0

I need to change the password of a user and then check the password policy of that user for admin reset. I have configured Universal Password for the server. I am not being able to find the Password Request/Response Controls in Java for Novell. Could anybody please help?

Sayali
  • 356
  • 1
  • 2
  • 13

2 Answers2

0

You can use native JNDI calls to set the password if your bind user has the rights to do so. If you want more, your best bet is to use the Java NMAS library that Novell / NetIQ provide.

Mainly you need to construct a com.novell.security.nmas.mgmt.NMASPwdMgr object which will provide access to the password policy and password set functions. 

// Construct password manager using a javax.naming.ldap.LdapContext
LdapContext ctx = getContext();
NMASPwdMgr pwdMgr = new NMASPwdMgr( ctx );
// Now you can set the password
pwdMgr.setPwd("TREE_NAME", "cn=your,ou=object,o=dn", "yourPassword");
// Or you can check if the / a password complies with policy
pwdMgr.pwdPolicyCheck("TREE_NAME", "cn=your,ou=object,o=dn", "yourPassword");
mvreijn
  • 2,807
  • 28
  • 40
  • I tried this, it needs SSL to be configured. Is there any way to check if the password has been reset by the Admin without the need of SSL/Password Request/Responses? – Sayali May 08 '15 at 11:44
  • There is an operational attribute called `pwdChangedTime` that will show you the last time the password was changed, however it is only a timestamp and does not contain the initiator. – mvreijn May 12 '15 at 14:02
  • What is your issue with SSL? That is a fairly straightforward piece of code in JNDI. – mvreijn May 12 '15 at 18:15
0

Changing the password as a "admin" is an easy change the userPassword attribute.

Not real sure what "check the password policy of that user for admin reset" implies, but if you want to see if it was a "Admin Reset" you can use this link: https://ldapwiki.com/wiki/Edirectory%20Administrative%20Password%20Changes

-jim

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • I checked this link - https://ldapwiki.com/wiki/Edirectory%20Administrative%20Password%20Changes According to the wiki - If an administrator changes a NDS Password it's expired to 1992-01-01. I enabled grace login and changed the password but it did not change the passwordExpirationTime to 1992-01-01. Am I missing something here? – Sayali May 08 '15 at 11:29
  • Sorry, should be better clarified. When changing the passwordExpirationTime by Novell's utilities, iManager or ConsoleOne. If you do it programmatically, AND the password policy has nspmAdminsDoNotExpirePassword=FALSE AND there is a value for passwordExpirationInterval, then the passwordExpirationTime will be set to the same time as the pwdChangedTime (ie the time the password was changed. – jwilleke May 09 '15 at 11:33