• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Error occured while modifying "pwdLastSet" attribute in Active Directory

 
suneel kumar
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After admin resets the pwd in active directory, he enables the user to changes pwd at next logon.

Since Authentication fails, he could able to modify the attribute[pwdLastSet].

please suggest me any solution

Error occured

xyz is not authenticated javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773, vece
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090A1A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece


public class Fastbindclient_changePwd extends HttpServlet{
class ldapfastbind {

class FastBindConnectionControl implements Control {
public byte[] getEncodedValue() {
return null;
}

public String getID() {
return "2.16.840.1.113730.3.4.2";
}

public boolean isCritical() {

return Control.CRITICAL;
}
}

public ldapfastbind(String ldapurl) {
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, ldapurl);
connCtls = new Control[] { new FastBindConnectionControl() };
try {
ctx = new InitialLdapContext(env,connCtls);
}
catch (NamingException e) {
}
}

public int Authenticate(String username, String password, HttpServletRequest request, HttpServletResponse response) throws LDAPException{
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,username);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,password);
ctx.reconnect(connCtls);
System.out.println(username + " is authenticated");

return 0;
}
catch (AuthenticationException e) {
int index5= errMsg.indexOf("data 773");
if(index5 != -1)
{
try {
pwdLastSet = 1;
System.out.println("Password Last Set "+pwdLastSet);
String j_username=request.getParameter("j_username");
String j_password=request.getParameter("j_password");
String new_password=request.getParameter("new_password");
String change_password=request.getParameter("change_password");
boolean isChanged = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
} catch (IOException e1) {
}
}

}
catch (NamingException e) {
}
return 0;
}


public boolean ChangePassword(String sUserName, String sOldPassword, String sNewPassword, HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {

try {
ModificationItem[] mods = new ModificationItem[1];
ModificationItem[] mods1 = new ModificationItem[1];

String oldQuotedPassword = "\"" + sOldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");

String newQuotedPassword = "\"" + sNewPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
System.out.println("newUnicodePassword" + newUnicodePassword);
System.out.println("printed before modify");
mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes("cn="+sUserName+",cn=Users,dc=tc,dc=com", mods);
mods1[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("pwdLastSet", "-1"));
System.out.println("pwdLastSet Replaced");
/*mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
*/

ctx.modifyAttributes("cn="+sUserName+",cn=Users,dc=tc,dc=com", mods1);
ctx.close();
return true;
}
catch (AuthenticationException e) {
if(index5 != -1)
{
try {
pwdLastSet = 1;
System.out.println("Password Last Set "+pwdLastSet);
String j_username=request.getParameter("j_username");
String j_password=request.getParameter("j_password");
String new_password=request.getParameter("new_password");
String change_password=request.getParameter("change_password");
boolean isChanged = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);

} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
}

return false;
}
catch (NamingException e) {


return false;
}

}
public void finito() {
try {
ctx.close();
System.out.println("Context is closed");
}
catch (NamingException e) {
System.out.println("Context close failure " + e);
}
}
}
public void bindClient(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
String ldapurl = "ldaps://172.22.0.99:636";
String keystore = "D:/j2sdk1.4.2_04/jre/lib/security/CACert.ks";
System.setProperty("javax.net.ssl.trustStore",keystore);
ctxFast = new ldapfastbind(ldapurl);
try {
IsAuthenticated = ctxFast.Authenticate(request.getParameter("j_username"),request.getParameter("j_password"), request, response);
boolean isChangedNrml;
if(pwdLastSet == 0)
isChangedNrml = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
System.out.println("b4 change");
System.out.println("After change 1");
} catch (LDAPException e) {
System.out.println("LDAP Exception : " + e.getLDAPResultCode() + "LDAPMessage : " + e.getLDAPErrorMessage()+ "message : " + e.getMessage());
e.printStackTrace();
String errMsg = e.getMessage();
System.out.println("error msa"+errMsg);
}
ctxFast.finito();
}

public ldapfastbind ctxFast = null;
public int pwdLastSet = 0;

}

please suggest me solution
Thanks in Advance..
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic