在Domino中修改AD密码

前面要做的安装配置步骤请参考我以前的文章。

1.首先需要修改Domino服务器的配置。
1)将dominoad.keystore拷贝至服务器Domino根目录下。
2)修改Domino的jvm里的java.policy文件,在grant下添加下面两行:
permission java.util.PropertyPermission "javax.net.ssl.trustStore", "write";
permission java.util.PropertyPermission "javax.net.ssl.trustStorePassword", "write";
3)全部完成后,重启Domino服务器才可生效。

2.使用java agent实现,在domino中添加一代理,代码如下:
Java agent code:
import lotus.domino.*;
import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;

public class JavaAgent extends AgentBase {
private LdapContext ctx = null;
private String adminName = "ldapadmin@testad.com.cn";
private String adminpassword = "123456";
private String keystore = "D:/Lotus/Domino/dominoad.keystore";
private String keyPassword = "changeit";
private String ldapURL = "ldaps://ldap.testad.com.cn:636";
private String searchBase = "DC=testad,DC=com,DC=cn";
private String returnedAtts[] = { "distinguishedName" };

private boolean initial_Ldap() {

Hashtable env = new Hashtable();
System.setProperty("javax.net.ssl.trustStore", keystore);
System.setProperty("javax.net.ssl.trustStorePassword", keyPassword);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminpassword);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, ldapURL);

try {
System.out.println("Start InitialLdapContext");
ctx = new InitialLdapContext(env, null);
System.out.println("InitialLdapContext succeed");
} catch (NamingException e) {
System.out.println("Problem initial_Ldap NamingException: " + e);
return false;
}

return true;
}

private boolean close_Ldap() {
System.out.println("Close Ldap");
try {
ctx.close();
} catch (NamingException e) {
System.out.println("Problem close_Ldap NamingException: " + e);
return false;
}
return true;
}

private String search_distinguishedName(String username) {
String searchFilter = "(&(objectClass=user)(cn=" + username + "))";

try {
System.out.println("Start search " + username
+ "'s distinguishedName");
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration answer = ctx.search(searchBase, searchFilter,
searchCtls);
if (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
NamingEnumeration ae = attrs.getAll();
Attribute attr = (Attribute) ae.next();
NamingEnumeration e = attr.getAll();
return (String) e.next();
}
}
} catch (NamingException e) {
System.out
.println("Problem search_distinguishedName NamingException: "
+ e);
return "error";
}

return "none";
}

private boolean mod_Pwd(String username, String password) {
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "/"" + password + "/"";

try {
System.out.println("Start reset password");
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes(username, mods);
System.out.println("Finish reset password" + username);
} catch (UnsupportedEncodingException e) {
System.out.println("Problem mod_Pwd UnsupportedEncodingException: "
+ e);
return false;
} catch (NamingException e) {
System.out.println("Problem mod_Pwd NamingException: " + e);
return false;
}

return true;
}

public void NotesMain() {

try {
Session session = getSession();
AgentContext agentContext = session.getAgentContext();
Document doc = agentContext.getDocumentContext(); 
String tUserName = doc.getFirstItem("usernameEdit").getText();
String tPassWord = doc.getFirstItem("newpwdEdit").getText();

JavaAgent jP=new JavaAgent();
if (jP.initial_Ldap()) {
String username = jP.search_distinguishedName(tUserName);
jP.mod_Pwd(username, tPassWord);
jP.close_Ldap();
}
} catch(Exception e) {
e.printStackTrace();
}
}
}

3.如果要在Web页面上调用,此Java代理权限需如下设置:

这个设置基本把权限控制降到最低了,应该不需要开放这么多权限,读者可以自己再试试。
注:Domino中对java agent的支持似乎有问题,有时若发现对java代码所做的改动无法生效,请重启Domino服务。

没有更多推荐了,返回首页