/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying * information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Portions Copyright 2006 Sun Microsystems, Inc.
|
*/
|
package org.opends.server.tools;
|
|
|
|
import java.net.Socket;
|
import java.util.ArrayList;
|
|
import org.opends.server.core.DirectoryServer;
|
import org.opends.server.protocols.asn1.ASN1Element;
|
import org.opends.server.protocols.asn1.ASN1OctetString;
|
import org.opends.server.protocols.asn1.ASN1Reader;
|
import org.opends.server.protocols.asn1.ASN1Sequence;
|
import org.opends.server.protocols.asn1.ASN1Writer;
|
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
|
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
|
import org.opends.server.protocols.ldap.ExtendedRequestProtocolOp;
|
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
|
import org.opends.server.protocols.ldap.LDAPMessage;
|
import org.opends.server.protocols.ldap.LDAPResultCode;
|
import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
|
import org.opends.server.types.DN;
|
|
import static org.opends.server.extensions.ExtensionsConstants.*;
|
import static org.opends.server.util.ServerConstants.*;
|
import static org.opends.server.util.StaticUtils.*;
|
|
|
|
/**
|
* This program provides a utility that uses the LDAP password modify extended
|
* operation to change the password for a user. It exposes the three primary
|
* options available for this operation, which are:
|
*
|
* <UL>
|
* <LI>The user identity whose password should be changed.</LI>
|
* <LI>The current password for the user.</LI>
|
* <LI>The new password for the user.
|
* </UL>
|
*
|
* All of these are optional components that may be included or omitted from the
|
* request.
|
*/
|
public class LDAPPasswordModify
|
{
|
/**
|
* Parses the command-line arguments, establishes a connection to the
|
* Directory Server, sends the password modify request, and reads the
|
* response.
|
*
|
* @param args The command-line arguments provided to this program.
|
*/
|
public static void main(String[] args)
|
{
|
// Define default values for all the configurable arguments.
|
boolean provideDNForAuthzID = false;
|
boolean provideOldPW = false;
|
int ldapPort = 389;
|
String authzID = null;
|
String bindDN = null;
|
String bindPW = null;
|
String ldapHost = "127.0.0.1";
|
String newPassword = null;
|
String oldPassword = null;
|
|
|
if (args.length == 0)
|
{
|
displayUsage();
|
return;
|
}
|
|
|
// Iterate through and process the command-line arguments.
|
for (int i=0; i < args.length; i++)
|
{
|
if (args[i].equals("-h"))
|
{
|
ldapHost = args[++i];
|
}
|
else if (args[i].equals("-p"))
|
{
|
ldapPort = Integer.parseInt(args[++i]);
|
}
|
else if (args[i].equals("-D"))
|
{
|
bindDN = args[++i];
|
}
|
else if (args[i].equals("-w"))
|
{
|
bindPW = args[++i];
|
}
|
else if (args[i].equals("-a"))
|
{
|
authzID = args[++i];
|
}
|
else if (args[i].equals("-A"))
|
{
|
provideDNForAuthzID = true;
|
}
|
else if (args[i].equals("-o"))
|
{
|
oldPassword = args[++i];
|
}
|
else if (args[i].equals("-O"))
|
{
|
provideOldPW = true;
|
}
|
else if (args[i].equals("-n"))
|
{
|
newPassword = args[++i];
|
}
|
else if (args[i].equals("-H"))
|
{
|
displayUsage();
|
return;
|
}
|
else
|
{
|
System.err.println("ERROR: Invalid argument \"" + args[i] + "\"");
|
displayUsage();
|
System.exit(1);
|
}
|
}
|
|
|
// Make sure that all the required arguments were provided.
|
if (provideOldPW)
|
{
|
if ((bindPW == null) || (bindPW.length() == 0))
|
{
|
System.err.println("ERROR: The -O argument was used but no bind " +
|
"password was provided.");
|
displayUsage();
|
System.exit(1);
|
}
|
else
|
{
|
oldPassword = bindPW;
|
}
|
}
|
|
if (provideDNForAuthzID)
|
{
|
if ((bindDN == null) || (bindDN.length() == 0))
|
{
|
System.err.println("ERROR: The -A argument was used but no bind DN " +
|
"was provided.");
|
displayUsage();
|
System.exit(1);
|
}
|
else
|
{
|
authzID = "dn:" + bindDN;
|
}
|
}
|
|
|
// Perform the necessary bootstrapping of the Directory Server code.
