Problem when using PasswordModifyExtendedRequest
A Java-based LDAP API
Brought to you by:
dirmgr,
kennethleo
Menu
▾
▴
#2 Problem when using PasswordModifyExtendedRequest
open
nobody
None
5
2011-12-02
2011-12-02
Anonymous
No
I 'm beginner of the SDK and try to change password of account by
1. to establish ldap connection by simple authentication by admin account and connect to MSAD 2008R2 through LDAPv3
2. to search particular use with particular DN and can search that account (user1)
3. to use PasswordModifyExtendedRequest and provide DN, old password and new password
4. throw exception as following
Exception in thread "main" LDAPException(resultCode=2 (protocol error), errorMessage='0000203D: LdapErr: DSID-0C090D9A, comment: Unknown extended request OID, data 0, v1db1
at com.unboundid.ldap.sdk.LDAPConnection.processExtendedOperation(LDAPConnection.java:2200)
at Main.modifyEntryPassword(Main.java:53)
at Main.main(Main.java:136)
and my code is as following, do any one know what's wrong with the code?
String dn = "CN=user1,OU=Company,OU=Vendors,DC=vendorad,DC=tdc";
PasswordModifyExtendedRequest passwordModifyRequest =
new PasswordModifyExtendedRequest(
dn, "pass!234".getBytes(), "pass@345".getBytes());
PasswordModifyExtendedResult passwordModifyResult =
(PasswordModifyExtendedResult)
ldapconn.processExtendedOperation(passwordModifyRequest);
if (passwordModifyResult.getResultCode() == ResultCode.SUCCESS)
{
System.out.println("The password change was successful.");
System.out.println("The new password for the user is " +
passwordModifyResult.getGeneratedPassword());
}
else
{
System.err.println("An error occurred while attempting to process " +
"the password modify extended request.");
}
The response that you're seeing indicates that Active Directory does not support the password modify extended operation (or at least that support is not currently enabled). I'm not familiar enough with Active Directory to know if it can be enabled. You should probably work with Microsoft support to make that determination.
The only way I know of changing Active Directory passwords over LDAP requires performing a modify operation over SSL, and using a special encoding for the password value. I wrote a blog post on this, including example code, at http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html.