2 Replies Latest reply on Dec 17, 2009 4:17 PM by Christopher Council

    Changing passwords in Active Directory from a web service in

    Christopher Council Newbie

      Hi,

      I'm trying to figure out the best way to change passwords in an Active Directory server. I need to provide a web service that allows for callers to do this.

      I have code in my web service that connects to AD and changes the password, but I'm not sure how to get the configuration data I need (server name, port, etc.) This configuration data already exists in the login-module configuration for JAAS, and I really don't want to duplicate it in another file.

      What I'd like to do is get the active LoginModules for a given security domain, and then I could use the LDAP configuration data from the appropriate LoginModule. But I can't find a way to do this.

      I suppose I could subclass LdapExtLoginModule and cache the data somewhere, but that's a pretty ugly hack.

      The second ugly hack I can think of is reading the configuration back in from the filesystem. I have a security-domain-jboss-beans.xml file which specifies the security domain configuration, so in a pinch, I could read that file.

      Any thoughts?

        • 2. Re: Changing passwords in Active Directory from a web servic
          Christopher Council Newbie
          Ok, I came back to this problem and found a solution that works. Turned out to be pretty simple, although I never found any documentation pointing me in the right direction. In case it helps anyone, here you go.
           
          import javax.naming.*;
          import javax.naming.directory.*;
          import java.util.*;
          import java.security.*;
          import javax.security.auth.login.AppConfigurationEntry;
          import javax.security.auth.login.Configuration;

          ...

          public class ADConnection {

          ...

            private static final String BIND_DN = "bindDN";
            private static final String BASE_FILTER_OPT = "baseFilter";
            private static final String BIND_CREDENTIAL = "bindCredential";
            private static final String BASE_CTX_DN = "baseCtxDN";

            /**
             * Constructs a new connection to Active Directory using information in a login module.
             *
             * @param securityDomain Name of the security domain we're interested in.
             * @throws NamingException
             */
            public ADConnection(String securityDomain) throws NamingException {
              Configuration config = Configuration.getConfiguration();
              AppConfigurationEntry[] entries = config.getAppConfigurationEntry(securityDomain);
              for (AppConfigurationEntry entry : entries) {
                if (entry.getLoginModuleName().endsWith("LdapExtLoginModule")) {
                  Map<String, ?> map = entry.getOptions();
                  init((String) map.get(Context.PROVIDER_URL), (String) map.get(BIND_DN),
                          (String) map.get(BIND_CREDENTIAL), (String) map.get(BASE_CTX_DN), (String) map.get(BASE_FILTER_OPT));
                }
              }
            }