|
DirectoryServer.bootstrapClient();
|
|
|
// Establish a connection to the Directory Server.
|
ASN1Reader reader = null;
|
ASN1Writer writer = null;
|
try
|
{
|
Socket socket = new Socket(ldapHost, ldapPort);
|
reader = new ASN1Reader(socket);
|
writer = new ASN1Writer(socket);
|
}
|
catch (Exception e)
|
{
|
System.err.println("ERROR: Unable to connect to the Directory Server " +
|
ldapHost + ":" + ldapPort + ":");
|
e.printStackTrace();
|
System.exit(1);
|
}
|
|
|
// Send the LDAP bind request if appropriate.
|
if ((bindDN != null) && (bindDN.length() > 0) && (bindPW != null) &&
|
(bindPW.length() > 0))
|
{
|
BindRequestProtocolOp bindRequest =
|
new BindRequestProtocolOp(new ASN1OctetString(bindDN), 3,
|
new ASN1OctetString(bindPW));
|
LDAPMessage requestMessage = new LDAPMessage(1, bindRequest);
|
|
try
|
{
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e)
|
{
|
System.err.println("ERROR: Could not send the bind request to the " +
|
"server:");
|
e.printStackTrace();
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e2) {}
|
|
System.exit(1);
|
}
|
|
LDAPMessage responseMessage = null;
|
try
|
{
|
ASN1Sequence responseSequence = reader.readElement().decodeAsSequence();
|
responseMessage = LDAPMessage.decode(responseSequence);
|
}
|
catch (Exception e)
|
{
|
System.err.println("ERROR: Could not read the bind response from " +
|
"the server:");
|
e.printStackTrace();
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e2) {}
|
|
System.exit(1);
|
}
|
|
BindResponseProtocolOp bindResponse =
|
responseMessage.getBindResponseProtocolOp();
|
int resultCode = bindResponse.getResultCode();
|
if (resultCode != LDAPResultCode.SUCCESS)
|
{
|
System.err.println("ERROR: Bind failed with result code " +
|
resultCode);
|
|
String errorMessage = bindResponse.getErrorMessage();
|
if ((errorMessage != null) && (errorMessage.length() > 0))
|
{
|
System.err.println("Error Message: " + errorMessage);
|
}
|
|
DN matchedDN = bindResponse.getMatchedDN();
|
if (matchedDN != null)
|
{
|
System.err.println("Matched DN: " + matchedDN.toString());
|
}
|
|
try
|
{
|
requestMessage = new LDAPMessage(2, new UnbindRequestProtocolOp());
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e) {}
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e) {}
|
|
System.exit(resultCode);
|
}
|
}
|
|
|
// Construct the password modify request.
|
ArrayList<ASN1Element> requestElements = new ArrayList<ASN1Element>(3);
|
if (authzID != null)
|
{
|
requestElements.add(new ASN1OctetString(TYPE_PASSWORD_MODIFY_USER_ID,
|
authzID));
|
}
|
|
if (oldPassword != null)
|
{
|
requestElements.add(new ASN1OctetString(TYPE_PASSWORD_MODIFY_OLD_PASSWORD,
|
oldPassword));
|
}
|
|
if (newPassword != null)
|
{
|
requestElements.add(new ASN1OctetString(TYPE_PASSWORD_MODIFY_NEW_PASSWORD,
|
newPassword));
|
}
|
|
ASN1OctetString requestValue =
|
new ASN1OctetString(new ASN1Sequence(requestElements).encode());
|
|
ExtendedRequestProtocolOp extendedRequest =
|
new ExtendedRequestProtocolOp(OID_PASSWORD_MODIFY_REQUEST,
|
requestValue);
|
LDAPMessage requestMessage = new LDAPMessage(2, extendedRequest);
|
|
|
// Send the request to the server and read the response.
