• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Getting password expiration from LDAP

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello.
I've been going through the JNDI docs from sun and some javaworld tutorials to read/write/update/delete from the LDAP I'm using (OID). Now I'm trying to retrieve the password policy attributes from the LDAP server, specifically the password expiry time. Does anyone have a solution for this? I've searched this forum and found some good links.

Thanks.
AD
 
Andrew Davis
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok. Let me rephrase all of this. I'm trying to determine the amount of time until a user's password
expires. This information is stored in an Oracle Internet Directory
LDAP.

I need to get the password expiration time, which is the
pwdMaxAge attribute in
"cn=PwdPolicyEntry,cn=Common,cn=Products,cn=OracleContext"
I can do this fine.

Next I need to get the timestamp of a particular user's password.
According to this:

http://www.lc.leidenuniv.nl/awcourse/oracle/network.920/a96574/pwdpol...
"In addition, the object class top contains these operational
attributes, to maintain the user-password state information for each
user entry."

pwdChangedTime contains a password timestamp.

pwdChangedTime is one of those attributes in the object class
'top.' How do I read this value for a single user such as
"uid=mojoe,ou=People,o=myserver.com" ?

I know enough about jndi to read attributes from mojoe, like the
uid,etc. But I can't read those inherited from 'top.' Also, this
is probably more of an Oracle/OID question, but do I have to configure
the ldap to store the value for pwdChangedTime, or is the timestamp
automatic?

Is there an easier way to get a notice that the password has expired,
like through "pwdExpirationWarned"? (I have no idea how to get jndi
to work with pwdExpirationWarned.)

This is a tough question, and all help would be appreciated!
Thank you.
[ July 07, 2005: Message edited by: Andrew Davis ]
 
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I also face the same problem to retrieve some security policy attributes (e.g. pwdAccountLockedTime) from OID using SUN LDAP api, but not success.

Here my sample code:

package test.jndi;

import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.*;

public class JNDIApplication {

public void printSearchEnumeration(NamingEnumeration enum) {
try {
while (enum.hasMore()) {
SearchResult sr = (SearchResult)enum.next();
System.out.println(">>>" + sr.getName());
printAttrs(sr.getAttributes());
}

} catch (NamingException e) {
e.printStackTrace();
}
}

public void printAttrs(Attributes attrs) {

if (attrs == null) {
System.out.println("No attributes when trying to print");
} else {
/* Print each attribute */
try {
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore() {
Attribute attr = (Attribute)ae.next();
System.out.println("attribute: " + attr.getID());

/* print each value */
for (NamingEnumeration e = attr.getAll(); e.hasMore();
System.out.println("value: " + e.next()));
}
} catch (NamingException e) {
e.printStackTrace();
}
}
}

public JNDIApplication() {

String INITCTX="com.sun.jndi.ldap.LdapCtxFactory";
String MY_HOST="ldap://localhost:3060";
String MGR_DN="uid=admin";
String MGR_PW="password";

String INITIAL_ENTRY="uid =0005975";

try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
DirContext ctx = new InitialDirContext(env);

try {
Attributes answer = ctx.getAttributes(INITIAL_ENTRY);
printAttrs(answer);

} catch (NamingException e) {
e.printStackTrace();
ctx.close();
}
} catch (NamingException f) {
f.printStackTrace();
}
}

// You need Main() for a JAVA App...
public static void main(String[] args) {
new JNDIApplication();
}
}




Here the output which display all attribute user have, as U can see, it did display those security policy attribute:

attribute: authpassword;oid
value: {SASL/MD5}xgMXC0xvIFLGXZxvHBJKGQ==
value: {SASL/MD5-DN}LI7N8DRsjXysFffOZ40C+Q==
value: {SASL/MD5-U}MQAKyIJPacqzhGSEvmiU1g==
attribute: authpassword;orclcommonpwd
value: {X- ORCLLMV}E52CAC67419A9A224A3B108F3FA6CB6D
value: {X- ORCLNTV}8846F7EAEE8FB117AD06BDD830B7586C
value: {MD5}X03MO1qnZdYdgyfeuILPmQ==
value: {X- ORCLIFSMD5}Hzf+lttETBelztsVTrQ+Ig==
value: {X- ORCLWEBDAV}1bieTs46YoRBwiPxKRDrwQ==
attribute: uid
value: 0005975
attribute: userpassword
value: [B@291aff
attribute: objectclass
value: inetOrgPerson
value: organizationalPerson
value: person
value: top
value: GELagent
attribute: sn
value: 0005975
attribute: cn
value: 0005975

Anyone can help?
 
Song Jing Lim
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, I had solve it. Those attributes are operational - I must ask for them explicitly, in the list of attributes to return from the search request. By default, you only get non-operational attributes, which is why I only get uid, cn, etc.

For example:
String DN = "uid =user1,ou=Accts,c=sg,o=abc.com";

String[] userAttrList = {
"cn", "sn",
"orclpwdaccountunlock", "pwdaccountlockedtime", "pwdfailuretime"
};

SearchControls searchControls = new SearchControls();
searchControls.setReturningAttributes(userAttrList);

NamingEnumeration ne = dircontext.search(searchName, "(objectclass=*)", searchControls);

if(ne!=null){
while(ne.hasMore()){
SearchResult searchresult = (SearchResult) ne.next();
Attributes attrs = searchresult.getAttributes();
printAttrs(attrs);
}
}else{
System.out.println("Search Result is null");
}

...

public void printAttrs(Attributes attrs) {

if (attrs == null) {
System.out.println("No attributes when trying to print");
} else {
/* Print each attribute */
try {
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore() {
Attribute attr = (Attribute)ae.next();
System.out.println("attribute: " + attr.getID());

/* print each value */
for (NamingEnumeration e = attr.getAll(); e.hasMore();
System.out.println("value: " + e.next()));
}
} catch (NamingException e) {
e.printStackTrace();
}
}
}
 
Andrew Davis
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
so how do you get those operational attributes explicitly?

thanks,
ad
 
reply
    Bookmark Topic Watch Topic
  • New Topic