Changing password in Active Directory using JNDI

[Christian]

I'm using the following code to change a users own password
public void changeUserPassword (String userDn, String oldPwd, String
newPwd, String pwdClue)
throws EMarketException{
byte[] oldPwdBytes = unicodePassword (oldPwd);
byte[] newPwdBytes = unicodePassword (newPwd);
Attributes att = null;
LdapContext ctx = null;
String attName = "unicodePwd";
try {
ctx = getSecureLdapContext();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDn);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPwd);
att = ctx.getAttributes (userDn);
} catch (Exception e){
se.enea.emarket.util.Log.exception(this.getClass(),
"changeUserPassword", e);
throw new EMarketException (KeyLevel1.SYSTEM,
KeyLevel2.UNEXPECTED, KeyLevel3.LDAP, null, e);
}
Vector v = new Vector();
v.add (new ModificationItem (DirContext.REMOVE_ATTRIBUTE, new
BasicAttribute (attName)));
v.add (new ModificationItem (DirContext.ADD_ATTRIBUTE, new
BasicAttribute (attName, newPwdBytes)));
int mode = (att.get(LDAPConstants.USER_PWD_CLUE) != null?
DirContext.REPLACE_ATTRIBUTE: DirContext.ADD_ATTRIBUTE);
v.add (new ModificationItem (mode, new BasicAttribute
(LDAPConstants.USER_PWD_CLUE, pwdClue == null ||
pwdClue.trim().equals("")?" ":pwdClue)));
//Clear invalid logins
if (att.get(this.VAKTIS_INVALID_LOGIN) != null)
v.add (new ModificationItem (DirContext.REMOVE_ATTRIBUTE, new
BasicAttribute(this.VAKTIS_INVALID_LOGIN)));
ModificationItem[] mods = (ModificationItem[]) v.toArray(new
ModificationItem[v.size()]);
try{
ctx.modifyAttributes (userDn, mods);
} catch (javax.naming.NamingException e){
se.enea.emarket.util.Log.exception(this.getClass(),
"changeUserPassword", e);
throw new EMarketException (KeyLevel1.SYSTEM,
KeyLevel2.UNEXPECTED, KeyLevel3.LDAP, null, e);
}
return;
}

But I get a NoPermissionException:
javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005:
SecErr: DSID-031
90C3D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=chka,OU=users,OU=emarket,DC=extranet,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2744)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2682)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2488)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1290)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:258)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:175)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:164)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:149)
...

What is wrong?

Any help is appreciated.

Thx,
Christian