Hi

To modify a users attribute in JNDI/LDAP, do you have to connect as a user who has full Admin rights, or can any user modify attributes, providing they have the necessary rights?

Here's some code:

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldap://myHost:389/o=MYORG");

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, "cn=Joe Bloggs, ou=H1, o=MYORG");

env.put(Context.SECURITY_CREDENTIALS, "password");

try {

DirContext ctx = new InitialDirContext(env);

ModificationItem[] mods = new
ModificationItem[1];

mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", "password2"));

ctx.modifyAttributes("cn=Joe Bloggs, ou=H1", mods);

ctx.close();

System.out.println(">>> Successfully modified password and closed Context");

:

:




This code fails, giving the error:


LDAP: error code 50 - NDS error: no access (-672)]


However, Joe Bloggs CAN change his password if he logs into Netware/ConsoleOne, so why can't my Java code do the same?



Interestingly, if I replace the security props of the environment to specify a user such as Admin e.g.




env.put(Context.SECURITY_PRINCIPAL, "cn=Admin, o=MYORG");

env.put(Context.SECURITY_CREDENTIALS, "admin_password");



...I can change Joe Blogg's password with no problems.



Any ideas?



Cheers



Richard