Wednesday, February 2, 2011

How to reset the OIM password without using the Identity Manager UI

Typically the ODSM (Oracle Directory Services Manager) allows the user to change the passwords using the url http://hostname:7005/odsm . There are situations where one needs to change the password via a Java Web Service. This Post uses the OID (Oracle Internet Directory) Java API to reset password information.


import java.io.InputStream;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.InitialLdapContext;

import oracle.ldap.util.AuthFailureException;
import oracle.ldap.util.LDIF;
import oracle.ldap.util.ModPropertySet;
import oracle.ldap.util.RootOracleContext;
import oracle.ldap.util.User;
import oracle.ldap.util.Util;
import oracle.ldap.util.UtilException;
import oracle.ldap.util.Subscriber;

public class OIDAuthenticate implements OIDConstants {
    public OIDAuthenticate() {
        super();
    }
  
        public String oidResetPassword(String userId,
               String password) throws OIDException {
        InitialDirContext ctx = null;
        try {
            ctx = getOIDConnection();
            RootOracleContext roc = null;
            Subscriber sub = null;
            User user = null;
            roc = new RootOracleContext(ctx);
            try {
                sub = roc.getSubscriber(ctx,util.IDTYPE_DEFAULT, 
                      null, new String[] { "*" });
            } catch (UtilException ue) {
                OIDException le =
                    new OIDException(ue.getLDAPErrorCode() + "", 
                    ue.getMessage());
                le.printStackTrace();
            }            try {
                user =
                 sub.getUser(ctx, Util.IDTYPE_SIMPLE, 
                 userId, new String[] { "*" });
            } catch (UtilException e) {
                OIDException le =
                    new OIDException(e.getLDAPErrorCode() + "", 
                    e.getMessage());
                le.printStackTrace();
            }

            ModPropertySet mps = new ModPropertySet();
            mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_REPLACE,
                 "userpassword",password);
            user.setProperties(ctx, mps);
            return STR_SUCCESS;
        } catch (Exception e) {
            System.out.println("Problem resetting password: ");
            e.printStackTrace();
            return "EXCEPTION_OCCURED";
        }finally
        {   
          try {
              if(ctx!=null) ctx.close();
          } catch (NamingException ue) {
              throw new OIDException("ERR", ue.getMessage());
          }
        } 
    }
    public InitialDirContext getOIDConnection() throws OIDException{
        InitialDirContext ctx;

        try {
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY,
                    "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, "cn=orcladmin");
            env.put(Context.SECURITY_CREDENTIALS, "password1");
            env.put(Context.PROVIDER_URL,               
                                       "ldap://hostname:3060/");
            env.put(Context.REFERRAL, "follow");

            ctx = new InitialLdapContext(env, null);

            return ctx;
        } catch (NamingException ne) {
            throw new OIDException("EXCEPTION_!", 
                                    ne.getMessage());  
        }
    }
}

For questions, comments and feedback,  please contact:
 Harvinder Singh Saluja

3 comments:

  1. Is there an out-of-the box solution in OIM for the end user to manage his/her passwords? In other words it is something called as "user self-service kiosks/pages"?

    Thanks
    Praveen

    ReplyDelete
  2. Praveen there is a User Self Service that can be used to changing passwords.

    ReplyDelete
  3. Hi,
    The return value STR_SUCCESS is not define. Is this normal? Does it exist somewhere else ? Is its value my choice ?
    Thanx by advance

    ReplyDelete

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...