我们上一篇文章介绍了JAVA通过SSL创建MS AD账户及设置密码,今天我们主要介绍JAVA通过SSL修改MS AD账户密码,关于证书介绍,我们上一篇已经介绍了,所以直接进入重点,上代码
我们准备修改上一篇介绍时创建的gaowenlong这个账户;
我们设置修改密码的账户
上代码
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
package
com.ixmsoft.oa.util;
import
java.io.IOException;
import
java.io.UnsupportedEncodingException;
import
java.util.Hashtable;
import
javax.naming.Context;
import
javax.naming.NamingException;
import
javax.naming.directory.BasicAttribute;
import
javax.naming.directory.DirContext;
import
javax.naming.directory.ModificationItem;
import
javax.naming.ldap.InitialLdapContext;
import
javax.naming.ldap.LdapContext;
public
class
UpdatePasswordTLS {
public
static
void
main (String[] args)
{
Hashtable env =
new
Hashtable();
String adminName =
"CN=Administrator,CN=Users,DC=ixmsoft,DC=com"
;
String adminPassword =
"123"
;
String userName =
"CN=zhushizhen,OU=IXM Adm,OU=IMXSOFT Users,DC=ixmsoft,DC=com"
;
String newPassword =
"123456"
;
String keystore =
"D:\\Development_Environment\\java\\jdk\\jre\\lib\\security\\cacerts"
;
System.setProperty(
"javax.net.ssl.trustStore"
,keystore);
//Access the keystore, this is where the Root CA public key cert was installed
//Could also do this via command line java -Djavax.net.ssl.trustStore....
//String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts";
//System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"
);
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,
"simple"
);
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,
"ssl"
);
//connect to my domain controller
String ldapURL =
"ldap://192.168.5.20:636"
;
env.put(Context.PROVIDER_URL,ldapURL);
try
{
// Create the initial directory context
LdapContext ctx =
new
InitialLdapContext(env,
null
);
//set password is a ldap modfy operation
ModificationItem[] mods =
new
ModificationItem[
1
];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword =
"\""
+ newPassword +
"\""
;
byte
[] newUnicodePassword = newQuotedPassword.getBytes(
"UTF-16LE"
);
//注意:如果是当前用户自行修改密码,需要先删除oldpassword,然后在添加新的password
/*
ModificationItem[] mods = new ModificationItem[2];
//Firstly delete the "unicdodePwd" attribute, using the old password
//Then add the new password,Passwords must be both Unicode and a quoted string
String oldQuotedPassword = "\"" + sOldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "\"" + sNewPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
// Perform the update
ctx.modifyAttributes(sUserName, mods);
*/
mods[
0
] =
new
ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new
BasicAttribute(
"unicodePwd"
, newUnicodePassword));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println(
"Reset Password for: "
+ userName);
ctx.close();
}
catch
(NamingException e) {
System.out.println(
"Problem resetting password: "
+ e);
}
catch
(UnsupportedEncodingException e) {
System.out.println(
"Problem encoding password: "
+ e);
}
catch
(IOException e) {
System.out.println(
"Problem with TLS: "
+ e);
}
}
}
|
开始执行
我们最后看看结果
本文转自 高文龙 51CTO博客,原文链接:http://blog.51cto.com/gaowenlong/1969586,如需转载请自行联系原作者
