无法与Active Directory连接以重置密码

时间:2013-03-14 14:36:35

标签: java ssl active-directory ssl-certificate

我对这个领域全新,对java也没有多少经验。我被分配了这个任务,我可以作为管理员和检索信息以简单模式连接,但无法重置密码。我在许多网站上发现我必须使用ssl,但是当我得到一个

时无法成功

"简单绑定失败"

错误我在下面发布了我的代码以及我注释掉的代码(我之前尝试过)。请帮忙。我无法从我收到的任何来源解决问题。我使用从服务器复制到我的密钥库的证书。这是使用它的正确方法吗?如果我删除了ssl部分

 env.put(Context.SECURITY_PROTOCOL,"ssl");

我得到握手异常

Problem with TLS: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed


public class ActiveDirectory {
private DirContext ctx;

public boolean connect(String username,String password){
    Hashtable<String, String> env = new Hashtable<String, String>();
//      Properties env=new Properties();
    env.put(Context.SECURITY_PROTOCOL,"ssl");
    env.put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.PROVIDER_URL, "ldap://192.168.1.199:389");
    env.put(Context.REFERRAL, "follow");

    // The value of Context.SECURITY_PRINCIPAL must be the logon username
    // with the domain name
    env.put(Context.SECURITY_PRINCIPAL, username+"@xxxx.net");

    // The value of the Context.SECURITY_CREDENTIALS should be the user's
    // password
    env.put(Context.SECURITY_CREDENTIALS, password);

    try {
        // Authenticate the logon user
        ctx = new InitialLdapContext(env,null);
        return true;
    }catch(NamingException e){
        System.out.println("Error in connecting : " + e.getMessage());
        return false;
    }

}


public boolean changePasswordAdmin(String userName,String newPassword){
    try {

        //set password is a ldap modfy operation
        //Secure the session with TLS

        StartTlsResponse tls = (StartTlsResponse)((LdapContext) ctx).extendedOperation(new StartTlsRequest());
        tls.negotiate();

        //set password is a ldap modfy operation
        ModificationItem[] mods = new ModificationItem[1];

        //Replace the "unicdodePwd" attribute with a new value
        //Password must be both Unicode and a quoted string
        String newQuotedPassword = "\"" + newPassword + "\"";
        byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

        mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));

        // Perform the update
        ctx.modifyAttributes(userName, mods);

        System.out.println("Reset Password for: " + userName);
        tls.close();
        ctx.close();
        return true;
    } 
    catch (NamingException e) {
        System.out.println("Problem resetting password: " + e);
    }
    catch (UnsupportedEncodingException e) {
        System.out.println("Problem encoding password: " + e);
    }
    catch (IOException e) {
        System.out.println("Problem with TLS: " + e);
    }
    return false;
}

public static void main(String args[]) throws NamingException {
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); 
    // the keystore that holds trusted root certificates 
    System.setProperty("javax.net.ssl.trustStore", "C:\\keystore.jks"); 
    System.setProperty("javax.net.ssl.trustStorePassword", "****"); 
    System.setProperty("javax.net.ssl.keyStore", "C:\\keystore.jks"); 
    System.setProperty("javax.net.ssl.keyStorePassword", "****"); 


    ActiveDirectory d= new ActiveDirectory();
    d.connect("Administrator", "Group&Team2");
    System.out.println(d.fetchData("MG"));
    System.out.println(d.changePasswordAdmin("CN=Manager MG. Manager,OU=Manager,DC=xxxxx,DC=net", "Abcd@10"));
}
}

1 个答案:

答案 0 :(得分:0)

您的活动目录没有有效证书。

可能是这种情况,因为根证书未在Java中导入。

Here是一个如何将证书导入java的小教程。