发表新帖
发表新帖

How do I resolve “WILL_NOT_PERFORM” MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

后端 未结
关注
3 2040
庸人自扰
庸人自扰 2020-12-01 19:44

I\'m wrestling with Active Directory, trying to get it to let me change a password. I\'ve found tons of useful information, but I\'m still getting a persistent error.

相关标签:
3条回答
  • 走了就别回头了
    2020-12-01 20:24

    It turns out that it has to be UTF-16LE encoded, and then converted to base64.

    val newPass = javax.xml.bind.DatatypeConverter.printBase64Binary(('"'+"Jfi8ZH8#k"+'"').getBytes("UTF-16LE"))

    Did the trick.

    0 讨论(0)
  • 广开言路
    2020-12-01 20:34

    connection not secure enough

    Quote from: http://support.microsoft.com/kb/269190

    In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server.

    So even if everything else looks right, you may still get an SvcErr: DSID-03190F4C, problem 5003 (WILL_NOT_PERFORM) if the connection is deemed insecure.

    lacking admin rights

    A modify request may fail if you try to do a replace without insufficient rights.

    dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd:: base64(utf16le(quoted(password)))
-

    You will get an SecErr: DSID-03150E47, problem 4003 (INSUFF_ACCESS_RIGHTS) in that case. This happens if you try to bind with an unprivileged account.

    password history

    Some admins like to have a long password history (e.g. last 24 passwords saved). You will get a CONSTRAINT_ATT_TYPE if you are using an old password that is already in the history.

    regular user

    1. secure the connection

    2. use a delete-add combo.

    e.g.

    dn: CN=johndoe,OU=Users,DC=example,DC=com
changetype: modify
delete: unicodePwd
unicodePwd:: base64(utf16le(quoted(old password)))
-
add: unicodePwd
unicodePwd:: base64(utf16le(quoted(new password)))
-
    0 讨论(0)
  • 無奈伤痛
    2020-12-01 20:44

    My guess is "unicodePwd: " + '"' + newPass + '"' is circumventing your encoding (as String has to be converted to bytes again and I bet it's not using the right encoding).

    Try using the version of MofifyRequest that takes Modification objects and then use the constructor that takes the attributes value as bytes.

    val newPass = "\"Jfi8ZH8#k\"".getBytes("UTF-16LE")
// note the dquotes inside the string

val mod = new Modification(ModificationType.REPLACE, "unicodePwd", newPass)

    just like in the blog post you linked to...

    0 讨论(0)
 看不清?
提交回复
热议问题