maven
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
<dependency>
<groupId>com</groupId>
<artifactId>jespa</artifactId>
<version>1.1.21</version>
</dependency>
application.properties
spring.ldap.base-environment.java.naming.security.protocol=ssl spring.ldap.base-environment.java.naming.ldap.factory.socket=jespa.http.DummySSLSocketFactory spring.ldap.base-environment.java.naming.ldap.attributes.binary=objectGUID spring.ldap.urls=ldaps://ldap.xxx.com:636 spring.ldap.base= spring.ldap.username= spring.ldap.password=
objectGUID
public class Utils {
public static List<?> getGUID(List<?> objectGUIDs) {
if (CollectionUtils.isEmpty(objectGUIDs)) {
return Lists.newArrayList();
}
List<String> guidStrList = new ArrayList<>(objectGUIDs.size());
for (Object objectGUID : objectGUIDs) {
String guid = encodeGUID((byte[]) objectGUID);
guidStrList.add(guid);
}
return guidStrList;
}
// public static List<?> getSID(List<?> objectSIDs) {
// if (CollectionUtils.isEmpty(objectSIDs)) {
// return Lists.newArrayList();
// }
// List<String> sidStrList = new ArrayList<>(objectSIDs.size());
// for (Object objectSID : objectSIDs) {
// String sid = LdapUtils.convertBinarySidToString((byte[]) objectSID);
// sidStrList.add(sid);
// }
// return sidStrList;
// }
public static String encodeGUID(byte[] objectGUID) {
StringBuilder displayStr = new StringBuilder();
displayStr.append(prefixZeros(objectGUID[3]));
displayStr.append(prefixZeros(objectGUID[2]));
displayStr.append(prefixZeros(objectGUID[1]));
displayStr.append(prefixZeros(objectGUID[0]));
displayStr.append("-");
displayStr.append(prefixZeros(objectGUID[5]));
displayStr.append(prefixZeros(objectGUID[4]));
displayStr.append("-");
displayStr.append(prefixZeros(objectGUID[7]));
displayStr.append(prefixZeros(objectGUID[6]));
displayStr.append("-");
displayStr.append(prefixZeros(objectGUID[8]));
displayStr.append(prefixZeros(objectGUID[9]));
displayStr.append("-");
displayStr.append(prefixZeros(objectGUID[10]));
displayStr.append(prefixZeros(objectGUID[11]));
displayStr.append(prefixZeros(objectGUID[12]));
displayStr.append(prefixZeros(objectGUID[13]));
displayStr.append(prefixZeros(objectGUID[14]));
displayStr.append(prefixZeros(objectGUID[15]));
//59fa250d-b71b-4d79-b9e6-11f947b45c46 8f403c49-ce96-485e-a250-4577db7d55c2
return displayStr.toString();
}
public static byte[] decodeGUID(String guid) {
byte[] objectGUID = new byte[16];
int index = 0;
objectGUID[3] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[2] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[1] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[0] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
index += 1;
objectGUID[5] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[4] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
index += 1;
objectGUID[7] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[6] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
index += 1;
objectGUID[8] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[9] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
index += 1;
objectGUID[10] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[11] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[12] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[13] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[14] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
objectGUID[15] = Integer.decode("0x" + guid.substring(index, index += 2)).byteValue();
return objectGUID;
}
private static String prefixZeros(int value) {
return String.format("%02x", value & 0xFF);
}
public static String ldapSearchGUID(String tmpGUID) {
tmpGUID = tmpGUID.replace("-", "");
tmpGUID = tmpGUID.replace("{", "");
tmpGUID = tmpGUID.replace("}", "");
StringBuilder octetStr = new StringBuilder();
octetStr.append("\\").append(tmpGUID, 6, 8);
octetStr.append("\\").append(tmpGUID, 4, 6);
octetStr.append("\\").append(tmpGUID, 2, 4);
