很多在创建用户时,直接要求将用户置为可用,即设置userAccountControl参数,但是此时数据会报错:javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A1248, problem 5003 (WILL_NOT_PERFORM), data 0
服务器不执行此操作,需要加入unicodePwd属性,确保正确编码,以下为代码
package com.devops.devopsauth.ad.util;
import com.devops.devopscommon.exception.ServerException;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.*;
import javax.naming.ldap.InitialLdapContext;
import java.util.Hashtable;
/**
* 工具类,处理AD相关的用户操作
* 并置为final不允许继承变更
**/
@Slf4j
@Component
public final class ADUserUtil {
private DirContext dc = null;
@Value("${devops.app.ad.root}")
private String root;
@Value("${devops.app.ad.adminName}")
private String adminName;
@Value("${devops.app.ad.adminPassword}")
private String adminPassword;
@Value("${devops.app.ad.ldapURL}")
private String ldapURL;
@Value("${devops.app.ad.keystore}")
private String keystore;
public void getDirContext() throws ServerException {
// ladp的一些配置
Hashtable env = new Hashtable();
log.info(keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, ldapURL);
try {
// 初始化ldapcontext
dc = new InitialLdapContext(env, null);
}catch (Exception e) {
log.error("AD域服务连接认证失败",