Spring ldap解锁一个帐户

时间:2018-03-06 15:09:53

标签: active-directory ldap spring-ldap

我正在尝试使用spring ldap解锁用户帐户并收到错误消息 ""Malformed 'LockoutTime' attribute value" exception

我的代码如下所示

public boolean unlockAccount(Name dn) {
        ModificationItem item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("lockoutTime", 0));
        ldapTemplate.modifyAttributes(dn, new ModificationItem[] {item});
        return true;
}

我使用的是Windows Server 2016和Spring ldap 2.3.2。

'锁定时间'解锁帐户的正确属性? 还有什么我想念的吗?

4 个答案:

答案 0 :(得分:2)

在LDAP中,如果您输入错误密码超过5次以上,则该帐户将被锁定。如果要解锁用户,则必须删除一个操作属性名称,如pwdAccountLockedTime。

    public String unlockUser(Users pvo) {
    System.out.println("this is pvo" + pvo);

    Name dn = buildDn(pvo);
    DirContextOperations context = ldapTemplate.lookupContext(dn);
    ModificationItem[] modificationItems;
    modificationItems = new ModificationItem[1];

    modificationItems[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
            new BasicAttribute("pwdAccountLockedTime"));

    ldapTemplate.modifyAttributes(dn, modificationItems);

    return "Account Unlocked";
}

为您的LDAP构建Dn并使用上面的代码,然后用户被解锁。

答案 1 :(得分:1)

String[] attrIDs = new String[] { "lockoutTime", "sAMAccountName", 
"distinguishedName","pwdLastSet", "accountExpires", "userAccountControl", 
"IsAccountLocked" };

ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(2); 

String filter = "(&(objectClass=user)(objectCategory=Person)(sAMAccountName=" + 
samaccountname+ "))";

NamingEnumeration<SearchResult> answer = ctx.search(adManagedOU, filter,ctls);

while (answer.hasMore()) {

    SearchResult rs = answer.next();

    Attributes attrs = rs.getAttributes();

    distinguishedName = rs.getNameInNamespace();

 String[] lockouttime = null;

String lockOutValue=attrs.get("lockoutTime");

if (lockOutValue != null)

{

lockouttime = attrs.get("lockoutTime").toString().split(":");

if (Long.valueOf(lockouttime[1].trim()) > 0) {

ModificationItem[] mods1 = new ModificationItem[] {

new ModificationItem(2, new BasicAttribute("lockoutTime", "0") ) };

((DirContext) ctls).modifyAttributes(distinguishedName, mods1);

} 别的 {

LOGGER.info(username + "Account Not Locked");

}

答案 2 :(得分:0)

可以在lockouttime上设置的唯一值是将值设置为“0”,这将有效取消锁定帐户。

要了解有关Microsoft Active Directory Lockouts的更多信息。

答案 3 :(得分:0)

至少将AWS Simple AD设置为 String 而不是int可以使此工作有效。

 ModificationItem item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("lockoutTime", "0"));
    ldapTemplate.modifyAttributes(dn, new ModificationItem[] {item});
相关问题
最新问题