我们正在开发一个自定义密码重置工具,目前可以重置用户密码(使用管理员 DN),但我还需要删除/修改一些操作属性,以便完全处理业务用例。我使用以下方式连接到 LDAP 服务器:
private void connect() throws NamingException {
Properties props = new Properties();
props.put(INITIAL_CONTEXT_FACTORY, LDAP_CTX_FACTORY);
props.put(PROVIDER_URL, format("ldap://%s:%d/", config.ldapHost(), config.ldapPort()));
props.put(SECURITY_CREDENTIALS, config.ldapBindPassword());
props.put(SECURITY_PRINCIPAL, config.ldapBindUser());
props.put(SECURITY_AUTHENTICATION, "simple");
props.put(REFERRAL, "follow");
props.put(BATCHSIZE, "1000");
connection = new InitialLdapContext(props, null);
connection.setRequestControls(LDAPControls.controls());
LOG.debug("Successfully completed bind to LDAP server '{}'", config.ldapHost());
connected = true;
}
我需要修改一些操作属性来执行诸如解锁帐户/更新修改时间/等操作...
List<BasicAttribute> attrs = new ArrayList<>();
List<ModificationItem> mods = new ArrayList<>();
// Set password hash
attrs.add(new BasicAttribute("userPassword", "{SSHA}" + hashPassword(salt, password)));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(0)));
// Set last modified timestamp
attrs.add(new BasicAttribute("modifyTimestamp", date.withZone(UTC).format(now())));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(1)));
// Set password changed time
attrs.add(new BasicAttribute("pwdChangeTime", date.withZone(UTC).format(now())));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(2)));
// Remove password lock
attrs.add(new BasicAttribute("pwdAccountLockedTime"));
mods.add(new ModificationItem(REMOVE_ATTRIBUTE, attrs.get(3)));
// Clear password failure time
attrs.add(new BasicAttribute("pwdFailureTime"));
mods.add(new ModificationItem(REMOVE_ATTRIBUTE, attrs.get(4)));
this.reconnect();
ModificationItem[] modItems = new ModificationItem[mods.size()];
mods.toArray(modItems);
connection.modifyAttributes(getDN(email), modItems);
LOG.debug("Completed update of user password for '{}'", email);
return true;
但是当我运行这个时,我得到:
LDAP: error code 21 - modifyTimestamp: value #0 invalid per syntax
谁能帮我找出原因吗?
最佳答案
How do I modify Operational Attributes in OpenLDAP from Java/JNDI?
你不知道。服务器确实如此。这就是“操作属性”的含义。
I need to also remove/modify some Operational Attributes in order to completely handle the business use cases
运气不好。
您应该使用“ppolicy”覆盖层和关联的扩展密码修改操作,而不是自己滚动所有这些操作。它可以满足您所需的一切,如果没有,您需要调整您的需求;-)
注意,您不应该自己对密码进行哈希处理。如果配置正确,OpenLDAP 将为您执行此操作。
关于java - 如何从 Java/JNDI 修改 OpenLDAP 中的操作属性?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39106307/