知识大全 JNDI 连接Windows Active Directory&nb
Posted 内容
篇首语:男儿欲遂平生志,六经勤向窗前读。本文由小常识网(cha138.com)小编为大家整理,主要介绍了知识大全 JNDI 连接Windows Active Directory&nb相关的知识,希望对你有一定的参考价值。
JNDI 连接Windows Active Directory&nb 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容,让我们赶快一起来看一下吧!
这编主要是描述 Java JNDI 连 Windows Active Directory 的教程 包括认证 新增用户 修改密码 及 取得用户资料 作者原文:开始教程: 建立 IIS SSL 将 CA Certificate 加入至 jre keystore 里 JNDI 连 AD 建立 IIS SSL:Install Windows Server:Install AD:Start > Run > dcpromotedomain name : joeyta DOT localNT domain name : joeytaserver即 Fully Qualified Domain Name (FQDN) 为 joeytaserver joeyta DOT local先安装 IIS 再安装 CA Install IIS:Start > Programs > Administrative Tools > Configure Your Server Wizard >> Next > Next > Application server (IIS ASP NET) > Next进入 表示安装成功 Install CA:Start > Settings > Control Panel > Add or Remove Programs >> Add/Remove Windows Components选择 Certificate Services > Next 选择 Enterprise root CA > Next Common name for this CA: testca > Next进入 表示安装成功 Generating a Certificate Signing Request:Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager >> Internet Information Services > (local puter) > Web Sites > > 右键点选 Default Web Site > Properties选择 Directory Security > Server Certificate >> Create a new certificate > Prepare the request now but send it later一直按 Next 需要注意的是 Common name 必须为 joeyserver joeyta local 这是给使用者连 ssl 的 website 最后产生 certificate request file 预设为 c:\\certreq txtRequest a certificate on CA:进入 按 Request a certificate > advanced certificate request > Submit a certificate request by using a base encoded CMC or PKCS# file or submit a renewal request by using a base encoded PKCS# file使用 notepad 打开 c:\\certreq txt copy c:\\certreq txt 内容贴至 Saved Request:Certificate Template 选择 Web Server 按 Submit然后点选 Download certificate 将 certnew cer 储存至 c:\\certnew cerInstalling a Certificate:Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager >> Internet Information Services > (local puter) > Web Sites > > 右键点选 Default Web Site > Properties选择 Directory Security > Server Certificate >> Process the pending request and install the certificate > NextPath and file name: c:\\certnew cer > NextSSL port this web site should use: > Next > Next > Finish 将 CA Certificate 加入至 jre keystore 里:进入 点选 Download a CA certificate certificate chain or CRL点选 Download CA certificate 然后下载并改名为 c:\\testca_cert cer然后执行 mand:c:\\temp>keytool import alias testca_cert file /testca_cert cer keystore /jdk _ /jre/lib/security/cacerts storepass changeit 出现 Trusted this certificate? 按 y 即新增成功
JNDI 连 AD:
/***************************** LDAPFastBind java *****************/package test ldap;import java io IOException;import java io UnsupportedEncodingException;import java util Hashtable;import javax naming AuthenticationException;import javax naming Context;import javax naming NamingEnumeration;import javax naming NamingException;import javax naming directory Attribute;import javax naming directory Attributes;import javax naming directory BasicAttribute;import javax naming directory BasicAttributes;import javax naming directory DirContext;import javax naming directory ModificationItem;import javax naming directory SearchControls;import javax naming directory SearchResult;import javax naming ldap Control;import javax naming ldap InitialLdapContext;import javax naming ldap LdapContext;import javax naming ldap StartTlsRequest;import javax naming ldap StartTlsResponse;class FastBindConnectionControl implements Control public byte[] getEncodedValue() return null; public String getID() return ; public boolean isCritical() return true; public class LDAPFastBind public Hashtable env = null; public LdapContext ctx = null; public Control[] connCtls = null; public LDAPFastBind(String ldapurl) env = new Hashtable(); env put(Context INITIAL_CONTEXT_FACTORY sun jndi ldap LdapCtxFactory ); env put(Context SECURITY_AUTHENTICATION simple ); env put(Context PROVIDER_URL