>
    1. <tfoot id='epg3u'></tfoot>
    2. 我可以从 LDAP 更改自己的 Active Directory 密码吗(没有管理帐户)

      Can I change myself Active Directory password from LDAP (without administrative account)(我可以从 LDAP 更改自己的 Active Directory 密码吗(没有管理帐户))

        <legend id='jv1tC'><style id='jv1tC'><dir id='jv1tC'><q id='jv1tC'></q></dir></style></legend>

        <small id='jv1tC'></small><noframes id='jv1tC'>

        1. <tfoot id='jv1tC'></tfoot>
              <tbody id='jv1tC'></tbody>
          • <i id='jv1tC'><tr id='jv1tC'><dt id='jv1tC'><q id='jv1tC'><span id='jv1tC'><b id='jv1tC'><form id='jv1tC'><ins id='jv1tC'></ins><ul id='jv1tC'></ul><sub id='jv1tC'></sub></form><legend id='jv1tC'></legend><bdo id='jv1tC'><pre id='jv1tC'><center id='jv1tC'></center></pre></bdo></b><th id='jv1tC'></th></span></q></dt></tr></i><div id='jv1tC'><tfoot id='jv1tC'></tfoot><dl id='jv1tC'><fieldset id='jv1tC'></fieldset></dl></div>
              <bdo id='jv1tC'></bdo><ul id='jv1tC'></ul>
              1. 本文介绍了我可以从 LDAP 更改自己的 Active Directory 密码吗(没有管理帐户)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                问题描述

                我没有(也不会)拥有管理员帐户.我想从 java 更改 Active Directory 中的自己(用户)密码.我该怎么做?

                I don't (and will not) have administators account. I want to change myself (user) password in Active Directory from java. How can I do this?

                使用来自网络的代码:

                private void changePass() throws Exception {
                    String oldpass = this.encodePassword("oldpass!");
                    String newpass = this.encodePassword("newpass!");
                    Attribute oldattr = new BasicAttribute("unicodePwd", oldpass);
                    Attribute newattr = new BasicAttribute("unicodePwd", newpass);
                    ModificationItem olditem = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, oldattr);
                    ModificationItem newitem = new ModificationItem(DirContext.ADD_ATTRIBUTE, newattr);
                    ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, newattr);
                    ModificationItem[] mods = new ModificationItem[2];
                    mods[0] = olditem;
                    mods[1] = newitem;
                    // ldapTemplate.modifyAttributes("cn=administrator,cn=Users", mods);
                    ldapTemplate.modifyAttributes("cn=smith,cn=Users", new ModificationItem[] { repitem });
                }
                

                这里是上下文来源

                <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
                    <property name="url" value="ldap://ldapserver:389"/>
                    <property name="base" value="dc=company,dc=com"/>
                    <property name="userDn" value="smith@company"/>
                    <property name="password" value="oldpass"/>
                </bean>
                

                我明白了:

                LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
                'CN=Users,DC=company,DC=com'
                

                如果我将 userDn 更改为cn=smith",我得到:

                if I change userDn to "cn=smith" I got:

                LdapErr:DSID-0C0903A9,注释:AcceptSecurityContext 错误

                LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error

                也许我的问题是我不明白 LDAP 是如何工作的?是否可以(使用用户帐户更改用户密码)?而且,如果可能的话,我可以使用相同的权限检查帐户锁定/过期吗?

                Maybe my problem is that I do not understand how is LDAP working? Is it possible (change user password by using user-account) or not? And, if it is possible, can I check account locked / expires with same privileges?

                更新/解决

                非常感谢您的帮助.这对我也很有帮助.

                thank you very match for your help. That was very helpful too me.

                对于未来的搜索者:

                NO_OBJECT - 表示 Active Directory 找不到对象(my cn=Users,cn=Smith)要找到用户目录的完全限定规范路径,您可以使用用户属性distinguishedName"(在我的最坏情况下,它是cn=John, Smith",ou=Contractors,ou=用户帐户,ou=Accounts")

                NO_OBJECT - means that ACtive Directory cannot find object (my cn=Users,cn=Smith) To find fully qualified canonical path to user catalogue you can use user attribute "distinguishedName" (in my, worstest case it is "cn=John, Smith",ou=Contractors,ou=User Accounts,ou=Accounts")

                然后我得到了:

                WILL_NOT_PERFORM - 这可能意味着不同类型的事情.在我的情况下,对象类型有误,但可能还有其他情况,如下所述 - 不是 SSL 连接 (not ldaps://) 等等.

