• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1316
  • Last Modified:

Getting error trying to change Active Directory password.

import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import java.io.*;
import com.allaire.cfx.*;

public class passChange implements CustomTag {
   public void processRequest( Request request, Response response )
       throws Exception {
             
             Hashtable env = new Hashtable();
             String adminName = "CN=Max Davis,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=elitecare,DC=local";
             String adminPassword = "mypasshere";
             String userName = request.getAttribute("userCn") + ",OU=SBSUsers,OU=Users,OU=MyBusiness,DC=elitecare,DC=local";
             String newPassword = request.getAttribute("newPass");
             String keystore = "C:/Sun/AppServer/jdk/jre/lib/security/cacerts";
             System.setProperty("javax.net.ssl.trustStore",keystore);
             env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.SECURITY_AUTHENTICATION,"simple");
     env.put(Context.SECURITY_PRINCIPAL,adminName);
     env.put(Context.SECURITY_CREDENTIALS,adminPassword);
     env.put(Context.SECURITY_PROTOCOL,"ssl");
     String ldapURL = "ldaps://ectsb1.elitecare.local:636";
     env.put(Context.PROVIDER_URL,ldapURL);
            
     try {
               LdapContext ctx = new InitialLdapContext(env,null);
                   ModificationItem[] mods = new ModificationItem[1];
                   String newQuotedPassword = "\"" + newPassword + "\"";
                   byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                   mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                   ctx.modifyAttributes(userName, mods);
                   response.write("Reset Password for: " + userName);      
                   ctx.close();
             }
             catch (NamingException e) { response.write("Problem resetting password: " + e); }
             catch (UnsupportedEncodingException e) { response.write("Problem encoding password: " + e); }
   }
}


ERROR THAT I GET:

Problem resetting password: javax.naming.CommunicationException: simple bind failed: ectsb1.elitecare.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
0
max0davis
Asked:
max0davis
  • 11
  • 6
1 Solution
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
which version of java are you using.

check out this link.

http://forum.java.sun.com/thread.jspa?threadID=487196&messageID=2281833.
0
 
max0davisAuthor Commented:
I have "J2EE 1.4 SDK"... first one on download page at java.sun.com.

I am a ColdFusion programmer but I put together this java code which I then compile and use from my coldfusion code as a CFX.

So... Java is a bit beyond me but I really need to accomplish the goal of this java code.. which is to change the password on a Active Directory / LDAP.

Any help would be greatly appreciated.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
max0davisAuthor Commented:
shivaspk, could it still be an expired certificate if I downloaded the newest JDK?

I am confused on how I am supposed to point to the certificate. I put "C:/Sun/AppServer/jdk/jre/lib/security/cacerts" only as a result of searching my drive for "cacerts" and copying the full path into my code. I do not know if this is the correct way I am supposed to do this.

The code here is supposed to connect to ldap via SSL and change the attribute "unicodePwd".

This has been my road block for 2 days and I am afraid if this roadblock persists my co-workers will think I am an imbecile.

Please help.
0
 
max0davisAuthor Commented:
mayankeagle, thats the original code I found and tried modified for my needs.
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
String keystore = "C:/Sun/AppServer/jdk/jre/lib/security/cacerts";

if it is a web application you cann't refer as above.
0
 
max0davisAuthor Commented:
I am developing it on my local machine right now.. how should I point to it?
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
http://experts.about.com/q/JSP-Java-Server-3299/unable-fetch-records-ldap.htm

check out the above program.

Even your program will work if it was a java application but as its a web application you need to get it as a class node resoure propabaly let me  see & get back.

Thank You.
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
http://forum.java.sun.com/thread.jspa?threadID=590795&messageID=3075192

By refering as  $JAVA_HOME/jre/lib/security/cacerts  it may be useful as in most of the cases JAVA_HOME variable will be set.
I think this code will help for the time beign check if does work for you by giving the suitable location where cacerts are placed.

Thank You.
0
 
max0davisAuthor Commented:
I used JAVA_HOME and got this new error:

Problem resetting password: javax.naming.CommunicationException: simple bind failed: ectsb1.elitecare.local:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
0
 
max0davisAuthor Commented:
I am kind of confused here because I am not very familier with Java.. is there anyway you guys could take a stab at modifying my code and posting it here? I know it is better to teach a man to fish rather than hand him a fish but I need to complete this project for work and learning Java right now is not the quick option seeing how I am a ColdFusion programmer and this is one of those rare times that I even need something written in Java. :)
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
try this in your previous program.

change

>> String keystore = "C:/Sun/AppServer/jdk/jre/lib/security/cacerts";

to

 String keystore = "C:\\Sun\\AppServer\\jdk\\jre\\lib\\security\\cacerts";

Thank You.
0
 
max0davisAuthor Commented:
Older error again:

Problem resetting password: javax.naming.CommunicationException: simple bind failed: ectsb1.elitecare.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
0
 
max0davisAuthor Commented:
I am wondering if just because "cacerts" exists.. maybe it doesn't have anything in it... most of the web sites regarding this issue talk about using keytool... do I have to do something to generate a certificate? I am not sure exactly how SSL works.
0
 
max0davisAuthor Commented:
One of these keystore strings must be correct because the error changed.. logicly if the string was always wrong then it would always give the same error but the error has changed.. so wouldn't that mean one of these times I had the correct string? Maybe not.. maybe just wrong in a different way. Heh.
0
 
max0davisAuthor Commented:
I used keytool to generate the following file: cacerts.jks

I changed the line to be: String keystore = "C:/Sun/AppServer/jdk/bin/cacerts.jks";

And I am pretty sure it is finding it because if I create an intentional typo in it such as "cacrts.jks" it throws a different error. So I am assuming it is finding my cert file.. but this is the error I am getting:

Problem resetting password: javax.naming.CommunicationException: simple bind failed: ectsb1.elitecare.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
0
 
max0davisAuthor Commented:
YES!!! It works!! I tried exporting a certificate in a different manner and the new cert file worked! Yay... thanks so much.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 11
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now