ldapurl); env put(Context SECURITY_PROTOCOL ssl ); String keystore = /jdk _ /jre/lib/security/cacerts ; System setProperty( ssl trustStore keystore); connCtls = new Control[] new FastBindConnectionControl() ; // first time we initialize the context no credentials are supplied // therefore it is an anonymous bind try ctx = new InitialLdapContext(env connCtls); catch (NamingException e) System out println( Naming exception + e); public boolean Authenticate(String username String password) try ctx addToEnvironment(Context SECURITY_PRINCIPAL username); ctx addToEnvironment(Context SECURITY_CREDENTIALS password); ctx reconnect(connCtls); System out println(username + is authenticated ); return true; catch (AuthenticationException e) System out println(username + is not authenticated ); System out println(e); return false; catch (NamingException e) System out println(username + is not authenticated ); System out println(e); return false; public void finito() try ctx close(); System out println( Context is closed ); catch (NamingException e) System out println( Context close failure + e); public void printUserAccountControl() try // Create the search controls SearchControls searchCtls = new SearchControls(); // Specify the search scope searchCtls setSearchScope(SearchControls SUBTREE_SCOPE); // specify the LDAP search filter //String searchFilter = (&(objectClass=user)(CN=test)) ; //String searchFilter = (&(objectClass=group)) ; String searchFilter = (&(objectClass=user)(CN=peter lee)) ; // Specify the Base for the search String searchBase = DC=joeyta DC=local ; // initialize counter to total the group members int totalResults = ; // Specify the attributes to return String returnedAtts[] = givenName mail ; searchCtls setReturningAttributes(returnedAtts); // Search for objects using the filter NamingEnumeration answer = ctx search(searchBase searchFilter searchCtls); // Loop through the search results while (answer hasMoreElements()) SearchResult sr = (SearchResult) answer next(); System out println( >>> + sr getName()); // Print out the groups Attributes attrs = sr getAttributes(); if (attrs != null) try for (NamingEnumeration ae = attrs getAll(); ae hasMore();) Attribute attr = (Attribute) ae next(); System out println( Attribute: + attr getID()); for (NamingEnumeration e = attr getAll(); e hasMore(); totalResults++) System out println( + totalResults + + e next()); catch (NamingException e) System err println( Problem listing membership: + e); System out println( Total attrs: + totalResults); catch (NamingException e) System err println( Problem searching directory: + e);
public boolean adminChangePassword(String sUserName String sNewPassword) try //set password is a ldap modfy operation ModificationItem[] mods = new ModificationItem[ ]; //Replace the unicdodePwd attribute with a new value //Password must be both Unicode and a quoted string String newQuotedPassword = \\ + sNewPassword + \\ ; byte[] newUnicodePassword = newQuotedPassword getBytes( UTF LE ); mods[ ] = new ModificationItem(DirContext REPLACE_ATTRIBUTE new BasicAttribute( unicodePwd newUnicodePassword)); // Perform the update ctx modifyAttributes(sUserName mods); System out println( Reset Password for: + sUserName); return true; catch (NamingException e) System out println( Problem resetting password: + e); catch (UnsupportedEncodingException e) System out println( Problem encoding password: + e); return false; public boolean userChangePassword(String sUserName String sOldPassword String sNewPassword) try //StartTlsResponse tls=//(StartTlsResponse)ctx extendedOperation(new StartTlsRequest()); //tls negotiate(); //change password is a single ldap modify operation //that deletes the old password and adds the new password ModificationItem[] mods = new ModificationItem[ ]; //Firstly delete the unicdodePwd attribute using the old password //Then add the new password Passwords