JNDI 连接Windows Active Directory 教程

http://www.matrix.org.cn/resource/article/2007-03-05/JNDI+AD_ea943628-cab3-11db-b4f4-dd5a5e123c5c.html

 

http://www.javaworld.com.tw/jute/post/view?bid=7&id=164710&sty=1&tpg=1&age=0

 

JNDI, Active Directory, Paging and Range Retrieval
JNDI, Active Directory, Referrals and Global Catalog
JNDI, Active Directory (Creating new users & demystifying userAccountControl)
JNDI, Active Directory & Changing Passwords
JNDI, Active Directory and Group Memberships
JNDI, Active Directory and objectGUID's
JNDI, Active Directory and SID's (Security Identifiers)
JNDI, Active Directory and Error codes
JNDI, Active Directory and Server Side Sorting
JNDI, Active Directory & Persistent Searches (part 1)
JNDI, Active Directory and Persistent Searches (part 2)
Sample code demonstrating a search for disabled accounts.
JNDI, Active Directory and User Account status (account expired, locked)
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)

 

 

 

 

 

 

 

 

 

 

 jndi sun的教程

http://java.sun.com/developer/technicalArticles/Programming/jndi/index.html

 

 

用ldap方式访问AD域的的错误解释

用ldap方式访问AD域的的错误一般会如下格式：
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
其中红字部分的意思如下：
525 - 用户没有找到
52e - 证书不正确
530 - not permitted to logon at this time
532 - 密码期满
533 - 帐户不可用
701 - 账户期满
773 - 用户必须重设密码

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import java.util.Enumeration;

public class ADOperTest {
  public ADOperTest() {
  }

  public void GetADInfo() {
    Hashtable HashEnv = new Hashtable();

    String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址
    //String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名
    String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法：domain\User 或 User@domain.com
    adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法：domain\User 或 User@domain.com
    String adminPassword = "chenzuooaup02"; //密码

    HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别
    HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User
    HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password
    HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类
    HashEnv.put(Context.PROVIDER_URL, LDAP_URL);

    try {
      LdapContext ctx = new InitialLdapContext(HashEnv, null);
      SearchControls searchCtls = new SearchControls(); //Create the search controls
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope

      String searchFilter = "objectClass=User"; //specify the LDAP search filter
      //String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter

      String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点
      int totalResults = 0;

      //Specify the attributes to return
      //String returnedAtts[] = {"memberOf"};//定制返回属性
      String returnedAtts[] = {
          "url", "whenChanged", "employeeID", "name", "userPrincipalName",
          "physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",
          "homePhone", "mobile", "department", "sAMAccountName", "whenChanged",
          "mail"}; //定制返回属性

      searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集

      //Search for objects using the filter
      NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);

      while (answer.hasMoreElements()) {
        SearchResult sr = (SearchResult) answer.next();
        System.out.println("************************************************");
        System.out.println(sr.getName());

        Attributes Attrs = sr.getAttributes();
        if (Attrs != null) {
          try {
            for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {
              Attribute Attr = (Attribute) ne.next();

              System.out.println("  AttributeID=" + Attr.getID().toString());

              //读取属性值
              for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {
                System.out.println("    AttributeValues=" + e.next().toString());
              }
              System.out.println("    ---------------");

              //读取属性值
              Enumeration values = Attr.getAll();
              if (values != null) { // 迭代
                while (values.hasMoreElements()) {
                  System.out.println("    AttributeValues=" + values.nextElement());
                }
              }
              System.out.println("    ---------------");
            }
          }
          catch (NamingException e) {
            System.err.println("Throw Exception : " + e);
          }
        }
      }
      System.out.println("Number: " + totalResults);
      ctx.close();
    }

    catch (NamingException e) {
      e.printStackTrace();
      System.err.println("Throw Exception :  " + e);
    }
  }

  public static void main(String args[]) {
    ADOperTest ad = new ADOperTest();
    ad.GetADInfo();
  }
}

 

备注：

  使用LADP访问AD，注意用户名的写法：domain\User 或 User@domain.com。

  如用户名不正确，则可能会出现如下异常：

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece