Example 1 with UnicodePwdAttribute
use of org.ldaptive.ad.UnicodePwdAttribute in project cas by apereo.
the class LdapUtils method executePasswordModifyOperation.
/**
* Execute a password modify operation.
*
* @param currentDn the current dn
* @param connectionFactory the connection factory
* @param oldPassword the old password
* @param newPassword the new password
* @param type the type
* @return true /false
* <p>
* AD NOTE: Resetting passwords requires binding to AD as user with privileges to reset other users passwords
* and it does not validate old password or respect directory policies such as history or minimum password age.
* Changing a password with the old password does respect directory policies and requires no account operator
* privileges on the bind user. Pass in blank old password if reset is in order (e.g. forgot password) vs.
* letting user change their own (e.g. expiring) password.
*/
public static boolean executePasswordModifyOperation(final String currentDn, final ConnectionFactory connectionFactory, final String oldPassword, final String newPassword, final AbstractLdapProperties.LdapType type) {
try {
val connConfig = connectionFactory.getConnectionConfig();
val secureLdap = connConfig.getLdapUrl() != null && !connConfig.getLdapUrl().toLowerCase().contains("ldaps://");
if (connConfig.getUseStartTLS() || secureLdap) {
LOGGER.warn("Executing password modification op under a non-secure LDAP connection; " + "To modify password attributes, the connection to the LDAP server {} be secured and/or encrypted.", type == AbstractLdapProperties.LdapType.AD ? "MUST" : "SHOULD");
}
if (type == AbstractLdapProperties.LdapType.AD) {
LOGGER.debug("Executing password change op for active directory based on " + "[https://support.microsoft.com/en-us/kb/269190]" + "change type: [{}]", StringUtils.isBlank(oldPassword) ? "reset" : "change");
val operation = new ModifyOperation(connectionFactory);
val response = StringUtils.isBlank(oldPassword) ? operation.execute(new ModifyRequest(currentDn, new AttributeModification(AttributeModification.Type.REPLACE, new UnicodePwdAttribute(newPassword)))) : operation.execute(new ModifyRequest(currentDn, new AttributeModification(AttributeModification.Type.DELETE, new UnicodePwdAttribute(oldPassword)), new AttributeModification(AttributeModification.Type.ADD, new UnicodePwdAttribute(newPassword))));
LOGGER.debug("Result code [{}], message: [{}]", response.getResultCode(), response.getDiagnosticMessage());
return response.getResultCode() == ResultCode.SUCCESS;
}
LOGGER.debug("Executing password modification op for generic LDAP");
val operation = new ExtendedOperation(connectionFactory);
val response = operation.execute(new PasswordModifyRequest(currentDn, StringUtils.isNotBlank(oldPassword) ? oldPassword : null, newPassword));
LOGGER.debug("Result code [{}], message: [{}]", response.getResultCode(), response.getDiagnosticMessage());
return response.getResultCode() == ResultCode.SUCCESS;
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
}
return false;
}
Also used :
lombok.val(lombok.val)
ExtendedOperation(org.ldaptive.extended.ExtendedOperation)
UnicodePwdAttribute(org.ldaptive.ad.UnicodePwdAttribute)
AttributeModification(org.ldaptive.AttributeModification)
PasswordModifyRequest(org.ldaptive.extended.PasswordModifyRequest)
ModifyOperation(org.ldaptive.ModifyOperation)
ModifyRequest(org.ldaptive.ModifyRequest)
PasswordModifyRequest(org.ldaptive.extended.PasswordModifyRequest)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
LdapException(org.ldaptive.LdapException)
Aggregations
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
lombok.val (lombok.val)1
AttributeModification (org.ldaptive.AttributeModification)1
LdapException (org.ldaptive.LdapException)1
ModifyOperation (org.ldaptive.ModifyOperation)1
ModifyRequest (org.ldaptive.ModifyRequest)1
UnicodePwdAttribute (org.ldaptive.ad.UnicodePwdAttribute)1
ExtendedOperation (org.ldaptive.extended.ExtendedOperation)1
PasswordModifyRequest (org.ldaptive.extended.PasswordModifyRequest)1