must be both Unicode and a quoted string String oldQuotedPassword = \\ + sOldPassword + \\ ; byte[] oldUnicodePassword = oldQuotedPassword getBytes( UTF LE ); String newQuotedPassword = \\ + sNewPassword + \\ ; byte[] newUnicodePassword = newQuotedPassword getBytes( UTF LE ); mods[ ] = new ModificationItem(DirContext REMOVE_ATTRIBUTE new BasicAttribute( unicodePwd oldUnicodePassword)); mods[ ] = new ModificationItem(DirContext ADD_ATTRIBUTE new BasicAttribute( unicodePwd newUnicodePassword)); // Perform the update ctx modifyAttributes(sUserName mods); System out println( Changed Password for: + sUserName); //tls close(); return true; catch (NamingException e) System err println( Problem changing password: + e); catch (UnsupportedEncodingException e) System err println( Problem encoding password: + e); catch ( Exception e) System err println( Problem: + e); return false; public boolean createNewUser(String sGroupName String sUserName) try // Create attributes to be associated with the new user Attributes attrs = new BasicAttributes(true); //These are the mandatory attributes for a user object //Note that Win K will automagically create a random //samAccountName if it is not present (Win K does not) attrs put( objectClass user ); attrs put( sAMAccountName AlanT ); attrs put( cn Alan Tang ); //These are some optional (but useful) attributes attrs put( givenName Alan ); attrs put( sn Tang ); attrs put( displayName Alan Tang ); attrs put( description Engineer ); attrs put( userPrincipalName alan AT joeyta local ); attrs put( mail alang AT mail joeyta DOT local ); attrs put( telephoneNumber ); //some useful constants from lmaccess h int UF_ACCOUNTDISABLE = x ; int UF_PASSWD_NOTREQD = x ; int UF_PASSWD_CANT_CHANGE = x ; int UF_NORMAL_ACCOUNT = x ; int UF_DONT_EXPIRE_PASSWD = x ; int UF_PASSWORD_EXPIRED = x ; //Note that you need to create the user object before you can //set the password Therefore as the user is created with no //password user AccountControl must be set to the following //otherwise the Win K password filter will return error //unwilling to perform attrs put( userAccountControl Integer toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE)); // Create the context Context result = ctx createSubcontext(sUserName attrs); System out println( Created disabled account for: + sUserName); //now that we ve created the user object we can set the //password and change the userAccountControl //and because password can only be set using SSL/TLS //lets use StartTLS //StartTlsResponse tls = (StartTlsResponse)ctx extendedOperation(new StartTlsRequest()); //tls negotiate(); //set password is a ldap modfy operation //and we ll update the userAccountControl //enabling the acount and force the user to update ther password //the first time they login ModificationItem[] mods = new ModificationItem[ ]; //Replace the unicdodePwd attribute with a new value //Password must be both Unicode and a quoted string String newQuotedPassword = \\ P AT ssw rd\\ ; byte[] newUnicodePassword = newQuotedPassword getBytes( UTF LE ); mods[ ] = new ModificationItem(DirContext REPLACE_ATTRIBUTE new BasicAttribute( unicodePwd newUnicodePassword)); mods[ ] = new ModificationItem(DirContext REPLACE_ATTRIBUTE new BasicAttribute( userAccountControl Integer toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED))); // Perform the update ctx modifyAttributes(sUserName mods); System out println( Set password & updated userccountControl ); //now add the user to a group
