2 Replies Latest reply on Dec 17, 2009 4:17 PM by brazil123

    Changing passwords in Active Directory from a web service in

    brazil123 Dec 11, 2009 3:53 PM

      Hi,

      I'm trying to figure out the best way to change passwords in an Active Directory server. I need to provide a web service that allows for callers to do this.

      I have code in my web service that connects to AD and changes the password, but I'm not sure how to get the configuration data I need (server name, port, etc.) This configuration data already exists in the login-module configuration for JAAS, and I really don't want to duplicate it in another file.

      What I'd like to do is get the active LoginModules for a given security domain, and then I could use the LDAP configuration data from the appropriate LoginModule. But I can't find a way to do this.

      I suppose I could subclass LdapExtLoginModule and cache the data somewhere, but that's a pretty ugly hack.

      The second ugly hack I can think of is reading the configuration back in from the filesystem. I have a security-domain-jboss-beans.xml file which specifies the security domain configuration, so in a pinch, I could read that file.

      Any thoughts?

      • 3051 Views
      • Tags:
        • 1. Re: Changing passwords in Active Directory from a web servic
          brazil123 Dec 11, 2009 3:59 PM (in response to brazil123)

          Just to clarify, I'm using JBoss 5.1.0.GA

            • Actions
          • 2. Re: Changing passwords in Active Directory from a web servic
            brazil123 Dec 17, 2009 4:17 PM (in response to brazil123)
            Ok, I came back to this problem and found a solution that works. Turned out to be pretty simple, although I never found any documentation pointing me in the right direction. In case it helps anyone, here you go.
             
            import javax.naming.*;
            import javax.naming.directory.*;
            import java.util.*;
            import java.security.*;
            import javax.security.auth.login.AppConfigurationEntry;
            import javax.security.auth.login.Configuration;

            ...

            public class ADConnection {

            ...

              private static final String BIND_DN = "bindDN";
              private static final String BASE_FILTER_OPT = "baseFilter";
              private static final String BIND_CREDENTIAL = "bindCredential";
              private static final String BASE_CTX_DN = "baseCtxDN";

              /**
               * Constructs a new connection to Active Directory using information in a login module.
               *
               * @param securityDomain Name of the security domain we're interested in.
               * @throws NamingException
               */
              public ADConnection(String securityDomain) throws NamingException {
                Configuration config = Configuration.getConfiguration();
                AppConfigurationEntry[] entries = config.getAppConfigurationEntry(securityDomain);
                for (AppConfigurationEntry entry : entries) {
                  if (entry.getLoginModuleName().endsWith("LdapExtLoginModule")) {
                    Map<String, ?> map = entry.getOptions();
                    init((String) map.get(Context.PROVIDER_URL), (String) map.get(BIND_DN),
                            (String) map.get(BIND_CREDENTIAL), (String) map.get(BASE_CTX_DN), (String) map.get(BASE_FILTER_OPT));
                  }
                }
              }
              • Actions