Implementing a reset password method for Active Directory

[eolith421]

Hello!
I am developing an AD Webapplication with Spring LDAP. At the moment I get suck by implemting a password reset method. I searched with a google a while an tried to implement the function. But I have a problem with javax.naming.NameNotFoundException exception. As far as I found out the reson for this is that, if a base is configured in spring ldap I cannot use the cn of the user in the modifyAttributes method. And that is my problem.

I need the base for nearly all other methods in the application therefor I cannot remove it from springldap. But if I have a base specified how can I use the modifyAttributes method?

This is my current code for reset password:

PHP Code:

public boolean resetPassword(ADUser user, String password) {
        try {
            ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodepwd", encodePassword(password)) );
            //DistinguishedName userDN = userToDistinguishedName( luzer );
            //String distName = user.getDistinguishedName().replace(",DC=nettania,DC=at", "");
            log.debug("DistName: "+user.getDistinguishedName());
            //try {
                ldapTemplate.modifyAttributes(user.getDistinguishedName(), new ModificationItem[] { repitem });
            //}
            //catch(org.springframework.ldap.NameNotFoundException e) {
                //ldapTemplate.modifyAttributes("CN=Max Mustermann,OU=Internal,OU=Users,OU=Nettania", new ModificationItem[] { repitem });
            //}
            return true;
        } 
        catch ( Exception e ) {
            log.error( "changePassword()", e);
            //throw new PasswordStrengthException( exc.getMessage() );
            return false;
        }
    }
    
    private byte[] encodePassword(String password) throws UnsupportedEncodingException {
        String newQuotedPassword = "\"" + password + "\"";
        return newQuotedPassword.getBytes("UTF-16LE");
    } 


I hope someeone can help me!
Thanks Florian

[eolith421]

Hello!
After some new tries, finally I got it work. I had to do some change of code:

Code:

public List<ADUser> searchUser(String searchBase, String attribute, String searchValue){
		AndFilter andFilter = new AndFilter();
		andFilter.and(new EqualsFilter("objectclass","person"));
		andFilter.and(new EqualsFilter(config.getProperty(attribute),searchValue));
		
		log.debug("LDAP Query " + andFilter.encode());
		@SuppressWarnings("unchecked")
		List<ADUser> result = ldapTemplate.search(searchBase, andFilter.encode(), new ADUserAttributeMapper());
		
		return result;
	}
	
	public boolean resetPassword(ADUser user, String password) {
		try {
		    ModificationItem repitem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodepwd", encodePassword(password)) );
		   
		    /**
		     * This is a workaround for the springldap base problem.
		     * If a AD base is defined in the springldap.xml file it is not possible to
		     * use the complete distinguished name because this includes the base of the AD.
		     * Therefore it is necessary to remove the base from the dinstinguished name.
		     * This is done in the following lines
		     */
		    try {
		    	String dn[] = user.getDistinguishedName().split(",DC");
		    	 // "cn=Max Mustermann,ou=Internal,ou=Users,ou=myOrgan"
		    	ldapTemplate.modifyAttributes(dn[0], new ModificationItem[] { repitem });
		    	return true;
		    }
		    catch(ArrayIndexOutOfBoundsException e ) {
		    	log.error("Domain controller split did not work, dn size is null!", e);
		    	return false;
		    }
		} 
		catch ( Exception e ) {
			log.error( "changePassword()", e);
			return false;
		}
	}