This class provides an implementation of the LDAP password modify extended
request as defined in
RFC 3062. It may be used
to change the password for a user in the directory, and provides the ability
to specify the current password for verification. It also offers the ability
to request that the server generate a new password for the user.
The elements of a password modify extended request include:
-
userIdentity -- This specifies the user for which to change the
password. It should generally be the DN for the target user (although
the specification does indicate that some servers may accept other
values). If no value is provided, then the server will attempt to
change the password for the currently-authenticated user.
-
oldPassword -- This specifies the current password for the
user. Some servers may require that the old password be provided when
a user is changing his or her own password as an extra level of
verification, but it is generally not necessary when an administrator
is resetting the password for another user.
-
newPassword -- This specifies the new password to use for the
user. If it is not provided, then the server may attempt to generate a
new password for the user, and in that case it will be included in the
generatedPassword field of the corresponding
PasswordModifyExtendedResult. Note that some servers may not
support generating a new password, in which case the client will always
be required to provide it.
Example
The following example demonstrates the use of the password modify extended
operation to change the password for user
"uid=test.user,ou=People,dc=example,dc=com". Neither the current password
nor a new password will be provided, so the server will generate a new
password for the user.
PasswordModifyExtendedRequest passwordModifyRequest =
new PasswordModifyExtendedRequest(
"uid=test.user,ou=People,dc=example,dc=com", // The user to update
(String) null, // The current password for the user.
(String) null); // The new password. null = server will generate
PasswordModifyExtendedResult passwordModifyResult;
try
{
passwordModifyResult = (PasswordModifyExtendedResult)
connection.processExtendedOperation(passwordModifyRequest);
// This doesn't necessarily mean that the operation was successful, since
// some kinds of extended operations return non-success results under
// normal conditions.
}
catch (LDAPException le)
{
// For an extended operation, this generally means that a problem was
// encountered while trying to send the request or read the result.
passwordModifyResult = new PasswordModifyExtendedResult(
new ExtendedResult(le));
}
LDAPTestUtils.assertResultCodeEquals(passwordModifyResult,
ResultCode.SUCCESS);
String serverGeneratedNewPassword =
passwordModifyResult.getGeneratedPassword();