JavaJAVA通过LDAP+SSL(证书)实现用户和组织(部门)增删改查
公共代码,可以根据自己的需求将日志更改
dn:CN=xxx,OU=xxx,DC=xxx,DC=com
cn:就是DN的CN的值xxx
package test;
import java.io.Serializable;
/**
* ad用户属性
*
* @author chenmd
* @date 2020/5/9
* @version 1.0
*
*/
public class AdUser implements Serializable {
/**
*
*/
private static final long serialVersionUID = 6648591000684940318L;
// 常用名
private String cn;
// 用户登录名(Windows 2000 以前版本)(W)
private String sAMAccountName;
// 用户登录名(U)
private String name;
// 姓(L)
private String sn;
//
private String userAccountControl;
// 电话号码(T)
private String telephoneNumber;
// 名(F)
private String givenName;
// 描述(D)
private String description;
// 显示名称(S)
private String displayName;
// 电子邮件(M)
private String mail;
// 密码
private String unicodePwd;
//标识名
//CN=xx,OU=xx,DC=xx,DC=com
private String dn;
//部门 oa组织最后一级
private String department;
public String getCn() {
return cn;
}
public void setCn(String cn) {
this.cn = cn;
}
public String getsAMAccountName() {
return sAMAccountName;
}
public void setsAMAccountName(String sAMAccountName) {
this.sAMAccountName = sAMAccountName;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getSn() {
return sn;
}
public void setSn(String sn) {
this.sn = sn;
}
public String getUserAccountControl() {
return userAccountControl;
}
public void setUserAccountControl(String userAccountControl) {
this.userAccountControl = userAccountControl;
}
public String getTelephoneNumber() {
return telephoneNumber;
}
public void setTelephoneNumber(String telephoneNumber) {
this.telephoneNumber = telephoneNumber;
}
public String getGivenName() {
return givenName;
}
public void setGivenName(String givenName) {
this.givenName = givenName;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getDisplayName() {
return displayName;
}
public void setDisplayName(String displayName) {
this.displayName = displayName;
}
public String getMail() {
return mail;
}
public void setMail(String mail) {
this.mail = mail;
}
public String getUnicodePwd() {
return unicodePwd;
}
public void setUnicodePwd(String unicodePwd) {
this.unicodePwd = unicodePwd;
}
public String getDn() {
return dn;
}
public void setDn(String dn) {
this.dn = dn;
}
public String getDepartment() {
return department;
}
public void setDepartment(String department) {
this.department = department;
}
}
账号和密码方式
/**
* @Description:使用帐户密码登录
* @date 2020-06-02
*/
public void init() {
Properties env = new Properties();
String ldapURL = "ldap://" + host + ":389";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");// LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域帐户密码认证成功");
} catch (Exception e) {
System.out.println("AD域帐户密码认证失败");
e.printStackTrace();
}
}
通过证书连接
/**
* @Description:使用SSl的方式登录
* @date 2020-06-29
*/
public void certinit() {
Properties env = new Properties();
String ldapURL = "ldap://" + host + ":636";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");// LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
String keystore = "D:\\cacerts";
System.setProperty("javax.net.ssl.trustStore", keystore);
env.put(Context.SECURITY_PROTOCOL, "ssl");
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域ssl身份认证成功");
} catch (Exception e) {
System.out.println("AD域ssl身份认证失败");
e.printStackTrace();
}
}
问题来了,证书怎么导入呢???
