我正在使用Java并试图在AD中更改密码。我已将证书导入到服务器,但证书中出现错误。
导入有效:
keytool -import -keystore "C:Program FilesJavajre6libsecuritycacerts" -trustcacerts -alias openldap -file "C:certnew.cer"
有效列表:
keytool -list -keystore "C:Program FilesJavajre6libsecuritycacerts"
public class PassChange
{
public static void main (String[] args) {
Hashtable env = new Hashtable();
String userName = "CN=optimus,DC=ad,DC=euclid,DC=com";
String oldPassword = "euclid!23";
String newPassword = "kcube!23";
//Could also do this via command line java -Djavax.net.ssl.trustStore....
String keystore = "C:\Program Files\Java\jre6\lib\security\cacerts";
// 1 String keystore = "C:\Program Files\Java\jre6\lib\security\cacerts";
// 2 String keystore = "C:\Program Files\Java\jre6\lib\security\cacerts.jks";
// 3 String keystore = "c:\";
// 1,2,3 all error
System.setProperty("javax.net.ssl.trustStore", keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,userName);
env.put(Context.SECURITY_CREDENTIALS,oldPassword);
//specify use of ssl
env.put(Context.SECURITY_PROTOCOL,"ssl");
//connect to my domain controller
String ldapURL = "ldaps://xxx.xxx.xxx.xxx:636";
env.put(Context.PROVIDER_URL,ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
//change password is a single ldap modify operation
//that deletes the old password and adds the new password
ModificationItem[] mods = new ModificationItem[2];
String oldQuotedPassword = """ + oldPassword + """;
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = """ + newPassword + """;
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes(userName, mods);
System.out.println("Changed Password for: " + userName);
ctx.close();
}
catch (NamingException e) {
System.err.println("Problem changing password: " + e);
}
catch (UnsupportedEncodingException e) {
System.err.println("Problem encoding password: " + e);
}
}
}
错误信息:
问题修改密码:javax.naming.CommunicationException: simple bind failed: xxx.xxx.xxx. xxx.xxx.xxx. xxx.xxx.xxx. xxx。xxx:636[根异常是javax.net.ssl.SSLHandshakeException: sun.security.validator. validatoreexception: PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的证书路径到请求的目标]
您导入了哪个证书?您不需要服务器证书。相反,您需要证书颁发机构的公钥。具体来说,交换机-trustcacerts表示这是一个CA公钥。
根据名字猜测,我想知道你是否抓取了服务器的证书。