Maciej Miklas Maciej Miklas - 3 months ago 44
Java Question

Howto change expired password over JNDI in Active Directory without admin user

I would like to change password for user in Active Directory using JNDI. The problem is, that this user's password has expired. When I create

InitialDirContext
it gives me immediately an error (
data 773
means password expired):


javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext
error, data 773, v1db1


I know that IBM LDAP has special bind which addresses this issue, but I could not find something for AD.

Is it possible to change expired password for user without admin account? I would like to provide current and new password and change it.

Answer

OK - I've figured it out:

There a two ways how password in AD can expire:

  1. Admin sets it to expired by setting a flag
  2. The expiration date has been reached

In the first case password cannot be changed trough LDAP and I will receive data 773. In second case change should be possible.

Comments