Anonymous_User Absent Member.
Absent Member.
377 views

Make use of CheckObjectPasswordRequest to read PasswordSynch


Hi, I'm trying to check the synchronization between eDirectory and
Active Directory for multiple users. I want to check the synchronization
status as does iManager
To achieve this goal I'm using CheckObjectPasswordRequest with this
java code:

LDAPConnection lc = new LDAPConnection();
try {
lc.connect( "172.17.5.100", 389 );
try {
lc.bind( LDAPConnection.LDAP_V3, loginDN,
password.getBytes("UTF8"));
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
} catch (Exception e){}

CheckObjectPasswordRequest checkPwd= new
CheckObjectPasswordRequest("cn=My Username,ou=users,o=acme","cn=Active
Directory,cn=DriverSet,o=system");
LDAPExtendedResponse resp = lc.extendedOperation(checkPwd);
System.out.println(resp.toString());
System.out.println(resp.getID());
System.out.println(resp.getResultCode());
System.out.println(resp.getMatchedDN());
System.out.println(resp.getMessageID());

ASN1OctetString localASN1OctetString = new
ASN1OctetString(resp.getValue());
System.out.println(localASN1OctetString.toString());

I've tried as LoginDN both the admin and the same user for which I'm
requesting the check password

Everytime I've a response with resultCode 0 (Success), as explained in
http://www.ietf.org/rfc/rfc2251.txt

This is what eDirectory answers to my code.


resp.toString(): LDAPExtendedResponse(2): [UNIVERSAL 16] SEQUENCE: {
[UNIVERSAL 2] INTEGER: 2, [APPLICATION 24] SEQUENCE: { [UNIVERSAL 10]
ENUMERATED: 0, [UNIVERSAL 4] OCTET STRING: , [UNIVERSAL 4] OCTET STRING:
, [UNIVERSAL 4] OCTET STRING: 2.16.840.1.113719.1.14.100.38, [UNIVERSAL
4] OCTET STRING: 0?□□□□□□?
ID: 2.16.840.1.113719.1.14.100.38
resultCode: 0
MatchedDN:
MessageID: 2
localASN1OctetString.toString(): [UNIVERSAL 4] OCTET STRING:
0?□□□□□□?

What it means? I'm sure that resp.getValue() comes back an
ASN1OctetString but I cannot understand what eDirectory is saying...

Any help is appreciated

Natan


--
nsanson
------------------------------------------------------------------------
nsanson's Profile: http://forums.novell.com/member.php?userid=1637
View this thread: http://forums.novell.com/showthread.php?t=410799

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Make use of CheckObjectPasswordRequest to read PasswordSynch

We have this working. I will try to relate how we did it.

We have a method:
public CheckObjectPasswordResponse
checkPasswordForDriver(LDAPConnection lc, String objectDN, String
driverDN) throws LDAPException
{
LDAPExtendedResponse.register(RESPONSEOID,
CheckObjectPasswordResponse.class);
CheckObjectPasswordRequest copwd = new
CheckObjectPasswordRequest(objectDN, driverDN);
CheckObjectPasswordResponse resp = (CheckObjectPasswordResponse)
lc.extendedOperation(copwd);
return resp;
}

The We call the method and handle the response here:
CheckObjectPasswordResponse coRes = checkPwd.checkPasswordForDriver(ldc,
entryDN, driver);

System.out.print("\tDriver: " + driver + " ResultCode: " +
coRes.getResult());
if (resultCodes.containsKey(coRes.getResult()))
{
System.out.println(": " + resultCodes.get(coRes.getResult()));
}
else
{
System.out.println();
}

So the output is like:
Connect to: ldap.willeke.com Successful
Successful bind with to: ldap.xxx.com
Checking: cn=xxx,ou=people,dc=willeke,dc=com
Driver: cn=Generic Loopback,cn=driverSet,ou=idm,dc=willeke,dc=com
ResultCode: 9140: The Application does not Accept Passwords.
Driver: cn=MAD,cn=driverSet,ou=idm,dc=willeke,dc=com ResultCode: 9006:
The driver shim returned a retry status.

Oops looks like the AD driver is down in our test lab.

Hope this helps.

-jim

On 5/18/2010 5:26 AM, nsanson wrote:
>
> Hi, I'm trying to check the synchronization between eDirectory and
> Active Directory for multiple users. I want to check the synchronization
> status as does iManager
> To achieve this goal I'm using CheckObjectPasswordRequest with this
> java code:
>
> LDAPConnection lc = new LDAPConnection();
> try {
> lc.connect( "172.17.5.100", 389 );
> try {
> lc.bind( LDAPConnection.LDAP_V3, loginDN,
> password.getBytes("UTF8"));
> } catch (UnsupportedEncodingException e1) {
> // TODO Auto-generated catch block
> e1.printStackTrace();
> }
> } catch (Exception e){}
>
> CheckObjectPasswordRequest checkPwd= new
> CheckObjectPasswordRequest("cn=My Username,ou=users,o=acme","cn=Active
> Directory,cn=DriverSet,o=system");
> LDAPExtendedResponse resp = lc.extendedOperation(checkPwd);
> System.out.println(resp.toString());
> System.out.println(resp.getID());
> System.out.println(resp.getResultCode());
> System.out.println(resp.getMatchedDN());
> System.out.println(resp.getMessageID());
>
> ASN1OctetString localASN1OctetString = new
> ASN1OctetString(resp.getValue());
> System.out.println(localASN1OctetString.toString());
>
> I've tried as LoginDN both the admin and the same user for which I'm
> requesting the check password
>
> Everytime I've a response with resultCode 0 (Success), as explained in
> http://www.ietf.org/rfc/rfc2251.txt
>
> This is what eDirectory answers to my code.
>
>
> resp.toString(): LDAPExtendedResponse(2): [UNIVERSAL 16] SEQUENCE: {
> [UNIVERSAL 2] INTEGER: 2, [APPLICATION 24] SEQUENCE: { [UNIVERSAL 10]
> ENUMERATED: 0, [UNIVERSAL 4] OCTET STRING: , [UNIVERSAL 4] OCTET STRING:
> , [UNIVERSAL 4] OCTET STRING: 2.16.840.1.113719.1.14.100.38, [UNIVERSAL
> 4] OCTET STRING: 0?□□□□□□?
> ID: 2.16.840.1.113719.1.14.100.38
> resultCode: 0
> MatchedDN:
> MessageID: 2
> localASN1OctetString.toString(): [UNIVERSAL 4] OCTET STRING:
> 0?□□□□□□?
>
> What it means? I'm sure that resp.getValue() comes back an
> ASN1OctetString but I cannot understand what eDirectory is saying...
>
> Any help is appreciated
>
> Natan
>
>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Make use of CheckObjectPasswordRequest to read PasswordSynch


Thank you very much Jim, I will give it a try


--
nsanson
------------------------------------------------------------------------
nsanson's Profile: http://forums.novell.com/member.php?userid=1637
View this thread: http://forums.novell.com/showthread.php?t=410799

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.