4 Replies Latest reply: Dec 21, 2011 7:27 AM by gimbal2 RSS

    changing user password in runtime and validate problem

    905602
      Hi all!

      here it goes:

      I have a java server that has a service that validates users in an AD. While the server is running, an user inputs his user/password information to be validated. When the user changes is password, in AD, while the server is running, the jndi api gives an valid context for the 2 passwords, old and new password. Its lilttle strange.

      example:

      username: user1
      password: password

      changed to:

      username:user1
      password: password2

      after the password has been modified, the old password and the new can get an valid Context.

      code that i use to initialize the context:

      private DirContext getInitialContext(String phostname, int pport, String pusername, String ppassword) throws NamingException
           {
                String providerURL = new StringBuffer("ldap://").append(phostname).append(":").append(pport).toString();
                Properties props = new Properties();
                System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                props.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                // props.put("com.sun.jndi.ldap.connect.pool", "true");
                props.put(javax.naming.Context.PROVIDER_URL, providerURL);
                props.put(javax.naming.Context.REFERRAL, "follow");
                if (pusername != null && !pusername.equals(""))
                {
                     props.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
                     props.put(javax.naming.Context.SECURITY_PRINCIPAL, pusername);
                     props.put(javax.naming.Context.SECURITY_CREDENTIALS, (ppassword == null ? "" : ppassword));
                }
                return new InitialDirContext(props);
           }


      if this method returns an Context, then the user is valid.


      thanks for any help. :)