javaspringldapspring-ldapspring-security-ldap

How to reset an LDAP password in Spring (Forgotten password)


In a Spring Boot 1.5.9 application, I have a reset my password. Using a token, I am able to identify the user that is resetting he's password.

This is how I update a password of a connected user:

public void updatePassword(User entity) {
  if (null != entity.getOldPassword() && null != entity.getPassword()) {
    userDetailsService.changePassword(entity.getOldPassword(), encrypt(entity.getPassword()));
  }
}

I use LdapUserDetailsManager userDetailsService, from spring security ldap 4.2.3.RELEASE, I do not see any method to reset the password of an user I have the username from.

How can I reset a password using the username (or uid in ldap)?


Solution

  • The solution was in this post: https://tech.wrighting.org/2013/06/06/using-the-ldap-password-modify-extended-operation-with-spring-ldap/

    This is how I did:

        DistinguishedName dn = new DistinguishedName(dn_string);
        Attribute passwordAttribute = new BasicAttribute(passwordAttr,
                newPassword);
        ModificationItem[] modificationItems = new ModificationItem[1];
        modificationItems[0] = new ModificationItem(
                DirContext.REPLACE_ATTRIBUTE, passwordAttribute);
    /*
        Attribute userPasswordChangedAttribute = new BasicAttribute(
                LDAP_PASSWORD_CHANGE_DATE, format.format(convertToUtc(null)
                        .getTime()) + "Z");
        ModificationItem newPasswordChanged = new ModificationItem(
                DirContext.REPLACE_ATTRIBUTE, userPasswordChangedAttribute);
        modificationItems[1] = newPasswordChanged;
        */
        getLdapTemplate().modifyAttributes(dn, modificationItems);
    

    I prefered this method since the version I am using of spring security ldap is not using the password overlay to change the password, for more consistency with it, otherwise, if you are using a more recent version of spring security ldap, prefer the second way of doing it.