Monday, October 27, 2008

Enable/Unlock OID User Account Using Java API

How to programmatically enable and/or unlock a user's OID account using the Java API? Let's take a step by step look:

First get a reference to the directory context:

ctx = oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ldapHost, ldapPort, ldapUserCN, ldapCred );

ldapUserCN will most likely be something like "cn=orcladmin" and ldapCred will be the password for that CN.

Next, we build an attribute set that we are going to update. This will do the account enable:

attrSet = new javax.naming.directory.BasicAttributes();
attrSet.put("orclIsEnabled", "ENABLED");
ctx.modifyAttributes(userDN, javax.naming.directory.DirContext.REPLACE_ATTRIBUTE, attrSet);

userDN here will be the full DN of the user we are modifying. We can also force a new password by putting the attribute "userpassword" in the attribute set and giving it the new password as its value.

Finally, we will do the unlock:

attrSet = new javax.naming.directory.BasicAttributes();
attrSet.put("orclpwdaccountunlock","1");
ctx.modifyAttributes(userDN, javax.naming.directory.DirContext.ADD_ATTRIBUTE, attrSet);

You should note that if you are modifying the user password programmatically, the password must adhere to all of the normal password rules set up for your OID instance.

The code can throw javax.naming.directory.InvalidAttributeValueException , which can be caused by a password not adhering to the OID policies.

No comments: