1

我正在唱 Java 并试图更改 AD 中的密码。我已将证书导入服务器,但证书中出现错误。

进口有效:

keytool -import -keystore "C:\Program Files\Java\jre6\lib\security\cacerts" -trustcacerts -alias openldap -file "C:\certnew.cer"

列表有效:

keytool -list -keystore "C:\Program Files\Java\jre6\lib\security\cacerts"

我的代码:

public class PassChange
{
    public static void main (String[] args) {

    Hashtable env = new Hashtable();
    String userName = "CN=optimus,DC=ad,DC=euclid,DC=com";

    String oldPassword = "euclid!23";
    String newPassword = "kcube!23";

    //Could also do this via command line java -Djavax.net.ssl.trustStore....

    String keystore = "C:\\Program Files\\Java\\jre6\\lib\\security\\cacerts";

    // 1    String keystore = "C:\\Program Files\\Java\\jre6\\lib\\security\\cacerts";
    // 2    String keystore = "C:\\Program Files\\Java\\jre6\\lib\\security\\cacerts.jks";
    // 3    String keystore = "c:\\";
    // 1,2,3 all error

    System.setProperty("javax.net.ssl.trustStore", keystore);

    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    //set security credentials, note using simple cleartext authentication
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    env.put(Context.SECURITY_PRINCIPAL,userName);
    env.put(Context.SECURITY_CREDENTIALS,oldPassword);

    //specify use of ssl
    env.put(Context.SECURITY_PROTOCOL,"ssl");

    //connect to my domain controller
    String ldapURL = "ldaps://xxx.xxx.xxx.xxx:636";
    env.put(Context.PROVIDER_URL,ldapURL);

    try {

        // Create the initial directory context
        LdapContext ctx = new InitialLdapContext(env,null);

        //change password is a single ldap modify operation
        //that deletes the old password and adds the new password
        ModificationItem[] mods = new ModificationItem[2];
        String oldQuotedPassword = "\"" + oldPassword + "\"";
        byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
        String newQuotedPassword = "\"" + newPassword + "\"";
        byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

        mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
        mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));

        ctx.modifyAttributes(userName, mods);

        System.out.println("Changed Password for: " + userName);    
        ctx.close();

    } 
    catch (NamingException e) {
        System.err.println("Problem changing password: " + e);
    }
    catch (UnsupportedEncodingException e) {
        System.err.println("Problem encoding password: " + e);
    }
}
}

错误信息:

更改密码问题:javax.naming.CommunicationException:简单绑定失败:xxx.xxx.xxx.xxx:636 [根异常是 javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun. security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径]

4

1 回答 1

0

你导入了哪个证书?您不想要服务器证书。相反,您需要证书颁发机构的公钥。具体来说,该开关-trustcacerts旨在表明这是一个 CA 公钥。

猜名字,不知道你是不是抢了服务器的证书。

于 2013-05-31T01:16:49.867 回答