This content has been marked as final. Show 4 replies
I am still stuck here. but when I try it on parent domain controller there is another error
1. Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Now this means the parent domain controller in windows 2008 is running something with some TLS enable to ensure connection. The object is created and takes 2-5 seconds to establish a connection.
code changes are
String keystore = "/usr/software/jdk/jre/lib/security/cacerts";
I tried to enable SSL(636) but bind fails.... which is for sure not running.
Help is appreciated
Your problem is that your AD is using TLS with a certificate that is not trusted by your Java Runtime, probably because it is self-signed. You need to import that certificate into your java truststore (use the default cacerts file) using the keytool utility.
Finally managed to resolve the problem.
I tried to do a lot of things reading forums. But this is what worked.
1. create a key store using $ keytool -genkey -keystore /home/rohan/mystore -keysize 1024 -keyalg RSA --- created "mystore" key store. From the cert file I got the information on RSA and encryption of 1024 bits.
2. import the certificate the keystore - $ keytool -import -keystore /home/rohan/mystore -alias primarydc -file DC2K8.cer
3. In the code just added these lines
env.put(Context.PROVIDER_URL, "ldap://myldapserver:389"); // Port 389 on Windows Domain Controller
String keystore = "/home/rohan/mystore";
4. Change of Password (code provided by stevead )
StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
ModificationItem mods = new ModificationItem;
String newQuotedPassword = "\""+password+"\"";
byte newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD)));
Thanks to stevead and handat for helping.
How to reset password with windows AD 2008 is answered. Need secure connection to complete the process.