import java.security.Security;
import com.cordys.cpc.bsf.busobject.BSF;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPSocketFactory;
public class LDAPConfig {
static String LDAP_TO_SERVER = "192.168.100.108";
static String LDAP_TO_PORT = "6366";
static String LDAP_TO_USER = "cn=Directory Manager,o=mydomain.com";
static String LDAP_TO_PWD = "cordys";
public static String authenticatedUsersDn = "cn=authenticated users,cn=cordys,cn=defaultInst,o=mydomain.com";
public static String ownerOrgDn = "o=system,cn=cordys,cn=defaultInst,o=mydomain.com";
public static String orgUserDn = "cn=organizational users,o=system,cn=cordys,cn=defaultInst,o=mydomain.com";
public static String certifiName = "C:/Program Files/OpenText/OpenText Cordys/defaultInst/certificates/truststore/CordysTrustStore.jks";
public final static String SSL_TRUST_STORE = "C:\\Works\\Java\\jdk1.7.0_45\\jre\\lib\\security\\cacerts"; //通过keytool导入JRE库证书
//执行脚本 [keytool -import -trustcacerts -alias laiyifen_dev -keystore "D:\Work\Tool\Java\jdk1.6.0_30\jre\lib\security\cacerts" -file "D:\Work\Workspaces\CordysTest\test\216-dev-cert.cer" -storepass changeit]
private static LDAPConnection connection;
//Cordys调用外部,或者其他LDAP
public static LDAPConnection getOutGatewayLDAPConnection() {
if(connection != null && connection.isConnected()){
return connection;
}else{
connection = null;
}
try {
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.trustStore", certifiName);
//System.setProperty("javax.net.ssl.trustStore", SSL_TRUST_STORE);
LDAPSocketFactory ssf = new LDAPJSSESecureSocketFactory();
LDAPConnection.setSocketFactory(ssf);
connection = new LDAPConnection();
connection.connect(LDAP_TO_SERVER, Integer.parseInt(LDAP_TO_PORT) );
connection.bind(LDAPConnection.LDAP_V3, LDAP_TO_USER, LDAP_TO_PWD.getBytes("UTF8"));
} catch (Exception e) {
System.out.println("ldap连接异常");
e.printStackTrace();
}
return connection;
}
//cordys调用自己的 LDAP
public static LDAPConnection getInnerLDAPConnection()
{
return BSF.getLDAPDirectory().getConnection();
}
}
import java.util.ArrayList;
import java.util.List;
import com.cordys.cpc.bsf.busobject.BusObjectConfig;
import com.cordys.cpc.bsf.busobject.BusObjectIterator;
import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPModification;
import com.novell.ldap.LDAPSearchResults;
public class MLDAP extends MLDAPBase
{
public MLDAP()
{
this((BusObjectConfig)null);
}
public MLDAP(BusObjectConfig config)
{
super(config);
}
public static void Test() throws LDAPException
{
getLDAPEntries() ;
deleteLDAPEntry();
modifyLDAPEntry();
}
public static void addLDAPEntry() throws LDAPException
{
String UName="cyt005";
LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();
LDAPAttributeSet authUsersAttributeSetUser = new LDAPAttributeSet();
authUsersAttributeSetUser.add( new LDAPAttribute("objectclass", new String[]{"top","busauthenticationuser"}));
authUsersAttributeSetUser.add( new LDAPAttribute("cn", UName));
authUsersAttributeSetUser.add( new LDAPAttribute("osidentity", UName));
authUsersAttributeSetUser.add( new LDAPAttribute("description", "It's test"));
authUsersAttributeSetUser.add( new LDAPAttribute("userPassword",UName));
String context =LDAPConfig.ownerOrgDn;
authUsersAttributeSetUser.add( new LDAPAttribute("defaultcontext", context));
String orgDn = "cn=" + UName + "," + LDAPConfig.orgUserDn;
String authenticatedDn = "cn=" + UName + "," + LDAPConfig.authenticatedUsersDn;
LDAPEntry orgEntry = new LDAPEntry(orgDn, authUsersAttributeSetUser);
LDAPEntry authenticatedEntry = new LDAPEntry(authenticatedDn, authUsersAttributeSetUser);
connection.add(orgEntry);
connection.add(authenticatedEntry);
}
public static void deleteLDAPEntry() throws LDAPException
{
LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();
String cn="cn=cyt003,"+LDAPConfig.authenticatedUsersDn;
connection.delete(cn);
}
public static void modifyLDAPEntry() throws LDAPException
{
LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();
String cn="cn=cyt002,"+LDAPConfig.authenticatedUsersDn;
connection.modify(cn, new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("userPassword","cyt_success")));
}
public static void getLDAPEntries() throws LDAPException
{
List<LDAPEntry> list=new ArrayList();
LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();
LDAPSearchResults results=connection.search(LDAPConfig.authenticatedUsersDn, LDAPConnection.SCOPE_ONE, "cn=Think",null, false);
while(results.hasMore())
{
LDAPEntry entry=results.next();
LDAPAttribute DSAttribute=entry.getAttribute("description");
String DSValue=DSAttribute.getStringValue();
//...
list.add(entry);
}
}
}
如图: LDAPAttribute 的属性 如下图所示:
附加内容: 如果是想修改Cordys的密码,可以调用Cordys自带的WebService
SetPasswordForUserOperation |
This Web service operation enables administrator to change the password of other users.
