File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Check whether PasswordExpired in Acitve Directory via JNDI/LDAP Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Practical Unit Testing with TestNG and Mockito this week in the Testing forum!
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "Check whether PasswordExpired in Acitve Directory via JNDI/LDAP" Watch "Check whether PasswordExpired in Acitve Directory via JNDI/LDAP" New topic
Author

Check whether PasswordExpired in Acitve Directory via JNDI/LDAP

Hari Tantry
Greenhorn

Joined: Sep 03, 2003
Posts: 6
posted private message
0
Quote
Hi all,
I am using JNDI/LDAP to connect with Active Directory.
Now my problem is that i needed to display to the user that his/her Password has expired when the user tries binding with the AD Server.
I have written the following piece of code, please can u check whether this approach is fine or is there a better way to do the same:
*****************************************************
if (ne instanceof AuthenticationException)
{
String tempString;
StringTokenizer tokenizerTemp = new StringTokenizer(ne.toString());
while (tokenizerTemp.hasMoreElements())
{
tempString = tokenizerTemp.nextToken();
if (tempString.equalsIgnoreCase("data"))
{
while (tokenizerTemp.hasMoreElements())
{
tempString = tokenizerTemp.nextToken();
if (tempString.startsWith(DATA_PWD_EXPIRED))
{
throw new FailedLoginException(properties.getString("module.activedirectory.error.passwordExpired"));
}

}
}
}
}
***************************************************************
Well this piece of code sits in the catch block and retrieves the info from the error string which is thrown something like this....

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at TestLDAP.main(TestLDAP.java:39)
All u people please advice,

Infact i had thought of one more approach of retrieving the "PwdLastSet" attribiute from AD.
Then actually the problem was that we will need the "maxPwdAge" to retrieve to check the password expiry....since the "maxPwdAge" attribute is defined in the Global Catalog level i cannot connect and retrieve that value.

Regards,
Hari
Hari Tantry
Greenhorn

Joined: Sep 03, 2003
Posts: 6
posted private message
0
Quote
sorry,
if (tempString.startsWith(DATA_PWD_EXPIRED))
{
throw new FailedLoginException(properties.getString("module.activedirectory.error.passwordExpired"));
}

should read...
if (tempString.startsWith("773"))
{
throw new FailedLoginException(properties.getString("module.activedirectory.error.passwordExpired"));
}
Regards
Hari
Hari Tantry
Greenhorn

Joined: Sep 03, 2003
Posts: 6
posted private message
0
Quote
i have found a other way out for the problem
arun prasad
Greenhorn

Joined: Jun 16, 2002
Posts: 7
posted private message
0
Quote
Hello Hari,
Can you please explain the other solution for that problem?

Arun
 
 
subject: Check whether PasswordExpired in Acitve Directory via JNDI/LDAP
 
Threads others viewed
LDAP configuration in TOmcat
JNDI in tomcat
need urgent help: iplanet 6.5 start/stop/deployment problem
Accessing Microsoft AD LDAP through JNDI
Tomcat and LDAP ( connection problem)
IntelliJ Java IDE