Home

Results 1 to 3 of 3

Thread: Make use of CheckObjectPasswordRequest to read PasswordSynch

  1. #1
    nsanson NNTP User

    Make use of CheckObjectPasswordRequest to read PasswordSynch


    Hi, I'm trying to check the synchronization between eDirectory and
    Active Directory for multiple users. I want to check the synchronization
    status as does iManager
    To achieve this goal I'm using CheckObjectPasswordRequest with this
    java code:

    LDAPConnection lc = new LDAPConnection();
    try {
    lc.connect( "172.17.5.100", 389 );
    try {
    lc.bind( LDAPConnection.LDAP_V3, loginDN,
    password.getBytes("UTF8"));
    } catch (UnsupportedEncodingException e1) {
    // TODO Auto-generated catch block
    e1.printStackTrace();
    }
    } catch (Exception e){}

    CheckObjectPasswordRequest checkPwd= new
    CheckObjectPasswordRequest("cn=My Username,ou=users,o=acme","cn=Active
    Directory,cn=DriverSet,o=system");
    LDAPExtendedResponse resp = lc.extendedOperation(checkPwd);
    System.out.println(resp.toString());
    System.out.println(resp.getID());
    System.out.println(resp.getResultCode());
    System.out.println(resp.getMatchedDN());
    System.out.println(resp.getMessageID());

    ASN1OctetString localASN1OctetString = new
    ASN1OctetString(resp.getValue());
    System.out.println(localASN1OctetString.toString() );

    I've tried as LoginDN both the admin and the same user for which I'm
    requesting the check password

    Everytime I've a response with resultCode 0 (Success), as explained in
    http://www.ietf.org/rfc/rfc2251.txt

    This is what eDirectory answers to my code.


    resp.toString(): LDAPExtendedResponse(2): [UNIVERSAL 16] SEQUENCE: {
    [UNIVERSAL 2] INTEGER: 2, [APPLICATION 24] SEQUENCE: { [UNIVERSAL 10]
    ENUMERATED: 0, [UNIVERSAL 4] OCTET STRING: , [UNIVERSAL 4] OCTET STRING:
    , [UNIVERSAL 4] OCTET STRING: 2.16.840.1.113719.1.14.100.38, [UNIVERSAL
    4] OCTET STRING: 0?□□□□□□?
    ID: 2.16.840.1.113719.1.14.100.38
    resultCode: 0
    MatchedDN:
    MessageID: 2
    localASN1OctetString.toString(): [UNIVERSAL 4] OCTET STRING:
    0?□□□□□□?

    What it means? I'm sure that resp.getValue() comes back an
    ASN1OctetString but I cannot understand what eDirectory is saying...

    Any help is appreciated

    Natan


    --
    nsanson
    ------------------------------------------------------------------------
    nsanson's Profile: http://forums.novell.com/member.php?userid=1637
    View this thread: http://forums.novell.com/showthread.php?t=410799


  2. #2
    Jim Willeke NNTP User

    Re: Make use of CheckObjectPasswordRequest to read PasswordSynch

    We have this working. I will try to relate how we did it.

    We have a method:
    public CheckObjectPasswordResponse
    checkPasswordForDriver(LDAPConnection lc, String objectDN, String
    driverDN) throws LDAPException
    {
    LDAPExtendedResponse.register(RESPONSEOID,
    CheckObjectPasswordResponse.class);
    CheckObjectPasswordRequest copwd = new
    CheckObjectPasswordRequest(objectDN, driverDN);
    CheckObjectPasswordResponse resp = (CheckObjectPasswordResponse)
    lc.extendedOperation(copwd);
    return resp;
    }

    The We call the method and handle the response here:
    CheckObjectPasswordResponse coRes = checkPwd.checkPasswordForDriver(ldc,
    entryDN, driver);

