JAVA使用Ldap操作AD域的方法示例

网友投稿 683 2023-01-08


JAVA使用Ldap操作AD域的方法示例

项目上遇到的需要在集成 操作域用户的信息的功能,第一次接触ad域,因为不了解而且网上其他介绍不明确,比较费时,这里记录下。

说明:

(1). 特别注意:java操作查询域用户信息获取到的数据和域管理员在电脑上操作查询的数据可能会存在差异(同一个意思的表示字段,两者可能不同)。

(2). 连接ad域有两个地址: ldap://XXXXX.com:389 和 ldap://XXXXX.com:636(SSL)。

(3). 端口389用于一般的连接,例如登录,查询等非密码操作,端口636安全性较高,用户密码相关操作,例如修改密码等。

(4).  域控可能有多台服务器,之间数据同步不及时,可能会导致已经修改的数据被覆盖掉,这个要么域控缩短同步的时间差,要么同时修改每一台服务器的数据。

1. 389登录

// 只要不抛出异常就是验证通过

public LdapContext adLogin(jsONObject json) {

String username = json.getString("username");

String password = json.getString("password");

String server = "ldap://XXXXXXX.com:389";

try {

Hashtable env = new Hashtable();

//用户名称,cn,ou,dc 分别:用户,组,域

env.put(Context.SECURITY_PRINCIPAL, username);

//用户密码 cn 的密码

env.put(Context.SECURITY_CREDENTIALS, password);

//url 格式:协议://ip:端口/组,域 ,直接连接到域或者组上面

env.put(Context.PROVIDER_URL, server);

//LDAP 工厂

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

//验证的类型 "none", "simple", "strong"

env.put(Context.SECURITY_AUTHENTICATION, "simple");

LdapContext ldapContext = new InitialLdapContext(env, null);

log.info("ldapContext:" + ldapContext);

log.info("用户" + username + "登录验证成功");

return ldapContext;

} catch (NamingException e) {

log.info("用户" + username + "登录验证失败");

log.info("错误信息:"+e.getExplanation());

return null;

}

}

2. 636登录验证(需要导入证书)

//证书提前倒入的Java库中

// 参考:https://cnblogs.com/moonson/p/4454159.html

LdapContext adLoginSSL(JSONObject json) {

String username = json.getString("username");

String password = json.getString("password");

Hashtable env = new Hashtable();

String javaHome = System.getProperty("java.home");

String keystore = javaHome+"/lib/security/cacerts";

log.info("java.home,{}",keystore);

    // 加载导入jdk的域证书

System.setProperty("javax.net.ssl.trustStore", keystore);

System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

String LDAP_URL = "ldap://XXXXXX.com:636"; // LDAP访问地址

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.SECURITY_PROTOCOL, "ssl");//链接认证服务器

env.put(Context.PROVIDER_URL, LDAP_URL);

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, username);

env.put(Context.SECURITY_CREDENTIALS, password);

try {

LdapContext ldapContext = new InitialLdapContext(env, null);

log.info("认证成功");// 这里可以改成异常抛出。

return ldapContext;

} catch (javax.naming.AuthenticationException e) {

log.info("认证失败:{}",e.getMessage());

} catch (Exception e) {

log.info("认证出错:{}",e.getMessage());

}

return null;

}

3. 查询域用户信息

public List getUserKey(JSONObject json){

JSONObject admin = new JSONObject();

admin.put("username","Aaaaa");

admin.put("password", "bbbbbbbb");

String name = json.getString("name");

log.info("需要查询的ad信息:{}",name);

List resultList = new JSONArray();

LdapContext ldapContext = adLogin(admin); //连接到域控

if (ldapContext!=null){

String company = "";

String result = "";

try {

// 域节点

String searchBase = "DC=XXXXXXX,DC=com";

// LDAP搜索过滤器类

//cn=*name*模糊查询

         //cn=name 精确查询

          // String searchFilter = "(objectClass="+type+")";

String searchFilter = "(sAMAccountName="+name+")"; //查询域帐号

// 创建搜索控制器

SearchControls searchCtls = new SearchControls();