证书导入
打开cmd ,根据自己的jdk位置,例如证书放在D:\chenmd.cer
D:\Program Files\MyEclipse\Common\binary\com.sun.java.jdk.win32.x86_64_1.6.0.013\bin
PS:可以在指定地址栏直接输入cmd
keytool -import -keystore ..\jre\lib\security\cacerts -storepass changeit -keypass changeit -alias chenmd-file D:\chenmd.cer
PS两个证书都要导入
证书的导出可以参照我写的
JAVA通过LDAP+SSL(证书)实现用户和组织(部门)增删改查(AD域证书导出)
用户的增删改查
新增(实现新增的同时将密码也设置上去)
/**
* @Description:新增AD域用户
* @date 2020-06-02
*/
public boolean add(AdUser user) {
boolean flag = false;
try {
Attributes attrs = new BasicAttributes(true);
// 对象类 取值person, organizationalPerson, user
attrs.put("objectClass", "user");
// 用户登录名(Windows 2000 以前版本)(W)
attrs.put("samAccountName", user.getsAMAccountName());
// 用户登录名(U)
attrs.put("userPrincipalName", user.getsAMAccountName() + domain);
attrs.put(
"userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD
+ UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
// 电话号码(T)
attrs.put("telephoneNumber", user.getTelephoneNumber());
// 显示名称(S)
attrs.put("displayName", user.getDisplayName());
// 描述(D)
attrs.put("description", user.getDescription());
// 电子邮件(M)
attrs.put("mail", user.getsAMAccountName() + domain);
// 名(F)
attrs.put("givenName", user.getGivenName());
// //
// attrs.put("name",user.getName());
// 部门
attrs.put("department", user.getDepartment());
// 姓(L)
attrs.put("sn", user.getSn());
dc.createSubcontext(user.getDn(), attrs);
System.out.println("新增AD域用户成功:" + user.getCn());
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "\"" + user.getUnicodePwd() + "\"";
byte[] newUnicodePassword;
try {
newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT
+ UF_PASSWORD_EXPIRED)));
dc.modifyAttributes(user.getDn(), mods);
flag = true;
} catch (UnsupportedEncodingException e1) {
e1.printStackTrace();
return flag;
}
} catch (Exception e) {
e.printStackTrace();
System.out.println("新增AD域用户失败:" + user.getCn());
return flag;
}
return flag;
}
修改
/**
* @Description:修改AD域用户属性
* @date 2020-06-02
*/
public void updateUser(AdUser user) {
if (user == null || user.getDn() == null
|| user.getDn().length() <= 0) {
return;
}
// 修改的属性
List<ModificationItem> mList = new ArrayList<ModificationItem>();
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("sn", user.getSn())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("telephoneNumber", user
.getTelephoneNumber())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("givenName", user.getGivenName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("displayName", user.getDisplayName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("description", user.getDescription())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("department", user.getDepartment())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("description", user.getDescription())));
if (mList.size() > 0) {
// 集合转为数组
ModificationItem[] mArray = new ModificationItem[mList.size()];
for (int i = 0; i < mList.size(); i++) {
mArray[i] = mList.get(i);
}
try {
dc.modifyAttributes(user.getDn(), mArray);
System.out.println("修改AD域用户属性成功");
} catch (NamingException e) {
System.err.println("修改AD域用户属性失败");
e.printStackTrace();
}
}
}
删除
/**
* @Description:删除AD域用户
* @date 2020-06-02
*/
public void deleteUser(String dn) {
try {
dc.destroySubcontext(dn);
System.out.println("删除AD域用户成功:" + dn);
} catch (Exception e) {
System.out.println("删除AD域用户失败:" + dn);
e.printStackTrace();
}
}
组织的新增
/**
* 创建组织单元
*
* @param newUserName
*/
public void createOU(String newUserName) {
try {
BasicAttributes attrsbu = new BasicAttributes();
BasicAttribute objclassSet = new BasicAttribute("objectclass");
objclassSet.add("top");
objclassSet.add("organizationalUnit");
attrsbu.put(objclassSet);
attrsbu.put("ou", newUserName);
attrsbu.put("description", newUserName);
dc.createSubcontext("ou=" + newUserName + "," + root, attrsbu);
} catch (Exception e) {
e.printStackTrace();
System.out.println("新增AD域用户失败:" + newUserName);
}
}
组织的修改
/**
* @Description:重命名OU
* @date 2020-06-02
* @author chenmd
*/
public boolean renameOU(String oldDN, String newDN) {
try {
dc.rename(oldDN, newDN);
System.out.println("重命名OU成功");
return true;
} catch (NamingException ne) {
System.out.println("重命名OU失败");
ne.printStackTrace();
return false;
}
}
组织的删除
/**
* 只能组织单元为空才可以删除
* @Description:删除OU
* @date 2020-06-02
* @author chenmd
*/
public void deleteOU(String dn) {
try {
dc.destroySubcontext(dn);
System.out.println("删除OU成功:" + dn);
} catch (Exception e) {
System.out.println("删除OU失败:" + dn);
e.printStackTrace();
}
}
循环创建组织
public void createOU(String oaUnit, String description) {
try {
if (oaUnit.indexOf(oldReplace) > -1) {
// 去除根组织,因为根组织名称已被占用,另起炉灶
oaUnit = oaUnit.replace(oldReplace, replace);
}
String arr[] = oaUnit.split("\\.");
BasicAttributes attrsbu = new BasicAttributes();
BasicAttribute objclassSet = new BasicAttribute("objectclass");
objclassSet.add("top");
objclassSet.add("organizationalUnit");
attrsbu.put(objclassSet);
attrsbu.put("description", description);
String result = root;
for (int i = 0; i < arr.length; i++) {
result = "OU=" + arr[i] + "," + result;
try {
attrsbu.put("ou", arr[i]);
dc.createSubcontext(result, attrsbu);
} catch (Exception e) {
System.out.println("新增组织单元域失败:" + result + ",异常信息:"
+ e.getMessage());
}
}
} catch (Exception e) {
e.printStackTrace();
System.out.println("新增组织单元域失败:" + e.getMessage());
}
}
还有很多方法就不在这里一一列出,完整代码会打包放在附件中
📎
235
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
