如何从 Java/JNDI 修改 OpenLDAP 中的操作属性?
How do I modify Operational Attributes in OpenLDAP from Java/JNDI?
我们正在开发自定义密码重置工具,目前能够为用户重置密码(使用管理员 DN),但我还需要 remove/modify 一些操作属性才能完全处理业务用例。我使用以下方式连接到 LDAP 服务器:
private void connect() throws NamingException {
Properties props = new Properties();
props.put(INITIAL_CONTEXT_FACTORY, LDAP_CTX_FACTORY);
props.put(PROVIDER_URL, format("ldap://%s:%d/", config.ldapHost(), config.ldapPort()));
props.put(SECURITY_CREDENTIALS, config.ldapBindPassword());
props.put(SECURITY_PRINCIPAL, config.ldapBindUser());
props.put(SECURITY_AUTHENTICATION, "simple");
props.put(REFERRAL, "follow");
props.put(BATCHSIZE, "1000");
connection = new InitialLdapContext(props, null);
connection.setRequestControls(LDAPControls.controls());
LOG.debug("Successfully completed bind to LDAP server '{}'", config.ldapHost());
connected = true;
}
而且我需要修改一些操作属性来做解锁accounts/update修改time/etc...
List<BasicAttribute> attrs = new ArrayList<>();
List<ModificationItem> mods = new ArrayList<>();
// Set password hash
attrs.add(new BasicAttribute("userPassword", "{SSHA}" + hashPassword(salt, password)));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(0)));
// Set last modified timestamp
attrs.add(new BasicAttribute("modifyTimestamp", date.withZone(UTC).format(now())));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(1)));
// Set password changed time
attrs.add(new BasicAttribute("pwdChangeTime", date.withZone(UTC).format(now())));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(2)));
// Remove password lock
attrs.add(new BasicAttribute("pwdAccountLockedTime"));
mods.add(new ModificationItem(REMOVE_ATTRIBUTE, attrs.get(3)));
// Clear password failure time
attrs.add(new BasicAttribute("pwdFailureTime"));
mods.add(new ModificationItem(REMOVE_ATTRIBUTE, attrs.get(4)));
this.reconnect();
ModificationItem[] modItems = new ModificationItem[mods.size()];
mods.toArray(modItems);
connection.modifyAttributes(getDN(email), modItems);
LOG.debug("Completed update of user password for '{}'", email);
return true;
但是当我 运行 这个时,我得到:
LDAP: error code 21 - modifyTimestamp: value #0 invalid per syntax
谁能帮我弄清楚为什么?
How do I modify Operational Attributes in OpenLDAP from Java/JNDI?
你不知道。服务器会的。这就是 'operational attribute' 的意思。
I need to also remove/modify some Operational Attributes in order to completely handle the business use cases
运气不好。
您应该使用 'ppolicy' 覆盖和相关的扩展密码修改操作,而不是自己滚动所有这些。它可以满足您的所有需求,如果不能满足您的需求 ;-)
注意你不应该自己散列密码。如果配置正确,OpenLDAP 将为您完成。
我们正在开发自定义密码重置工具,目前能够为用户重置密码(使用管理员 DN),但我还需要 remove/modify 一些操作属性才能完全处理业务用例。我使用以下方式连接到 LDAP 服务器:
private void connect() throws NamingException {
Properties props = new Properties();
props.put(INITIAL_CONTEXT_FACTORY, LDAP_CTX_FACTORY);
props.put(PROVIDER_URL, format("ldap://%s:%d/", config.ldapHost(), config.ldapPort()));
props.put(SECURITY_CREDENTIALS, config.ldapBindPassword());
props.put(SECURITY_PRINCIPAL, config.ldapBindUser());
props.put(SECURITY_AUTHENTICATION, "simple");
props.put(REFERRAL, "follow");
props.put(BATCHSIZE, "1000");
connection = new InitialLdapContext(props, null);
connection.setRequestControls(LDAPControls.controls());
LOG.debug("Successfully completed bind to LDAP server '{}'", config.ldapHost());
connected = true;
}
而且我需要修改一些操作属性来做解锁accounts/update修改time/etc...
List<BasicAttribute> attrs = new ArrayList<>();
List<ModificationItem> mods = new ArrayList<>();
// Set password hash
attrs.add(new BasicAttribute("userPassword", "{SSHA}" + hashPassword(salt, password)));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(0)));
// Set last modified timestamp
attrs.add(new BasicAttribute("modifyTimestamp", date.withZone(UTC).format(now())));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(1)));
// Set password changed time
attrs.add(new BasicAttribute("pwdChangeTime", date.withZone(UTC).format(now())));
mods.add(new ModificationItem(REPLACE_ATTRIBUTE, attrs.get(2)));
// Remove password lock
attrs.add(new BasicAttribute("pwdAccountLockedTime"));
mods.add(new ModificationItem(REMOVE_ATTRIBUTE, attrs.get(3)));
// Clear password failure time
attrs.add(new BasicAttribute("pwdFailureTime"));
mods.add(new ModificationItem(REMOVE_ATTRIBUTE, attrs.get(4)));
this.reconnect();
ModificationItem[] modItems = new ModificationItem[mods.size()];
mods.toArray(modItems);
connection.modifyAttributes(getDN(email), modItems);
LOG.debug("Completed update of user password for '{}'", email);
return true;
但是当我 运行 这个时,我得到:
LDAP: error code 21 - modifyTimestamp: value #0 invalid per syntax
谁能帮我弄清楚为什么?
How do I modify Operational Attributes in OpenLDAP from Java/JNDI?
你不知道。服务器会的。这就是 'operational attribute' 的意思。
I need to also remove/modify some Operational Attributes in order to completely handle the business use cases
运气不好。
您应该使用 'ppolicy' 覆盖和相关的扩展密码修改操作,而不是自己滚动所有这些。它可以满足您的所有需求,如果不能满足您的需求 ;-)
注意你不应该自己散列密码。如果配置正确,OpenLDAP 将为您完成。