[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem with LDAP Controls on ADS
Hi,
I have a problem in using LDAP Controls with ADS Server.
In case of a password reset or a password expired for a user, the authentication cannot be done. So the exception thrown by LDAP is Invalid Credentials. Here we want to handle this using LDAP Controls. These controls are returned back to the client (Java Program) along with the exception which we capture separately. The entire stuff is working fine in case of Netscape Directory Server. If we test the same code on ADS, the controls are not returned & it throws only exceptions. Our client uses ADS only.
Can you please help me out as I am struck badly.
Thanks & Regards,
..Raj
P.S : Attached is the code used by me. I am using Netscape LDAP for Java
import netscape.ldap.*;
import netscape.ldap.controls.*;
public class PasswordPolicy {
final static int NO_PASSWORD_CONTROLS = 0;
final static int PASSWORD_EXPIRED = -1;
public static void main( String[] args ) {
LDAPConnection ld = null;
int status = -1;
try {
ld = new LDAPConnection();
/* Connect to server */
String MY_HOST = "10.1.11.54";
int MY_PORT = 389;
ld.connect( MY_HOST, MY_PORT );
/* Authenticate to the server */
String DN = "uid=raj,cn=Group1,o=edgile.com";
String PW = "raj";
ld.authenticate( 3, DN, PW );
System.out.println( "Authentication successful" );
}
catch( LDAPException e ) {
if ( e.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS ) {
System.out.println( "Invalid credentials" );
} else if ( e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT ) {
System.out.println( "No such user" );
} else {
System.out.println( "Error on authentication: " + e.toString() );
}
}
/* Were any controls returned? */
if ( ld != null ) {
int seconds = checkControls( ld );
switch( seconds ) {
case NO_PASSWORD_CONTROLS:
System.out.println( "No controls returned" );
break;
case PASSWORD_EXPIRED:
System.out.println( "Password expired and must be reset" );
break;
default:
System.out.println( "Password expires in " + seconds +
" seconds" );
}
}
/* Done, so disconnect */
if ( (ld != null) && ld.isConnected() ) {
try {
ld.disconnect();
} catch ( LDAPException e ) {
System.out.println( "Error: " + e.toString() );
}
}
System.exit(status);
}
private static int checkControls( LDAPConnection ld ) {
LDAPControl[] controls = ld.getResponseControls();
int status = NO_PASSWORD_CONTROLS;
if ( (controls != null) && (controls.length >= 1) ) {
LDAPPasswordExpiringControl expgControl = null;
for ( int i = 0; i < controls.length; i++ ) {
if ( controls[i] instanceof LDAPPasswordExpiredControl ) {
return PASSWORD_EXPIRED;
}
if ( controls[i] instanceof LDAPPasswordExpiringControl ) {
expgControl = (LDAPPasswordExpiringControl)controls[i];
}
}
if ( expgControl != null ) {
try {
/* Return the number of seconds until expiration */
return expgControl.getSecondsToExpiration();
} catch ( NumberFormatException e ) {
System.err.println( "Unexpected message <" +
expgControl.getMessage() +
"> in password expiring control" );
}
}
}
return NO_PASSWORD_CONTROLS;
}
Thanks & Regards,
..Raj
Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com