octetStr.append("\\").append(tmpGUID, 0, 2);
octetStr.append("\\").append(tmpGUID, 10, 12);
octetStr.append("\\").append(tmpGUID, 8, 10);
octetStr.append("\\").append(tmpGUID, 14, 16);
octetStr.append("\\").append(tmpGUID, 12, 14);
for (int i = 16; i < 32; i += 2) {
octetStr.append("\\").append(tmpGUID, i, i + 2);
}
return octetStr.toString();
}
public static void main(String[] args) {
String guid = "59fa250d-b71b-4d79-b9e6-11f947b45c46";
System.out.println(guid);
byte[] objectGUID = decodeGUID(guid);
System.out.println(encodeGUID(objectGUID));
}
}
操作
public String getObjectGUIDByDn(LdapUser ldapUser) {
Name dn = buildDn(ldapUser.getCommonName(), ldapUser.getOu());
log.info("ldap getObjectGUIDByDn, {}", ldapUser);
try {
String objectGUID = ldapTemplate.lookup(dn, new ContextMapper<String>() {
@Override
public String mapFromContext(Object ctx) throws NamingException {
DirContextAdapter context = (DirContextAdapter) ctx;
byte[] objectGUIDBytes = (byte[]) context.getAttributes().get("objectGUID").get();
return Utils.encodeGUID(objectGUIDBytes);
}
});
log.info("objectGUID:{}, ldap getObjectGUIDByDn end.", objectGUID);
return objectGUID;
} catch (NameNotFoundException e) {
log.info("ldapUser not found.{}", ldapUser);
return null;
}
}
// 创建
public void createUserByDn(LdapUser ldapUser) {
Name dn = buildDn(ldapUser.getCommonName(), ldapUser.getOu());
DirContextAdapter context = new DirContextAdapter(dn);
context.setAttributeValue("objectclass", OBJECT_CLASS_USER);
context.setAttributeValue("sn", ldapUser.getSurname());
context.setAttributeValue("givenName", ldapUser.getGivenName());
context.setAttributeValue("sAMAccountName", ldapUser.getDomainName());
context.setAttributeValue("userPrincipalName", ldapUser.getDomainNameMail());
byte[] unicodePassword = null;
try {
unicodePassword = ("\"" + pwd + "\"").getBytes("UTF-16LE");
} catch (Exception e) {
e.printStackTrace();
}
context.setAttributeValue("unicodePwd", unicodePassword);
context.setAttributeValue("userAccountControl", USER_ACCOUNT_NORMAL);
log.info("ldap createUserByDn, {}", ldapUser);
ldapTemplate.bind(context);
log.info("ldap createUser end.");
}
// 修改密码
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", unicodePassword));
ldapTemplate.modifyAttributes(name, mods);
public void modifyUserByGUID(LdapUser ldapUser) {
DirContextOperations context = generateDirContextOperations(ldapUser);
String oldCn = context.getStringAttribute("cn");
String oldOu = context.getStringAttribute("ou");
mapToContext(ldapUser, context);
context.setAttributeValue("userAccountControl", USER_ACCOUNT_NORMAL);
log.info("ldap modifyUserByGUID, {}", ldapUser);
ldapTemplate.modifyAttributes(context);
log.info("ldap modifyUserByGUID end.");
if (!Objects.equals(ldapUser.getCommonName(), oldCn) || !Objects.equals(ldapUser.getOu(), oldOu)) {
Name oldDn = buildDn(oldCn, oldOu);
Name newDn = buildDn(ldapUser.getCommonName(), ldapUser.getOu());
log.info("ldap modifyUserByGUID rename, old:{}, new:{}", oldDn, newDn);
ldapTemplate.rename(oldDn, newDn);
log.info("ldap modifyUserByGUID rename end.");
}
}
/**
* 根据objectGUID获取
*
* @param ldapUser
* @return
*/
private DirContextOperations generateDirContextOperations(LdapUser ldapUser) {
DirContextOperations context =
ldapTemplate.searchForContext(query().filter("(&(objectCategory=person)(objectclass=user)(objectGUID="
+ Utils.ldapSearchGUID(ldapUser.getObjectGUID()) + "))"));
return context;
}
private Name buildDn(String commonName, String ou) {
return LdapNameBuilder.newInstance(ou).add("CN", commonName).build();
}
public void deleteUserByDn(LdapUser ldapUser) {
log.info("ldap deleteUserByDn, {}", ldapUser);
ldapTemplate.unbind(buildDn(ldapUser.getCommonName(), ldapUser.getOu()));
log.info("ldap deleteUserByDn end.");
}
总结
1、添加maven依赖
2、ssl访问
3、objectGUID配置成binary
4、一套复杂操作获取objectGUID
5、根据objectGUID获取DirContextOperations
6、密码创建
7、单独修改密码
8、rename来调整dn
9、unbind删除