SOAP Request
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Body>
<SetPasswordForUser xmlns="http://schemas.cordys.com/user/password/1.0">
<Username>PARAMETER</Username>
<NewPassword>PARAMETER</NewPassword>
</SetPasswordForUser>
</SOAP:Body>
</SOAP:Envelope>
Request Parameters
Parameter | Description |
---|---|
Username | The user for which the new password is set. |
NewPassword | The new password of the user, in plain-text. |
==============================================================================================================================
COSUtil.java
package com.synale.cordys.soa.util;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import com.eibus.util.system.Native;
import com.synale.cordys.common.util.BaseUtil;
/**
* 利用Cordys内部自带的Class操作 SOA 报文
*/
public class CSOAUtil extends BaseUtil{
private static final String SHA1 = "SHA1";
private static final String MD5 = "MD5";
private static final String SHA1_prefix = "{"+SHA1+"}";
private static final String MD5_prefix = "{"+MD5+"}";
public static String hashNative(String password,String algorithm, String prefixKey, boolean useDefaultEncoding)
{
try
{
MessageDigest digest = MessageDigest.getInstance(algorithm);
if(useDefaultEncoding) {
digest.update(password.getBytes());
} else {
for(char c : password.toCharArray()) {
digest.update((byte) (c>>8));
digest.update((byte) c);
}
}
byte[] digestedPassword = digest.digest();
byte[] encodedDigested = Native.encodeBinBase64(digestedPassword, digestedPassword.length);
return prefixKey + new String(encodedDigested);
}
catch (NoSuchAlgorithmException ne)
{
return password;
}
}
/**
* 利用Cordys LDAP是利用SHA1的加密方式 不可逆的
*/
public static String generateSHA1Password(String plainPassword) {
return hashNative(plainPassword, SHA1, SHA1_prefix, false);
}
}
LDAPUtil.java
package com.synale.cordys.soa.util;
import java.util.List;
import com.cordys.cpc.bsf.busobject.BSF;
import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPModification;
public class LDAPUtil extends CSOAUtil{
/**
* 根据用户dn删除LDAP上的用户
* @param dn
* @throws Exception
* @author cyt
*/
public static void deleteLDAPEntry(String dn) throws LDAPException
{
LDAPConnection connection= BSF.getLDAPDirectory().getConnection();
connection.delete(dn);
}
/**
* 根据用户dn更新LDAP上的用户信息
* @param dn
* @param List LDAPAttribute
* @throws Exception
* @author cyt
*/
public static void updateLDAPEntry(String dn,List<LDAPAttribute> Attributes ) throws LDAPException
{
LDAPConnection connection=BSF.getLDAPDirectory().getConnection();
for(int i=0;i<Attributes.size();i++)
{
connection.modify(dn, new LDAPModification(LDAPModification.REPLACE,Attributes.get(i)));
}
}
/**
* 根据用户dn更新LDAP上的用户信息
* @param dn
* @param LDAPAttribute
* @throws Exception
* @author cyt
*/
public static void updateLDAPEntry(String dn, String newPassWord ) throws LDAPException
{
newPassWord=generateSHA1Password(newPassWord);
LDAPConnection connection=BSF.getLDAPDirectory().getConnection();
connection.modify(dn, new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("userPassword",newPassWord)));
}
/**
* 根据用户dn更新LDAP上的用户信息
* @param dn
* @param LDAPAttribute
* @throws Exception
* @author cyt
*/
public static void updateLDAPEntry(String dn, LDAPAttribute Attribute ) throws LDAPException
{
LDAPConnection connection=BSF.getLDAPDirectory().getConnection();
connection.modify(dn, new LDAPModification(LDAPModification.REPLACE,Attribute));
}
}
如果要判断 该 dn在LDAP中是否存在 ,则使用 read 方法
/**
* 根据用户dn查看 LDAP上是否存在该dn
* @param dn
* @return true or false
* @author cyt
*/
public static boolean isExistInLDAP(String dn)
{
LDAPConnection connection=BSF.getLDAPDirectory().getConnection();
try {
connection.read(dn);
return true;
} catch (LDAPException e) {
return false;
}
}