java 代码
- /**
- *
- */
- package ldap;
- import java.util.Properties;
- import javax.naming.*;
- import javax.naming.ldap.*;
- import javax.naming.directory.*;
- /**
- * @author Keven Chen
- * @version $Revision 1.0 $
- *
- */
- public class AddAdUser {
- private static final String SUN_JNDI_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";
- public static void main(String[] args) throws Exception {
- String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";
- System.setProperty("javax.net.ssl.trustStore", keystore);
- Properties env = new Properties();
- env.put(Context.INITIAL_CONTEXT_FACTORY, SUN_JNDI_PROVIDER);// java.naming.factory.initial
- env.put(Context.PROVIDER_URL, "ldap://192.168.1.32:636");// java.naming.provider.url
- env.put(Context.SECURITY_AUTHENTICATION, "simple");// java.naming.security.authentication
- env.put(Context.SECURITY_PRINCIPAL,
- "cn=Administrator,cn=Users,dc=comwave,dc=com");// java.naming.security.principal
- env.put(Context.SECURITY_CREDENTIALS, "password");// java.naming.security.credentials
- env.put(Context.SECURITY_PROTOCOL, "ssl");
- String userName = "CN=test,CN=Users,DC=comwave,DC=com";
- String groupName = "CN=Domain Admins,CN=Users,DC=comwave,DC=com";
- LdapContext ctx = new InitialLdapContext(env, null);
- // Create attributes to be associated with the new user
- Attributes attrs = new BasicAttributes(true);
- // These are the mandatory attributes for a user object
- // Note that Win2K3 will automagically create a random
- // samAccountName if it is not present. (Win2K does not)
- attrs.put("objectClass", "user");
- attrs.put("sAMAccountName", "test");
- attrs.put("cn", "test");
- // These are some optional (but useful) attributes
- attrs.put("sn", "test");
- attrs.put("displayName", "test");
- attrs.put("description", "测试");
- attrs.put("userPrincipalName", "test@comwave.com");
- attrs.put("mail", "test@comwave.com");
- attrs.put("telephoneNumber", "1234568999");
- // some useful constants from lmaccess.h
- int UF_ACCOUNTDISABLE = 0x0002;
- int UF_PASSWD_NOTREQD = 0x0020;
- int UF_PASSWD_CANT_CHANGE = 0x0040;
- int UF_NORMAL_ACCOUNT = 0x0200;
- int UF_DONT_EXPIRE_PASSWD = 0x10000;
- int UF_PASSWORD_EXPIRED = 0x800000;
- // Note that you need to create the user object before you can
- // set the password. Therefore as the user is created with no
- // password, user AccountControl must be set to the following
- // otherwise the Win2K3 password filter will return error 53
- // unwilling to perform.
- attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT
- + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
- // Create the context
- Context result = ctx.createSubcontext(userName, attrs);
- System.out.println("Created disabled account for: " + userName);
- ModificationItem[] mods = new ModificationItem[2];
- // Replace the "unicdodePwd" attribute with a new value
- // Password must be both Unicode and a quoted string
- String newQuotedPassword = "\"Password2000\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
- new BasicAttribute("unicodePwd", newUnicodePassword));
- mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
- new BasicAttribute("userAccountControl", Integer
- .toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
- // Perform the update
- ctx.modifyAttributes(userName, mods);
- System.out.println("Set password & updated userccountControl");
- // now add the user to a group.
- try {
- ModificationItem member[] = new ModificationItem[1];
- member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
- new BasicAttribute("member", userName));
- ctx.modifyAttributes(groupName, member);
- System.out.println("Added user to group: " + groupName);
- } catch (NamingException e) {
- System.err.println("Problem adding user to group: " + e);
- }
- // Could have put tls.close() prior to the group modification
- // but it seems to screw up the connection or context ?
- ctx.close();
- System.out.println("Successfully created User: " + userName);
- }
- }
java 代码
- /**
- *
- */
- package ldap;
- import java.io.IOException;
- import java.io.UnsupportedEncodingException;
- import java.util.Hashtable;
- import javax.naming.Context;
- import javax.naming.NamingException;
- import javax.naming.directory.BasicAttribute;
- import javax.naming.directory.DirContext;
- import javax.naming.directory.ModificationItem;
- import javax.naming.ldap.InitialLdapContext;
- import javax.naming.ldap.LdapContext;
- import javax.naming.ldap.StartTlsRequest;
- import javax.naming.ldap.StartTlsResponse;
- /**
- * @author Keven Chen
- * @version $Revision 1.0 $
- *
- */
- public class UpdatePasswordTLS {
- public static void main (String[] args)
- {
- Hashtable env = new Hashtable();
- String adminName = "CN=Administrator,CN=Users,DC=comwave,DC=com";
- String adminPassword = "aadsasdfasd";
- String userName = "CN=keven,CN=Users,DC=comwave,DC=com";
- String newPassword = "aaaaaaaa";
- String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";
- System.setProperty("javax.net.ssl.trustStore",keystore);
- //Access the keystore, this is where the Root CA public key cert was installed
- //Could also do this via command line java -Djavax.net.ssl.trustStore....
- //String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts";
- //System.setProperty("javax.net.ssl.trustStore",keystore);
- env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
- //set security credentials, note using simple cleartext authentication
- env.put(Context.SECURITY_AUTHENTICATION,"simple");
- env.put(Context.SECURITY_PRINCIPAL,adminName);
- env.put(Context.SECURITY_CREDENTIALS,adminPassword);
- env.put(Context.SECURITY_PROTOCOL,"ssl");
- //connect to my domain controller
- String ldapURL = "ldap://192.168.1.32:636";
- env.put(Context.PROVIDER_URL,ldapURL);
- try {
- // Create the initial directory context
- LdapContext ctx = new InitialLdapContext(env,null);
- //set password is a ldap modfy operation
- ModificationItem[] mods = new ModificationItem[1];
- //Replace the "unicdodePwd" attribute with a new value
- //Password must be both Unicode and a quoted string
- String newQuotedPassword = "\"" + newPassword + "\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- //注意:如果是当前用户自行修改密码,需要先删除oldpassword,然后在添加新的password
- /*
- ModificationItem[] mods = new ModificationItem[2];
- //Firstly delete the "unicdodePwd" attribute, using the old password
- //Then add the new password,Passwords must be both Unicode and a quoted string
- String oldQuotedPassword = "\"" + sOldPassword + "\"";
- byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
- String newQuotedPassword = "\"" + sNewPassword + "\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
- mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
- // Perform the update
- ctx.modifyAttributes(sUserName, mods);
- */
- mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
- // Perform the update
- ctx.modifyAttributes(userName, mods);
- System.out.println("Reset Password for: " + userName);
- ctx.close();
- }
- catch (NamingException e) {
- System.out.println("Problem resetting password: " + e);
- }
- catch (UnsupportedEncodingException e) {
- System.out.println("Problem encoding password: " + e);
- }
- catch (IOException e) {
- System.out.println("Problem with TLS: " + e);
- }
- }
- }