String returnedAtts[]={"description","sAMAccountName","userAccountControl"};

searchCtls.setReturningAttributes(returnedAtts); //设置指定返回的字段,不设置则返回全部

// 设置搜索范围 深度

searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

// 根据设置的域节点、过滤器类和搜索控制器搜索LDAP得到结果

NamingEnumeration answer = ldapContext.search(searchBase, searchFilter,searchCtls);

// 初始化搜索结果数为0

int totalResults = 0;

int rows = 0;

while (answer.hasMoreElements()) {// 遍历结果集

SearchResult sr = (SearchResult) answer.next();// 得到符合搜索条件的DN

++rows;

String dn = sr.getName();

log.info(dn);

Attributes Attrs = sr.getAttributes();// 得到符合条件的属性集

if (Attrs != null) {

try {

for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore();) {

Attribute Attr = (Attribute) ne.next();// 得到下一个属性

// 读取属性值

for (NamingEnumeration e = Attr.getAll(); e.hasMore(); totalResults++) {

company = e.next().toString();

JSONObject tempJson = new JSONObject();

tempJson.put(Attr.getID(), company.toString());

resultList.add(tempJson);

}

}

} catch (NamingException e) {

log.info("Throw Exception : " + e.getMessage());

}

}

}

log.info("总共用户数:" + rows);

} catch (NamingException e) {

log.info("Throw Exception : " + e.getMessage());

}finally {

try{

ldapContext.close();

}catch (Exception e){

e.printStackTrace();

}

}

}

return resultList;

}

4. 重置用户密码

// 管理员重置用户密码,后强制用户首次登录修改密码

public Map updateAdPwd(JSONObject json) {

String dn = json.getString("dn");//要修改的帐号(这个dn是查询的用户信息里的dn的值,而不是域账号)

String password = json.getString("password");//新密码

JSONObject admin = new JSONObject();

admin.put("username","aaaaaaa");

admin.put("password", "bbbbbbb");

Map map = new HashMap();

LdapContext ldapContext = adLoginSSL(admin); //连接636端口域

ModificationItem[] mods = new ModificationItem[2];

if (ldapContext!=null){

try {

String newQuotedPassword = "\"" + password + "\"";

byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

// unicodePwd:修改的字段,newUnicodePassword:修改的值

mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,

new BasicAttribute("unicodePwd", newUnicodePassword));

mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,

new BasicAttribute("pwdLastSet", "0")); // 首次登录必须修改密码

// 修改密码

ldapContext.modifyAttributes(dn, mods);

map.put("result", "S");

map.put("message","成功");

}catch (Exception e){

map.put("result","E");

map.put("message", "无法重置密码");

}finally {

try{

ldapContext.close();

}catch (Exception e){

e.printStackTrace();

}

}

}else {

log.info("");

map.put("result","E");

map.put("message", "验证失败");

}

return map;

}

5. 域账号解锁

// 表示锁定的字段需要测试,不一定这个lockoutTime

public Map deblocking(JSONObject json) {

JSONObject admin = new JSONObject();

String dn = json.getString("dn"); //被解锁的帐号(这个dn指的是查询用户信息里的dn的值,不是域账号)

admin.put("username","aaaaaa");

admin.put("password","bbbbbb");

Map map = new HashMap();

LdapContext ldapContext = adLogin(admin);

ModificationItem[] mods = new ModificationItem[1];

if (ldapContext!=null){

try {

      // "0" 表示未锁定,不为0表示锁定

mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,

new BasicAttribute("lockoutTime","0"));

// 解锁域帐号

ldapContext.modifyAttributes(dn, mods);

map.put("result", "S");

map.put("message","成功");

}catch (Exception e){

map.put("result","E");

map.put("message", "解锁失败");

}finally {

try{

ldapContext.close();

}catch (Exception e){

e.printStackTrace();

}

}

}else {

map.put("result","E");

map.put("message", "验证失败");

}

return map;

}

Java通过Ldap操作AD的增删改查询

package com.smnpc.util;

import java.util.Hashtable;

import java.util.Vector;

import javax.naming.Context;

import javax.naming.NamingEnumeration;

import javax.naming.NamingException;

import javax.naming.directory.Attribute;

import javax.naming.directory.Attributes;

import javax.naming.directory.BasicAttribute;

import javax.naming.directory.BasicAttributes;

import javax.naming.directory.DirContext;

import javax.naming.directory.InitialDirContext;

import javax.naming.directory.ModificationItem;

import javax.naming.directory.SearchControls;

import javax.naming.directory.SearchResult;

import javax.naming.ldap.LdapContext;

