gpt4 book ai didi

ssl证书到AD密码修改

转载 作者:太空宇宙 更新时间:2023-11-03 13:42:07 24 4
gpt4 key购买 nike

我正在使用 Java 并尝试更改 AD 中的密码。我已将证书导入服务器,但我在证书中收到错误。

导入有效:

keytool -import -keystore "C:\Program Files\Java\jre6\lib\security\cacerts" -trustcacerts -alias openldap -file "C:\certnew.cer"

列表有效:

keytool -list -keystore "C:\Program Files\Java\jre6\lib\security\cacerts"

我的代码:

public class PassChange
{
public static void main (String[] args) {

Hashtable env = new Hashtable();
String userName = "CN=optimus,DC=ad,DC=euclid,DC=com";

String oldPassword = "euclid!23";
String newPassword = "kcube!23";

//Could also do this via command line java -Djavax.net.ssl.trustStore....

String keystore = "C:\\Program Files\\Java\\jre6\\lib\\security\\cacerts";

// 1 String keystore = "C:\\Program Files\\Java\\jre6\\lib\\security\\cacerts";
// 2 String keystore = "C:\\Program Files\\Java\\jre6\\lib\\security\\cacerts.jks";
// 3 String keystore = "c:\\";
// 1,2,3 all error

System.setProperty("javax.net.ssl.trustStore", keystore);

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,userName);
env.put(Context.SECURITY_CREDENTIALS,oldPassword);

//specify use of ssl
env.put(Context.SECURITY_PROTOCOL,"ssl");

//connect to my domain controller
String ldapURL = "ldaps://xxx.xxx.xxx.xxx:636";
env.put(Context.PROVIDER_URL,ldapURL);

try {

// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);

//change password is a single ldap modify operation
//that deletes the old password and adds the new password
ModificationItem[] mods = new ModificationItem[2];
String oldQuotedPassword = "\"" + oldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "\"" + newPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));

ctx.modifyAttributes(userName, mods);

System.out.println("Changed Password for: " + userName);
ctx.close();

}
catch (NamingException e) {
System.err.println("Problem changing password: " + e);
}
catch (UnsupportedEncodingException e) {
System.err.println("Problem encoding password: " + e);
}
}
}

错误信息:

problem changing password: javax.naming.CommunicationException: simple bind failed: xxx.xxx.xxx.xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

最佳答案

您导入了哪个证书?您不想要服务器证书。相反,您需要证书颁发机构的公钥。具体来说,开关 -trustcacerts 表示这是一个 CA 公钥。

凭名字猜的,不知你是不是抢了服务器的证书。

关于ssl证书到AD密码修改,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16835337/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com