java로 active directory의 사용자 비밀번호 변경하는 방법이다. active directory에서 자신의 비밀번호 변경 권한이 있어야 실행이 된다.
public class Main {
public static void main(String[] args)
{
final String LDAP_SERVERS = "ldap://ldap주소:389"; // ldap://dc1.spectra.co.kr:389
final String LDAP_CONNECT_TIMEOUT_MS = "10000"; // 10 seconds
final String LDAP_READ_TIMEOUT_MS = "10000"; // 10 seconds
final String AUTHENTICATION_DOMAIN = "example.com";
final String USERNAME = "hong";
final String OLD_PASSWORD = "현재 비밀번호";
final String NEW_PASSWORD = "변경 비밀번호";
final String TARGET_BASE_DN = "dc=example,dc=com";
Hashtable<String, String> ldapEnv = new Hashtable<>();
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, LDAP_SERVERS);
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.REFERRAL, "follow");
ldapEnv.put("java.naming.ldap.version", "3");
ldapEnv.put(Context.SECURITY_PRINCIPAL, USERNAME + "@" + AUTHENTICATION_DOMAIN);
ldapEnv.put(Context.SECURITY_CREDENTIALS, OLD_PASSWORD);
DirContext ldapContext = null;
try {
ldapContext = new InitialDirContext(ldapEnv);
} catch(AuthenticationException e) {
System.out.println("Wrong username/password!");
e.printStackTrace();
} catch(NamingException e) {
e.printStackTrace();
}
if (ldapContext == null) return;
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration objects = null;
try {
objects = ldapContext.search(TARGET_BASE_DN, String.format("(&(sAMAccountName=%s))", USERNAME), searchControls);
} catch(NamingException e) {
e.printStackTrace();
}
if (objects == null) return;
try
{
if (objects.hasMore()) {
SearchResult entry = (SearchResult) objects.next();
ModificationItem[] mods = new ModificationItem[2];
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", getPasswordByteArray(OLD_PASSWORD)));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", getPasswordByteArray(NEW_PASSWORD)));
/*ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", getPasswordByteArray(NEW_PASSWORD)));*/
// telephoneNumber
/*ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("telephoneNumber", "010-000-0000"));*/
String name = entry.getName() + "," + TARGET_BASE_DN;
ldapContext.modifyAttributes(name, mods);
System.out.println("비밀번호 변경 완료");
} else {
System.out.println("User (" + USERNAME + ") was not found!");
}
} catch(NamingException e) {
e.printStackTrace();
}
}
private static byte[] getPasswordByteArray(String password) {
String quotedPassword = "\"" + password + "\"";
try {
return quotedPassword.getBytes("UTF-16LE");
} catch(UnsupportedEncodingException e) {
e.printStackTrace();
return null;
}
}
}반응형