/**

* Java通过Ldap操作AD的增删该查询

* @author guob

*/

public class LdapbyUser {

DirContext dc = null;

String root = "dc=example,dc=com"; // LDAP的根节点的DC

/**

*

* @param dn类似于"CN=RyanHanson,dc=example,dc=com"

* @param employeeID是Ad的一个员工号属性

*/

public LdapbyUser(String dn,String employeeID) {

init();

// add();//添加节点

// delete("ou=hi,dc=example,dc=com");//删除"ou=hi,dc=example,dc=com"节点

// renameEntry("ou=new,o=neworganization,dc=example,dc=com","ou=neworganizationalUnit,o=neworganization,dc=example,dc=com");//重命名节点"ou=new,o=neworganization,dc=example,dc=com"

// searchInformation("dc=example,dc=com", "", "sAMAccountName=guob");//遍历所有根节点

modifyInformation(dn,employeeID);//修改

// Ldapbyuserinfo("guob");//遍历指定节点的分节点

close();

}

/**

*

* Ldap连接

*

* @return LdapContext

*/

public void init() {

Hashtable env = new Hashtable();

String LDAP_URL = "ldap://xxxx:389"; // LDAP访问地址

String adminName = "example\\user"; // 注意用户名的写法:domain\User或

String adminPassword = "userpassword"; // 密码

env.put(Context.INITIAL_CONTEXT_FACTORY,

"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, LDAP_URL);

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, adminName);

env.put(Context.SECURITY_CREDENTIALS, adminPassword);

try {

dc = new InitialDirContext(env);// 初始化上下文

System.out.println("认证成功");// 这里可以改成异常抛出。

} catch (javax.naming.AuthenticationException e) {

System.out.println("认证失败");

} catch (Exception e) {

System.out.println("认证出错:" + e);

}

}

/**

* 添加

*/

public void add(String newUserName) {

try {

BasicAttributes attrs = new BasicAttributes();

BasicAttribute objclassSet = new BasicAttribute("objectClass");

objclassSet.add("sAMAccountName");

objclassSet.add("employeeID");

attrs.put(objclassSet);

attrs.put("ou", newUserName);

dc.createSubcontext("ou=" + newUserName + "," + root, attrs);

} catch (Exception e) {

e.printStackTrace();

System.out.println("Exception in add():" + e);

}

}

/**

* 删除

*

* @param dn

*/

public void delete(String dn) {

try {

dc.destroySubcontext(dn);

} catch (Exception e) {

e.printStackTrace();

System.out.println("Exception in delete():" + e);

}

}

/**

* 重命名节点

*

* @param oldDN

* @param newDN

* @return

*/

public boolean renameEntry(String oldDN, String newDN) {

try {

dc.rename(oldDN, newDN);

return true;

} catch (NamingException ne) {

System.err.println("Error: " + ne.getMessage());

return false;

}

}

/**

* 修改

*

* @return

*/

public boolean modifyInformation(String dn,String employeeID) {

try {

System.out.println("updating...\n");

ModificationItem[] mods = new ModificationItem[1];

/* 修改属性 */

// Attribute attr0 = new BasicAttribute("employeeID", "W20110972");

// mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr0);

/* 删除属性 */

// Attribute attr0 = new BasicAttribute("description",

// "陈轶");

// mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,

// attr0);

/* 添加属性 */

Attribute attr0 = new BasicAttribute("employeeID",employeeID);

mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, attr0);

/* 修改属性 */

dc.modifyAttributes(dn+",dc=example,dc=com", mods);

return true;

} catch (NamingException e) {

e.printStackTrace();

System.err.println("Error: " + e.getMessage());

return false;

}

}

/**

* 关闭Ldap连接

*/

public void close() {

if (dc != null) {

try {

dc.close();

} catch (NamingException e) {

System.out.println("NamingException in close():" + e);

}

}

}

/**

* @param base :根节点(在这里是"dc=example,dc=com")

* @param scope :搜索范围,分为"base"(本节点),"one"(单层),""(遍历)

