如何从Java代码更改msDS-User-Account-Control-Computed值?

时间:2019-07-16 13:45:33

标签: java spring ldap adlds user-account-control

我们已将msDS-User-Account-Control-Computed设置为当上次设置的用户密码自动超过3个月时密码已过期。但是,如果用户通过Java代码重设密码,则需要重设此属性(不确定哪个属性)。我尝试将值更改为0x00000000,但是随后抛出以下错误

Malformed 'ms-DS-User-Account-Control-Computed' attribute value; nested exception is javax.naming.directory.InvalidAttributeValueException: Malformed 'ms-DS-User-Account-Control-Computed' attribute value; remaining name 'CN=1234,OU=Users……'

我尝试了以下代码,但运行时却抛出错误。

Attribute attr = new BasicAttribute("userPassword", newPassword);
                ModificationItem item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);

Attribute userCtrlAttr = new BasicAttribute("ms-DS-User-Account-Control-Computed", 0x00000000);

ModificationItem userCtrlItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, userCtrlAttr);

ldapTemplate.modifyAttributes(dn, new ModificationItem[] {item,userCtrlItem});

当我创建一个新用户时,ms-DS-User-Account-Control-Computed的值类似于0x00000200,它显示为msDS-User-Account-Control-Computed:[??? (0x200)]。对于密码过期的用户,它显示为msDS-User-Account-Control-Computed:[PasswordExpired,??? (0x200)],其值为0x00800200。有什么建议吗?

0 个答案:

没有答案