|
try
|
{
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e)
|
{
|
System.err.println("ERROR: Could not send password modify request:");
|
e.printStackTrace();
|
|
try
|
{
|
requestMessage = new LDAPMessage(2, new UnbindRequestProtocolOp());
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e2) {}
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e2) {}
|
|
System.exit(1);
|
}
|
|
|
// Read the response from the server.
|
LDAPMessage responseMessage = null;
|
try
|
{
|
ASN1Sequence responseSequence = reader.readElement().decodeAsSequence();
|
responseMessage = LDAPMessage.decode(responseSequence);
|
}
|
catch (Exception e)
|
{
|
System.err.println("ERROR: Could not read password modify response:");
|
e.printStackTrace();
|
|
try
|
{
|
requestMessage = new LDAPMessage(2, new UnbindRequestProtocolOp());
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e2) {}
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e2) {}
|
|
System.exit(1);
|
}
|
|
|
// Make sure that the response was acceptable.
|
ExtendedResponseProtocolOp extendedResponse =
|
responseMessage.getExtendedResponseProtocolOp();
|
int resultCode = extendedResponse.getResultCode();
|
if (resultCode != LDAPResultCode.SUCCESS)
|
{
|
System.err.println("ERROR: Password modify failed with result code " +
|
resultCode);
|
|
String errorMessage = extendedResponse.getErrorMessage();
|
if ((errorMessage != null) && (errorMessage.length() > 0))
|
{
|
System.err.println("Error Message: " + errorMessage);
|
}
|
|
DN matchedDN = extendedResponse.getMatchedDN();
|
if (matchedDN != null)
|
{
|
System.err.println("Matched DN: " + matchedDN.toString());
|
}
|
|
try
|
{
|
requestMessage = new LDAPMessage(3, new UnbindRequestProtocolOp());
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e) {}
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e) {}
|
|
System.exit(resultCode);
|
}
|
|
|
System.out.println("The user's password was successfully modified.");
|
|
|
// See if the response included a generated password.
|
ASN1OctetString responseValue = extendedResponse.getValue();
|
if (responseValue != null)
|
{
|
try
|
{
|
ASN1Sequence responseSequence =
|
ASN1Sequence.decodeAsSequence(responseValue.value());
|
for (ASN1Element e : responseSequence.elements())
|
{
|
if (e.getType() == TYPE_PASSWORD_MODIFY_GENERATED_PASSWORD)
|
{
|
String generatedPassword = e.decodeAsOctetString().stringValue();
|
System.out.println("The generated password was: " +
|
generatedPassword);
|
}
|
else
|
{
|
throw new Exception("ERROR: Unrecognized response value type " +
|
byteToHex(e.getType()));
|
}
|
}
|
}
|
catch (Exception e)
|
{
|
System.err.println("ERROR: Could not decode response value to " +
|
"determine the generated password:");
|
e.printStackTrace();
|
|
try
|
{
|
requestMessage = new LDAPMessage(2, new UnbindRequestProtocolOp());
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e2) {}
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e2) {}
|
|
System.exit(1);
|
}
|
}
|
|
|
// Unbind from the server and close the connection.
|
try
|
{
|
requestMessage = new LDAPMessage(3, new UnbindRequestProtocolOp());
|
writer.writeElement(requestMessage.encode());
|
}
|
catch (Exception e) {}
|
|
try
|
{
|
reader.close();
|
writer.close();
|
} catch (Exception e) {}
|
}
|
|
|
|
/**
|
* Displays usage information for this program.
|
*/
|
public static void displayUsage()
|
{
|
System.err.println("USAGE: java LDAPPasswordModify {options}");
|
System.err.println(" where {options} include:");
|
System.err.println("-h {ldapHost} -- The Directory Server address");
|
System.err.println("-p {ldapPort} -- The Directory Server port");
|
System.err.println("-D {bindDN} -- The bind DN");
|
System.err.println("-w {bindPW} -- The bind password");
|
System.err.println("-a {authzID} -- The authorization ID");
|
System.err.println("-A -- Use bind DN as authorization ID");
|
System.err.println("-o {oldPWD} -- The old password");
|
System.err.println("-O -- Use bind password as old password");
|
System.err.println("-n {newPWD} -- The new password");
|
System.err.println("-H -- Display this usage information");
|
}
|
}
|
