How To: Set AD Password using java – IC5.5 self service

How To: Set AD Password using java  – IC5.5 self service

Hi all,

this time again some coding stuff … but I thought this might be interesting, as this belongs to an application we`re using to create users for IBM Connections.

This application is called UserManager. It offers an easy way to create external / internal users as well as self service capabilities.

Bildschirmfoto 2016-05-11 um 20.26.44

Changing passwords is an easy task when using SDS or Domino as directory where your IBM Connections Accounts are stored. This is NOT the case when using MS AD… Changing a password using a programmatic way or let`s say using the LDAP protocol has the following prerequisites that I was not aware of before:

  • Changing passwords is only possible if you connect via ldaps – port 636 to AD!
  • The password is stored as an attribute called “userPassword” – but this is only a link of the attribute “unicodePwd”. –> If you simply change the attribute userPassword.. nothing will happen and you are not able to login!
  • The change operation has to be done using the unicodePwd attribute – but only using a special procedure (encoding)

If you want to change the password of an AD account from your java code proceed like this:

  • encode the password using “UTF-16LE” – sample code:
    public byte[] encodePassword(String password) {
            try {
                password = "" + '\"' + password + '\"';
                return password.getBytes("UTF-16LE");
            }
            catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
    
  • Write the password into the attribute “unicodePwd”

Some more tips:

  • if you create a new user using java code, set the following attributes in order to activate the account:
    • UserAccountControl: 512 (decimal – displays as Hex 0x200 in AD) –> this is the flag or a “normal account”
    • pwdLastSet: -1 –> The user does not need to change the password at next logon

That`s it. Not that hard… but kind of complicated to get everything together

Bildschirmfoto 2016-05-11 um 20.38.28

 

Leave a Reply

Your email address will not be published. Required fields are marked *