2

I am trying to change the AD password using UNBoundID LDAP sdk as below.

    try{
    LDAPConnection connection=new LDAPConnectionObject().getConnection();
    PasswordModifyExtendedRequest passwordModifyRequest =
    new PasswordModifyExtendedRequest(
    user, // The user to update
    oldPass, // The current password for the user.
    newPass); // The new password.  null = server will generate

    PasswordModifyExtendedResult passwordModifyResult;
    try
    {
    passwordModifyResult = (PasswordModifyExtendedResult)
    connection.processExtendedOperation(passwordModifyRequest);
    System.out.println("passwordModifyResult---"+passwordModifyResult);
    }
    catch (LDAPException le)
    {
    le.printStackTrace();
    passwordModifyResult = new PasswordModifyExtendedResult(
    new ExtendedResult(le));
    }

    LDAPTestUtils.assertResultCodeEquals(passwordModifyResult,
    ResultCode.SUCCESS);
    String serverGeneratedNewPassword =
    passwordModifyResult.getGeneratedPassword();
    }catch(LDAPException e){
    e.printStackTrace();

    }
    }

It throwing error as below,

    LDAPException(resultCode=2 (protocol error), errorMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece , diagnosticMessage='0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended request OID, data 0, vece

Can anyone please correct me on this?

Thanks in advance

sasikals26
  • 835
  • 2
  • 18
  • 41

1 Answers1

3

It sounds like Active Directory (or at least the installation you are using) doesn't support the use of the password modify extended operation. However, you can change user passwords using LDAP modify operations if you construct the modification properly. See http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html for a description of the requirements and a code example.

Neil Wilson
  • 1,706
  • 8
  • 4
  • Thanks Neil, I already did it in same way as you suggested. But here in the above method/class we have more features , which i like to use for example 1. Auto generated password 2. Changing password with old password, It is like authentication. Can you please let me know is there any other way to use the above snippet? – sasikals26 Jun 06 '14 at 07:16
  • I'm not familiar enough with Active Directory to know whether it supports that extended operation at all, but it definitely sounds like it's at least not supported in your current configuration.This is not at all a client-side issue, but is a server-side problem. If the server doesn't allow it, then the client can't do it. – Neil Wilson Jun 06 '14 at 16:10