1、获取windows AD域用户信息,首先需要有一个ad域管理员权限的账号,用这个账号连接ad域,获取所有域用户信息
用LdapContext,它继承自DirContext
public Object getAllAdUserNames() { List<String> list = new ArrayList<>(); String username = "lisi@ad.com"; String password = "123@abc.com"; String url = "ldap://192.168.44.40:389"; //使用ldap协议连接windows ad域,缺省端口是389 Hashtable env = new Hashtable(); env.put(Context.SECURITY_AUTHENTICATION, "simple");//"none","simple","strong" env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, url); env.put(Context.SECURITY_PRINCIPAL, username); env.put(Context.SECURITY_CREDENTIALS, password); NamingEnumeration results = null; try { LdapContext ctx = new InitialLdapContext(env,null); SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); String searchFilter = "(&(objectCategory=person)(objectClass=user)(name=*))"; String searchBase = "DC=ad,DC=com"; // String returnedAtts[] = {"memberOf"};
//获取登录名,samaccountname是兼容windows2000以前系统的(如:lisi),userprincipalname是带域名的登录名(如:lisi@ad.com)
String returnedAtts[] = { "samaccountname", "userprincipalname"}; searchControls.setReturningAttributes(returnedAtts); NamingEnumeration<SearchResult> result = ctx.search(searchBase,searchFilter,searchControls); while (result.hasMoreElements()) { SearchResult searchResult = (SearchResult) result.next(); list.add(searchResult.getName()); System.out.println("[" + searchResult.getName() + "]"); } ctx.close(); } catch