/*=======================================*/ /*验证操作不需要ssl验证,创建账号还是加上ssl认证为好*/ /*======================================*/ public class AdUtils { Hashtable env = new Hashtable(); private static String url = "ldap://mydc.antipodes.com:636/"; private static String root = "DC=antipodes,DC=com";// LDAP的根节点 private static String principal = "Administrator";//账号 private static String credentials = "XXXXXXX";//密码 private static String protocol = "ssl";//访问协议 private static String authentication = "simple";//认证模式 env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //初始化验证 env.put(Context.SECURITY_AUTHENTICATION,"simple"); env.put(Context.SECURITY_PRINCIPAL,principal); env.put(Context.SECURITY_CREDENTIALS,credentials); //ssl验证 env.put(Context.PROVIDER_URL, url); env.put(Context.SECURITY_PROTOCOL, protocol); try { // 创建初始化上下文 LdapContext ctx = new InitialLdapContext(env,null); // Create attributes to be associated with the new user Attributes attrs = new BasicAttributes(true); //These are the mandatory attributes for a user object //Note that Win2K3 will automagically create a random //samAccountName if it is not present. (Win2K does not) attrs.put("objectClass","user"); attrs.put("samAccountName","AlbertE"); attrs.put("cn","Albert Einstein"); //These are some optional (but useful) attributes attrs.put("giveName","Albert"); attrs.put("sn","Einstein"); attrs.put("displayName","Albert Einstein"); attrs.put("description","Research Scientist"); attrs.put("userPrincipalName","AlbertE@antipodes.com"); attrs.put("mail","relativity@antipodes.com"); attrs.put("telephoneNumber","999 123 4567"); //some useful constants from lmaccess.h int UF_ACCOUNTDISABLE = 0x0002; int UF_PASSWD_NOTREQD = 0x0020; int UF_PASSWD_CANT_CHANGE = 0x0040; int UF_NORMAL_ACCOUNT = 0x0200; int UF_DONT_EXPIRE_PASSWD = 0x10000; int UF_PASSWORD_EXPIRED = 0x800000; //Note that you need to create the user object before you can //set the password. Therefore as the user is created with no //password, user AccountControl must be set to the following //otherwise the Win2K3 password filter will return error 53 //unwilling to perform. attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE)); // Create the context Context result = ctx.createSubcontext(userName, attrs); System.out.println("Created disabled account for: " + userName); //now that we've created the user object, we can set the //password and change the userAccountControl //and because password can only be set using SSL/TLS //lets use StartTLS StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest()); tls.negotiate(); //set password is a ldap modfy operation //and we'll update the userAccountControl //enabling the acount and force the user to update ther password //the first time they login ModificationItem[] mods = new ModificationItem[2]; //Replace the "unicdodePwd" attribute with a new value //Password must be both Unicode and a quoted string String newQuotedPassword = "\"Password2000\""; byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED))); // Perform the update ctx.modifyAttributes(userName, mods); System.out.println("Set password & updated userccountControl"); //now add the user to a group. try{ ModificationItem member[] = new ModificationItem[1]; member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName)); ctx.modifyAttributes(groupName,member); System.out.println("Added user to group: " + groupName); }catch (NamingException e) { System.err.println("Problem adding user to group: " + e); } //Could have put tls.close() prior to the group modification //but it seems to screw up the connection or context ? tls.close(); ctx.close(); System.out.println("Successfully created User: " + userName); } catch (NamingException e) { System.err.println("Problem creating object: " + e); } catch (IOException e) { System.err.println("Problem creating object: " + e); } }
转载于:https://my.oschina.net/u/1579678/blog/779992