Using password policies in Windows server 2016 from springboot app
$30-250 USD
Maksettu toimituksen yhteydessä
Password policy is not working completely in Windows server 2016 AD while using UnboundID in springboot app.
Now in a Springboot app with UnboundID the first issue that I've found is that the Minimum password age rule is being ignored while I change a password, there's no error coming from the AD and the app changes the password correctly, with something like this:
public String changePassword(UserAndPasswordDTO credentials) {
// Create connection with active directory
final LDAPConnection connection = [login to view URL](myHost, [login to view URL](port), dn, password);
if (connection != null) {
try {
// Properly encode the password. It must be enclosed in quotation marks,
// and it must use a UTF-16LE encoding.
[login to view URL]("Going to encode the password.");
byte[] quotedPasswordBytes = null;
try {
final String quotedPassword = '"' + [login to view URL]() + '"';
quotedPasswordBytes = [login to view URL]("UTF-16LE");
} catch (final UnsupportedEncodingException uee) {
[login to view URL]("Unable to encode the quoted password in UTF-16LE: "
+ [login to view URL](uee));
}
// Search in active directory
SearchResult searchResult = [login to view URL]("dc=" + domain + ",dc=com", [login to view URL],
"sAMAccountName=" + [login to view URL]());
List<SearchResultEntry> searchEntries = [login to view URL]();
if ([login to view URL]() != 1) {
// The search didn't match exactly one entry.
[login to view URL]("Coming out of the change password service");
return "The search didn't match exactly one entry.";
} else {
// Get the dn value of the search
String userDN = [login to view URL](0).getAttribute("distinguishedName").getValue();
// Attempt to modify the user password.
final Modification mod = new Modification([login to view URL], "unicodePwd",
quotedPasswordBytes);
[login to view URL](userDN, mod);
[login to view URL]("Coming out of the change password service");
return "Password changed succesfully";
}
} catch (LDAPException e) {
[login to view URL]("Error when try to search the user to modify his password");
[login to view URL]("Coming out of the change password service");
return "Error when try to search the user to modify his password";
} finally {
[login to view URL]();
}
} else {
// Connection to AD is null
[login to view URL]("Connection to active directory is null");
[login to view URL]("Coming out of the change password service");
return "Active Directory connection error";
}
}
In this scenario, should be working Enforce password history too, but it allows to repeat the password, i.e. change password to abc+000 more than 10 consecutive times, meaning that this password history is not generating an error or something. So, here comes my questions... Why is it happening this? and how can i solve it? Any help will be appreciated. Thanks!
PD: I tested the Complexity requirements and length rule, and these are working good returning an error for the action in the AD. PD2: The AD is under LDAPS protocol.
Link reference in stackoverflow [login to view URL]
Projektin tunnus: #28304008
