1

i am writing an OpenLdap controller, where i have a lot of ldap functions. One function is to get a LdapUser and his different attributes.

For example:

    NamingEnumeration<SearchResult> enumResult = null;
    UserData ldapUser = new UserData();

    private String[] user_attributes = new String[]{"uid","cn", "sn", "dn", "description", "mail", "displayName",
        "userPassword","pwdChangedTime","pwdExpires", "lastLogonTime"};

    try
    {                  
        SearchControls searchCtrls = new SearchControls();
        searchCtrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        searchCtrls.setReturningAttributes(user_attributes);


        String filter = "(&(objectClass=inetOrgPerson)(uid="+userUid+"))";

        enumResult = ctx.search(ou,filter,searchCtrls);

        SearchResult result = (SearchResult) enumResult.next();


        ldapUser.setUid(getAttribute(result,"uid"));    
        ldapUser.setCN(getAttribute(result, "cn"));
        ldapUser.setSN(getAttribute(result, "sn"));
        ldapUser.setGivenName(getAttribute(result, "givenName"));
        ldapUser.setDescription(getAttribute(result, "description"));
        ldapUser.setMail(getAttribute(result, "mail"));         

    }

That works fine. I have my ldapUser class fullfilled with the attributes. I did the same for a TDS Controller before, and there i could use even the following attributes:

        ldapUser.setPassword(getAttribute(result, "userPassword"));
        ldapUser.setpwdExpires(getAttribute(result,"pwdExpires"));
        ldapUser.setpwdChangedTime(getAttribute(result, "pwdChangedTime"));
        ldapUser.setlastLogonTime(getAttribute(result,"lastLogonTime"));

But it seems this doesn't work for OpenLdap anymore. Does anyone know or has a solution for getting these password attributes in java from OpenLdap?

Best regards

InfoEngi
  • 303
  • 1
  • 10
  • 23

1 Answers1

-2

The "password" is most likely either a hash of the real password or an encrypted version.

Source: How to retrieve LDAP password via JNDI

See also http://bethecoder.com/applications/tutorials/java/ldap/how-to-query-password-attribute-of-ldap-entry.html

user207421
  • 305,947
  • 44
  • 307
  • 483
Prakash
  • 163
  • 8
  • 1
    That's not a 'ref[erence]', it is the source of your plagiarism. – user207421 Jul 27 '17 at 18:02
  • @EJP Thank you for investing your valuable time. I will take care when to use 'Reference', 'Source' and 'See also'. – Prakash Jul 28 '17 at 05:31
  • Hi, thank you for your answers. But i have still the problem. The attribute "userPassword" is working, but the important ones, which were working at TDS, are "pwdExpires", "pwdChangedTime","lastLogonTime", etc. How can i get these? – InfoEngi Jul 28 '17 at 08:23
  • As @EJP suggested, did you configured overlay [ppolicy](http://www.zytrax.com/books/ldap/ch6/ppolicy.html). – Prakash Jul 28 '17 at 08:57