                WILL_NOT_PERFORM - this can mean different type of things. In my case there was wrong object type, but, possible other cases, as described below - not SSL connection (not ldaps://), and others.

                然后:

                INSUFF_ACCESS_RIGHTS - 用户(不是管理员没有权限替换密码属性),要更改密码,他必须输入旧密码和新密码,然后删除旧密码并添加新密码.

                INSUFF_ACCESS_RIGHTS - user (not administrator doesn't have right to REPLACE-password attribute), to change password he must enter old password and new password, and then REMOVE old and ADD new.

                Attribute oldattr = new BasicAttribute("unicodePwd", oldQuotedPassword.getBytes("UTF-16LE"));
                Attribute newattr = new BasicAttribute("unicodePwd", newQuotedPassword.getBytes("UTF-16LE"));
                ModificationItem olditem = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, oldattr);
                ModificationItem newitem = new ModificationItem(DirContext.ADD_ATTRIBUTE, newattr);
                ldapTemplate.modifyAttributes("cn=John\, Smith,ou=Contractors,ou=User Accounts,ou=Accounts", new ModificationItem[] { olditem, newitem });
                

                问题 1005 (CONSTRAINT_ATT_TYPE) - 如果旧密码错误

                顺便说一句

                javax.naming.PartialResultException:未处理的继续引用;remaining name '/' - 在全局搜索人员/用户时(例如,在身份验证方法中)ldapTemplate.setIgnorePartialResultException(true);可以解决的

                javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name '/' - when searching person/user global (for example, in authenticate-method) ldapTemplate.setIgnorePartialResultException(true); can fix it

                推荐答案

                可以,但是有点棘手.

                首先要更改密码,您必须通过 LDAPS 而不是 LDAP 进行连接.那就是使用 TLS 或 SSL(至少 128 位)连接.这是一个如何使用 JNDI 完成此操作的示例.

                First to change the password you must connect via LDAPS not LDAP. That is with TLS or SSL (at least 128 bit) connection. Here is an example how this can be done with JNDI.

                其次,您必须将密码作为 UTF-16LE 编码的字节数组传递.但在编码之前,你应该用双引号将它括起来.所以这里是一个例子:

                Second you must pass the password as UTF-16LE encoded byte array. But before you encode it you should enclose it in double quotes. So here is an example:

                String pass = """ + "newpass" + """;
                byte[] password = pass.getBytes("UTF-16LE");
                // You will need to handle UnsupportedEncodingException here
                

                这篇关于我可以从 LDAP 更改自己的 Active Directory 密码吗(没有管理帐户)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                相关文档推荐

                Slf4j LoggerFactory.getLogger and sonarqube(Slf4j LoggerFactory.getLogger 和 sonarqube)
                Security - Array is stored directly(安全性 - 数组直接存储)
                SonarQube quot;Class Not Foundquot; during Main AST Scan(SonarQube“找不到类在主 AST 扫描期间)
                Integrate Spock#39;s test with Sonar(将 Spock 的测试与声纳集成)
                How do I make Hudson/Jenkins fail if Sonar thresholds are breached?(如果违反声纳阈值,我如何让 Hudson/Jenkins 失败?)
                automatically add curly brackets to all if/else/for/while etc. in a java code-base(自动将大括号添加到 java 代码库中的所有 if/else/for/while 等)
                    <bdo id='d8DBm'></bdo><ul id='d8DBm'></ul>
                      <i id='d8DBm'><tr id='d8DBm'><dt id='d8DBm'><q id='d8DBm'><span id='d8DBm'><b id='d8DBm'><form id='d8DBm'><ins id='d8DBm'></ins><ul id='d8DBm'></ul><sub id='d8DBm'></sub></form><legend id='d8DBm'></legend><bdo id='d8DBm'><pre id='d8DBm'><center id='d8DBm'></center></pre></bdo></b><th id='d8DBm'></th></span></q></dt></tr></i><div id='d8DBm'><tfoot id='d8DBm'></tfoot><dl id='d8DBm'><fieldset id='d8DBm'></fieldset></dl></div>
                          <tbody id='d8DBm'></tbody>

                        <tfoot id='d8DBm'></tfoot>

                        <small id='d8DBm'></small><noframes id='d8DBm'>

                        1. <legend id='d8DBm'><style id='d8DBm'><dir id='d8DBm'><q id='d8DBm'></q></dir></style></legend>