try ModificationItem member[] = new ModificationItem[ ]; member[ ]= new ModificationItem(DirContext ADD_ATTRIBUTE new BasicAttribute( member sUserName)); ctx modifyAttributes(sGroupName member); System out println( Added user to group: + sGroupName); catch (NamingException e) System err println( Problem adding user to group: + e); //Could have put tls close() prior to the group modification //but it seems to screw up the connection or context ? //tls close(); System out println( Successfully created User: + sUserName); return true; catch (NamingException e) System err println( Problem creating object: + e); catch (IOException e) System err println( Problem creating object: + e); return false; public boolean addUserToGroup(LdapContext ctx String userDN String groupDN) try ModificationItem[] mods = new ModificationItem[ ]; mods[ ] = new ModificationItem(DirContext ADD_ATTRIBUTE new BasicAttribute( member userDN)); ctx modifyAttributes(groupDN mods); System out println( Added user + userDN + to group + groupDN); return true; catch (NamingException ne) System err println( Problem add user to group: + ne); return false; public boolean removeUserFromGroup(LdapContext ctx String userDN String groupDN) try ModificationItem[] mods = new ModificationItem[ ]; mods[ ] = new ModificationItem(DirContext REMOVE_ATTRIBUTE new BasicAttribute( member userDN)); ctx modifyAttributes(groupDN mods); System out println( Remove user + userDN + from group + groupDN); return true; catch (NamingException ne) System err println( Problem remove user from group: + ne); return false; /***************************** LDAPFastBind java *****************/
/***************************** LDAPClient java *****************/package test ldap;class LDAPClient public static void main(String[] args) // Could also use ldaps over port to protect the munication to // the // Active Directory domain controller Would also need to add // env put(Context SECURITY_PROTOCOL ssl ) to the server code //String ldapurl = ldap://joeyserver joeyta local: ; String ldapurl = ldap://joeyserver joeyta local: ; LDAPFastBind ctx = new LDAPFastBind(ldapurl); String sAdminUserName = CN=Administrator CN=Users DC=joeyta DC=local ; String sAdminPassword = I@mRoot ; // String sUserName = CN=peter lee CN=Users DC=joeyta DC=local ; String sUserName = joeyta\\\\peter ; // String sUserName = peter@joeyta local ; String sOldPassword = P@ssw rd ; String sNewPassword = P@$$w rd ; String sNewUserName = CN=Alan Tang CN=Users DC=joyeta DC=local ; String sNewGroupName = CN=test CN=Users DC=joeyta DC=local ; boolean IsAuthenticated = ctx Authenticate(sAdminUserName sAdminPassword); // boolean IsAuthenticated = ctx Authenticate(sUserName sOldPassword); ctx printUserAccountControl(); ctx createNewUser(sNewGroupName sNewUserName); //boolean IsAdminSuccessChangePWD = //ctx adminChangePassword(sUserName sNewPassword); //boolean IsUserSuccessChangePWD = //ctx userChangePassword(sUserName sOldPassword sNewPassword); ctx finito(); /***************************** LDAPClient java *****************/
参考资料:;id= &sty= &tpg= &age= a?forumID= &start= cha138/Article/program/Java/hx/201311/27091相关参考
知识大全 windows7宽带连接成功但是本地连接无Internet访问要怎么办
windows7宽带连接成功但是本地连接无Internet访问要怎么办?详细(是选择公用网络/家庭网络?还是工作网络 以下文字资料是由(本站网www.cha138.co
知识大全 Windows下PHP与SQL Server的连接
Windows下PHP与SQLServer的连接 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容,让我们赶快一起来看一下吧!
知识大全 windows优化系统后oracle9i本地连接失败
我们使用的系统是windows经过优化后oracle数据库出现了问题本地客户端不能连接但远程连接是没有问题的 经过检查原来是oracle的TNSListener服务没有起动用服务起动或者ne
知识大全 Windows200364位下ASP无法连接Access数据库
Windows200364位下ASP无法连接Access数据库 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容,让我们赶快一起来
知识大全 用手机oppo连接wifi后,再用usb连接电脑windows7后 怎样让电脑分享手机的wi
用手机oppo连接wifi后,再用usb连接电脑windows7后怎样让电脑分享手机的wi台式电脑用手机上的WIFI上网的步骤:1、在手机上打开WIFI并连接,并用USB线连接电脑。2、在手机上选择U
<!使用连接池获得连接JNDI javanamedriinterfacejava命名目录接口>
JNDIConnection池化 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容,让我们赶快一起来看一下吧! JNDI(Jav
Tomcat5.5下的Jndi的配置实例 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容,让我们赶快一起来看一下吧! JNDI
知识大全 在家里手机能连上CMCC,电脑连接的时候就显示windows无法连接到隐藏网络是什么情况?求大神解决方法,win7
在家里手机能连上CMCC,电脑连接的时候就显示windows无法连接到隐藏网络是什么情况?求大神解决方法,win7 以下文字资料是由(本站网www.cha138.com
Hibernate的JNDI绑定分析 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容,让我们赶快一起来看一下吧! Hibern