* @param filter :指定子节点(格式为"(objectclass=*)",*是指全部,你也可以指定某一特定类型的树节点)

*/

public void searchInformation(String base, String scope, String filter) {

SearchControls sc = new SearchControls();

if (scope.equals("base")) {

sc.setSearchScope(SearchControls.OBJECT_SCOPE);

} else if (scope.equals("one")) {

sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);

} else {

sc.setSearchScope(SearchControls.SUBTREE_SCOPE);

}

NamingEnumeration ne = null;

try {

ne = dc.search(base, filter, sc);

// Use the NamingEnumeration object to cycle through

// the result set.

while (ne.hasMore()) {

System.out.println();

SearchResult sr = (SearchResult) ne.next();

String name = sr.getName();

if (base != null && !base.equals("")) {

System.out.println("entry: " + name + "," + base);

} else {

System.out.println("entry: " + name);

}

Attributes at = sr.getAttributes();

NamingEnumeration ane = at.getAll();

while (ane.hasMore()) {

Attribute attr = (Attribute) ane.next();

String attrType = attr.getID();

NamingEnumeration values = attr.getAll();

Vector vals = new Vector();

// Another NamingEnumeration object, this time

// to iterate through attribute values.

while (values.hasMore()) {

Object oneVal = values.nextElement();

if (oneVal instanceof String) {

System.out.println(attrType + ": " + (String) oneVal);

} else {

System.out.println(attrType + ": " + new String((byte[]) oneVal));

}

}

}

}

} catch (Exception nex) {

System.err.println("Error: " + nex.getMessage());

nex.printStackTrace();

}

}

/**

* 查询

*

* @throws NamingException

*/

public void Ldapbyuserinfo(String userName) {

// Create the search controls

SearchControls searchCtls = new SearchControls();

// Specify the search scope

searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

// specify the LDAP search filter

String searchFilter = "sAMAccountName=" + userName;

// Specify the Base for the search 搜索域节点

String searchBase = "DC=example,DC=COM";

int totalResults = 0;

String returnedAtts[] = { "url", "whenChanged", "employeeID", "name",

"userPrincipalName", "physicalDeliveryOfficeName",

"departmentNumber", "telephoneNumber", "homePhone", "mobile",

"department", "sAMAccountName", "whenChanged", "mail" }; // 定制返回属性

searchCtls.setReturningAttributes(returnedAtts); // 设置返回属性集

// searchCtls.setReturningAttributes(null); // 不定制属性,将返回所有的属性集

try {

NamingEnumeration answer = dc.search(searchBase, searchFilter,

searchCtls);

if (answer == null || answer.equals(null)) {

System.out.println("answer is null");

} else {

System.out.println("answer not null");

}

while (answer.hasMoreElements()) {

SearchResult sr = (SearchResult) answer.next();

System.out

.println("************************************************");

System.out.println("getname=" + sr.getName());

Attributes Attrs = sr.getAttributes();

if (Attrs != null) {

try {

for (NamingEnumeration ne = Attrs.getAll(); ne

.hasMore();) {

Attribute Attr = (Attribute) ne.next();

System.out.println("AttributeID="

+ Attr.getID().toString());

// 读取属性值

for (NamingEnumeration e = Attr.getAll(); e

.hasMore(); totalResults++) {

String user = e.next().toString(); // 接受循环遍历读取的userPrincipalName用户属性

System.out.println(user);

}

// System.out.println(" ---------------");

// // 读取属性值

// Enumeration values = Attr.getAll();

// if (values != null) { // 迭代

// while (values.hasMoreElements()) {

// System.out.println(" 2AttributeValues="

// + values.nextElement());

// }

// }

// System.out.println(" ---------------");

}

} catch (NamingException e) {

System.err.println("Throw Exception : " + e);

}

}

}

System.out.println("Number: " + totalResults);

} catch (Exception e) {

e.printStackTrace();

System.err.println("Throw Exception : " + e);

}

}

/**

* 主函数用于测试

* @param args

*/

public static void main(String[] args) {

new LdapbyUser("CN=RyanHanson","bbs.it-home.org");

}

}


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:接口自动化框架图纸怎么看(自动化接口测试框架搭建)
下一篇:子类实现接口之后类名报错(子类必须实现接口的所有方法吗)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~