先连接AD域
@RequestMapping("/adTest")
public static LdapContext getLdapContext() {
Properties properties= new Properties();
String ldapUserName = "admin@domain.com";//AD管理员系统的账号
String ldapPassword = "P@123";//AD管理员系统的password
String ldapIP = "xxx.xx.xx.xx";//ad域的ip地址
String ldapPost = "389";//ad域的port ,默认为389
String ladpSecurityAuthentication = "simple";
String ldapURL = "ldap://" + ldapIP + ":" + ldapPost;// ldap://ip:port
properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");// LDAP工厂类
properties.put(Context.SECURITY_AUTHENTICATION, ladpSecurityAuthentication);//LDAP访问安全级别:"none","simple","strong"
properties.put(Context.SECURITY_PRINCIPAL, ldapUserName);
properties.put(Context.SECURITY_CREDENTIALS, ldapPassword);
properties.put(Context.PROVIDER_URL, ldapURL);
try {
return new InitialLdapContext(properties, null);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
此处注意,安全等级不可选none,不然后续获取用户信息就会权限不够。
然后就可以获取用户信息了
@GetMapping("/getUserInfo")
public static String getUserInfo(String SAMAccountName, String newPassword) throws NamingException {
LdapContext ctx = getLdapContext();
//搜索控制器
SearchControls searchCtls = new SearchControls();
//创建搜索控制器
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//LDAP搜索过滤器类,此处只获取AD域用户,所以条件为用户user或者person均可
//(&(objectCategory=person)(objectClass=user)(name=*))
String searchFilter = "(&(objectCategory=person)(objectClass=user)(SAMAccountName=123))";
//AD域节点结构
String searchBase = "OU=xxx,DC=xxxx,DC=com";
String returnedAtts[] = {"name"}; // 定制返回属性
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration<SearchResult> answer = ctx.search(searchBase, searchFilter,searchCtls);
String result = null;
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
System.out.println("<<<::[" + sr.getName()+"]::>>>>");//返回格式一般是CN=xxxx,OU=xxxx
Attributes Attrs = sr.getAttributes();//得到符合条件的属性集
if (Attrs != null) {
for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore();) {
Attribute Attr = (Attribute) ne.next();//得到下一个属性
System.out.print(Attr.getID().toString() + ":");
String key = Attr.getID().toString();
//读取属性值
for (NamingEnumeration e = Attr.getAll(); e.hasMore();) {
String userInfo = e.next().toString();
System.out.print(userInfo);
result = sr.getName();
}
System.out.println("");
}
}
}
ctx.close();
return result;
}
此处
(&(objectCategory=person)(objectClass=user)(SAMAccountName=123))
是返回用户名为123的用户,如果想返回全部用户,这里可以改为“objectClass=user”就OK。
此处代码是返回123的name,可自行修改代码返回值。
关闭ad域连接
/**
* 关闭AD域服务连接
*/
public static void close(LdapContext lc) {
if (lc != null) {
try {
lc.close();
} catch (NamingException e) {
}
}
}