After admin resets the pwd in active directory, he enables the user to changes pwd at next logon.
Since Authentication fails, he could able to modify the attribute[pwdLastSet].
please suggest me any solution
Error occured
xyz is not authenticated javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773, vece
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090A1A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
public class Fastbindclient_changePwd extends HttpServlet{
class ldapfastbind {
class FastBindConnectionControl implements Control {
public byte[] getEncodedValue() {
return null;
}
public
String getID() {
return "2.16.840.1.113730.3.4.2";
}
public boolean isCritical() {
return Control.CRITICAL;
}
}
public ldapfastbind(String ldapurl) {
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, ldapurl);
connCtls = new Control[] { new FastBindConnectionControl() };
try {
ctx = new InitialLdapContext(env,connCtls);
}
catch (NamingException e) {
}
}
public int Authenticate(String username, String password, HttpServletRequest request, HttpServletResponse response) throws LDAPException{
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,username);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,password);
ctx.reconnect(connCtls);
System.out.println(username + " is authenticated");
return 0;
}
catch (AuthenticationException e) {
int index5= errMsg.indexOf("data 773");
if(index5 != -1)
{
try {
pwdLastSet = 1;
System.out.println("Password Last Set "+pwdLastSet);
String j_username=request.getParameter("j_username");
String j_password=request.getParameter("j_password");
String new_password=request.getParameter("new_password");
String change_password=request.getParameter("change_password");
boolean isChanged = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
} catch (IOException e1) {
}
}
}
catch (NamingException e) {
}
return 0;
}
public boolean ChangePassword(String sUserName, String sOldPassword, String sNewPassword, HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {
try {
ModificationItem[] mods = new ModificationItem[1];
ModificationItem[] mods1 = new ModificationItem[1];
String oldQuotedPassword = "\"" + sOldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "\"" + sNewPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
System.out.println("newUnicodePassword" + newUnicodePassword);
System.out.println("printed before modify");
mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes("cn="+sUserName+",cn=Users,dc=tc,dc=com", mods);
mods1[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("pwdLastSet", "-1"));
System.out.println("pwdLastSet Replaced");
/*mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
*/
ctx.modifyAttributes("cn="+sUserName+",cn=Users,dc=tc,dc=com", mods1);
ctx.close();
return true;
}
catch (AuthenticationException e) {
if(index5 != -1)
{
try {
pwdLastSet = 1;
System.out.println("Password Last Set "+pwdLastSet);
String j_username=request.getParameter("j_username");
String j_password=request.getParameter("j_password");
String new_password=request.getParameter("new_password");
String change_password=request.getParameter("change_password");
boolean isChanged = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
}
return false;
}
catch (NamingException e) {
return false;
}
}
public void finito() {
try {
ctx.close();
System.out.println("Context is closed");
}
catch (NamingException e) {
System.out.println("Context close failure " + e);
}
}
}
public void bindClient(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
String ldapurl = "ldaps://172.22.0.99:636";
String keystore = "D:/j2sdk1.4.2_04/jre/lib/security/CACert.ks";
System.setProperty("javax.net.ssl.trustStore",keystore);
ctxFast = new ldapfastbind(ldapurl);
try {
IsAuthenticated = ctxFast.Authenticate(request.getParameter("j_username"),request.getParameter("j_password"), request, response);
boolean isChangedNrml;
if(pwdLastSet == 0)
isChangedNrml = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
System.out.println("b4 change");
System.out.println("After change 1");
} catch (LDAPException e) {
System.out.println("LDAP Exception : " + e.getLDAPResultCode() + "LDAPMessage : " + e.getLDAPErrorMessage()+ "message : " + e.getMessage());
e.printStackTrace();
String errMsg = e.getMessage();
System.out.println("error msa"+errMsg);
}
ctxFast.finito();
}
public ldapfastbind ctxFast = null;
public int pwdLastSet = 0;
}
please suggest me solution
Thanks in Advance..
