我正在尝试通过java ldap api为Windows 2012 R2 AD LDS中的帐户实现重置密码功能。但它并不尊重密码历史约束。当我尝试实施更改密码时,它会强制执行密码历史记录。我使用以下代码重置密码。
@Override
public void updatePassword(String password) throws LdapException {
try {
String quotedPassword = "\"" + password + "\"";
char unicodePwd[] = quotedPassword.toCharArray();
byte pwdArray[] = new byte[unicodePwd.length * 2];
for (int i=0; i<unicodePwd.length; i++) {
pwdArray[i*2 + 1] = (byte) (unicodePwd[i] >>> 8);
pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff);
}
ModificationItem[] mods = new ModificationItem[]{new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("UnicodePwd", pwdArray))};
LdapContext ldapContext = (LdapContext)ldapTemplate.getContextSource().getReadWriteContext();
final byte[] controlData = {48,(byte)132,0,0,0,3,2,1,1};
BasicControl[] controls = new BasicControl[1];
final String LDAP_SERVER_POLICY_HINTS_OID = "1.2.840.113556.1.4.2239";
controls[0] = new BasicControl(LDAP_SERVER_POLICY_HINTS_OID, true, controlData);
ldapContext.setRequestControls(controls);
ldapContext.modifyAttributes(getRelativeDistinguishedName(), mods);
} catch (Exception e) {
throw new LdapException("Failed to update password for:" + this.getDistinguishedName(), e);
}
}
如果我做错了,请告诉我。