1

I'm trying to change the user password in LDAP, using the code below, I'm not the admin of the LDAP, so I make the connection with a user that have ou=systemusers, it can create users, and add the users to a group. I know the old password for the use that will do the change

PasswordModifyExtendedRequest passwordModifyRequest =
      new PasswordModifyExtendedRequest(
           "uid=test.user,ou=People,dc=example,dc=com", // The user to update
           (String) null, // The current password for the user.
           (String) null); // The new password.  null = server will generate

 PasswordModifyExtendedResult passwordModifyResult;
 try
 {
   passwordModifyResult = (PasswordModifyExtendedResult)
        connection.processExtendedOperation(passwordModifyRequest);
   // This doesn't necessarily mean that the operation was successful, since
   // some kinds of extended operations return non-success results under
   // normal conditions.
 }
 catch (LDAPException le)
 {
   // For an extended operation, this generally means that a problem was
   // encountered while trying to send the request or read the result.
   passwordModifyResult = new PasswordModifyExtendedResult(
        new ExtendedResult(le));
 }

 LDAPTestUtils.assertResultCodeEquals(passwordModifyResult,
      ResultCode.SUCCESS);
 String serverGeneratedNewPassword =
      passwordModifyResult.getGeneratedPassword();

but I always get this result.

PasswordModifyExtendedResult(resultCode=50 (insufficient access rights), messageID=4, diagnosticMessage='You do not have sufficient privileges to perform password reset operations')

How can I change the user password Knowing the old password?

anquegi
  • 11,125
  • 4
  • 51
  • 67

1 Answers1

2

You have to login either as a user with sufficient privileges to perform the operation, or, more usually as the user himself, using the old password, of course, which is an extra sanity check. Or else the LDAP server is misconfigured.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • So I can change the password If I log like the user or I will have more privileges. I tested the second and it works, But how can I perform the first if i'm using a pool connection with the connection rights form the others, Doing a users bind? – anquegi Sep 07 '15 at 10:18
  • The user should always be able to change his own password, unless the LDAP server is misconfigured. I don't understand the question in your second sentence. – user207421 Sep 07 '15 at 10:38
  • Ok, thanks, I said that I have an account for the LDAP that is from ou=systemusers, but not the admin, but seems that doesn't have enough priviligies for changing passwords, other have. – anquegi Sep 07 '15 at 10:49