    System.out.print("\tDriver: " + driver + " ResultCode: " +
    coRes.getResult());
    if (resultCodes.containsKey(coRes.getResult()))
    {
    System.out.println(": " + resultCodes.get(coRes.getResult()));
    }
    else
    {
    System.out.println();
    }

    So the output is like:
    Connect to: ldap.willeke.com Successful
    Successful bind with to: ldap.xxx.com
    Checking: cn=xxx,ou=people,dc=willeke,dc=com
    Driver: cn=Generic Loopback,cn=driverSet,ou=idm,dc=willeke,dc=com
    ResultCode: 9140: The Application does not Accept Passwords.
    Driver: cn=MAD,cn=driverSet,ou=idm,dc=willeke,dc=com ResultCode: 9006:
    The driver shim returned a retry status.

    Oops looks like the AD driver is down in our test lab.

    Hope this helps.

    -jim

    On 5/18/2010 5:26 AM, nsanson wrote:
    >
    > Hi, I'm trying to check the synchronization between eDirectory and
    > Active Directory for multiple users. I want to check the synchronization
    > status as does iManager
    > To achieve this goal I'm using CheckObjectPasswordRequest with this
    > java code:
    >
    > LDAPConnection lc = new LDAPConnection();
    > try {
    > lc.connect( "172.17.5.100", 389 );
    > try {
    > lc.bind( LDAPConnection.LDAP_V3, loginDN,
    > password.getBytes("UTF8"));
    > } catch (UnsupportedEncodingException e1) {
    > // TODO Auto-generated catch block
    > e1.printStackTrace();
    > }
    > } catch (Exception e){}
    >
    > CheckObjectPasswordRequest checkPwd= new
    > CheckObjectPasswordRequest("cn=My Username,ou=users,o=acme","cn=Active
    > Directory,cn=DriverSet,o=system");
    > LDAPExtendedResponse resp = lc.extendedOperation(checkPwd);
    > System.out.println(resp.toString());
    > System.out.println(resp.getID());
    > System.out.println(resp.getResultCode());
    > System.out.println(resp.getMatchedDN());
    > System.out.println(resp.getMessageID());
    >
    > ASN1OctetString localASN1OctetString = new
    > ASN1OctetString(resp.getValue());
    > System.out.println(localASN1OctetString.toString() );
    >
    > I've tried as LoginDN both the admin and the same user for which I'm
    > requesting the check password
    >
    > Everytime I've a response with resultCode 0 (Success), as explained in
    > http://www.ietf.org/rfc/rfc2251.txt
    >
    > This is what eDirectory answers to my code.
    >
    >
    > resp.toString(): LDAPExtendedResponse(2): [UNIVERSAL 16] SEQUENCE: {
    > [UNIVERSAL 2] INTEGER: 2, [APPLICATION 24] SEQUENCE: { [UNIVERSAL 10]
    > ENUMERATED: 0, [UNIVERSAL 4] OCTET STRING: , [UNIVERSAL 4] OCTET STRING:
    > , [UNIVERSAL 4] OCTET STRING: 2.16.840.1.113719.1.14.100.38, [UNIVERSAL
    > 4] OCTET STRING: 0?□□□□□□?
    > ID: 2.16.840.1.113719.1.14.100.38
    > resultCode: 0
    > MatchedDN:
    > MessageID: 2
    > localASN1OctetString.toString(): [UNIVERSAL 4] OCTET STRING:
    > 0?□□□□□□?
    >
    > What it means? I'm sure that resp.getValue() comes back an
    > ASN1OctetString but I cannot understand what eDirectory is saying...
    >
    > Any help is appreciated
    >
    > Natan
    >
    >


  3. #3
    nsanson NNTP User

    Re: Make use of CheckObjectPasswordRequest to read PasswordSynch


    Thank you very much Jim, I will give it a try


    --
    nsanson
    ------------------------------------------------------------------------
    nsanson's Profile: http://forums.novell.com/member.php?userid=1637
    View this thread: http://forums.novell.com/showthread.php?t=410799


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •