[一]、概述
jldap 官网:http://www.openldap.org/jldap/
可以从官网下载源编译生成jar包,如果项目是用maven构建的,在pom.xml中增加如下内容即可:
<dependency>
<groupId>com.novell.ldap</groupId>
<artifactId>jldap</artifactId>
<version>4.3</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
[二]、基本操作
为了演示基本的操作,需要搭建个LDAP服务,有关openLDAP在windows上的安装配置可参见:http://www.micmiu.com/enterprise-app/sso/openldap-windows-config/ ,我配置好演示用的LDAP基本信息可见客户端截图:
1.查询
java代码:LDAPSearchDemo.java
package com.micmiu.ldap;
import java.io.UnsupportedEncodingException;
import java.util.Enumeration;
import java.util.Iterator;
import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPSearchResults;
import com.novell.ldap.util.Base64;
/**
* 查询条目示例 blog http://www.micmiu.com
*
* @author Michael
*
*/
public class LDAPSearchDemo {
/**
*
* @param args
*/
public static void main(String[] args) {
String ldapHost = "localhost";
String loginDN = "cn=Manager,dc=micmiu,dc=com";
String password = "secret";
String searchBase = "dc=micmiu,dc=com";
String searchFilter = "objectClass=*";
int ldapPort = LDAPConnection.DEFAULT_PORT;
// 查询范围
// SCOPE_BASE、SCOPE_ONE、SCOPE_SUB、SCOPE_SUBORDINATESUBTREE
int searchScope = LDAPConnection.SCOPE_SUB;
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(ldapHost, ldapPort);
lc.bind(LDAPConnection.LDAP_V3, loginDN, password.getBytes("UTF8"));
LDAPSearchResults searchResults = lc.search(searchBase,
searchScope, searchFilter, null, false);
while (searchResults.hasMore()) {
LDAPEntry nextEntry = null;
try {
nextEntry = searchResults.next();
} catch (LDAPException e) {
System.out.println("Error: " + e.toString());
if (e.getResultCode() == LDAPException.LDAP_TIMEOUT
|| e.getResultCode() == LDAPException.CONNECT_ERROR) {
break;
} else {
continue;
}
}
System.out.println("DN =: " + nextEntry.getDN());
System.out.println("|---- Attributes list: ");
LDAPAttributeSet attributeSet = nextEntry.getAttributeSet();
Iterator<LDAPAttribute> allAttributes = attributeSet.iterator();
while (allAttributes.hasNext()) {
LDAPAttribute attribute = allAttributes.next();
String attributeName = attribute.getName();
Enumeration<String> allValues = attribute.getStringValues();
if (null == allValues) {
continue;
}
while (allValues.hasMoreElements()) {
String value = allValues.nextElement();
if (!Base64.isLDIFSafe(value)) {
// base64 encode and then print out
value = Base64.encode(value.getBytes());
}
System.out.println("|---- ---- " + attributeName
+ " = " + value);
}
}
}
} catch (LDAPException e) {
System.out.println("Error: " + e.toString());
} catch (UnsupportedEncodingException e) {
System.out.println("Error: " + e.toString());
} finally {
try {
if (lc.isConnected()) {
lc.disconnect();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
运行结果:
DN =: dc=micmiu,dc=com
|---- Attributes list:
|---- ---- dc = micmiu
|---- ---- o = Michael Blog
|---- ---- objectClass = domain
|---- ---- objectClass = top
DN =: ou=Developer,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- description = Container for developer entries
|---- ---- ou = Developer
|---- ---- objectClass = organizationalUnit
DN =: ou=Tester,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- description = Container for test entries
|---- ---- ou = Tester
|---- ---- objectClass = organizationalUnit
DN =: uid=Michael,ou=Developer,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- userPassword = 111111
|---- ---- labeledURI = http://www.micmiu.com
|---- ---- uid = Michael
|---- ---- sn = Sun
|---- ---- cn = Michael Sun
|---- ---- mail = sjsky007@gmail.com
|---- ---- objectClass = inetOrgPerson
DN =: uid=Miumiu,ou=Tester,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- userPassword = 111111
|---- ---- labeledURI = http://www.micmiu.com
|---- ---- uid = Miumiu
|---- ---- sn = Wu
|---- ---- cn = Miumiu Wu
|---- ---- objectClass = inetOrgPerson
DN =: dc=app1,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- dc = app1
|---- ---- o = Michael Demo
|---- ---- objectClass = domain
DN =: dc=app2,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- dc = app2
|---- ---- o = Michael Demo
|---- ---- objectClass = domain
DN =: ou=Demo,dc=app1,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- description = Container for Demo entries
|---- ---- ou = Developer
|---- ---- ou = Demo
|---- ---- objectClass = organizationalUnit
DN =: ou=Demo,dc=app2,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- description = Container for Demo entries
|---- ---- ou = Developer
|---- ---- ou = Demo
|---- ---- objectClass = organizationalUnit
DN =: uid=michael,ou=Demo,dc=app1,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- userPassword = 111111
|---- ---- labeledURI = http://www.micmiu.com
|---- ---- uid = michael
|---- ---- sn = Sun
|---- ---- cn = Michael Sun
|---- ---- mail = sjsky007@gmail.com
|---- ---- objectClass = inetOrgPerson
DN =: uid=hazel,ou=Demo,dc=app1,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- userPassword = 111111
|---- ---- labeledURI = http://www.micmiu.com
|---- ---- uid = hazel
|---- ---- sn = Wu
|---- ---- cn = Hazel Wu
|---- ---- objectClass = inetOrgPerson
DN =: uid=michael,ou=Demo,dc=app2,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- userPassword = 111111
|---- ---- labeledURI = http://www.micmiu.com
|---- ---- uid = michael
|---- ---- sn = Sun
|---- ---- cn = Michael Sun
|---- ---- mail = sjsky007@gmail.com
|---- ---- objectClass = inetOrgPerson
DN =: uid=hazel,ou=Demo,dc=app2,dc=micmiu,dc=com
|---- Attributes list:
|---- ---- userPassword = 111111
|---- ---- labeledURI = http://www.micmiu.com
|---- ---- uid = hazel
|---- ---- sn = Wu
|---- ---- cn = Hazel Wu
|---- ---- objectClass = inetOrgPerson
查询结果和客户端查询出的信息一致。
2.添加
java代码:LDAPAddEntry.java
package com.micmiu.ldap;
import java.io.UnsupportedEncodingException;
import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
/**
* 添加新条目的示例
* blog http://www.micmiu.com
*
* @author Michael
*
*/
public class LDAPAddEntry {
/**
*
* @param args
*/
public static void main(String[] args) {
String ldapHost = "localhost";
String loginDN = "cn=Manager,dc=micmiu,dc=com";
String password = "secret";
String containerName = "dc=micmiu,dc=com";
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapVersion = LDAPConnection.LDAP_V3;
LDAPConnection lc = new LDAPConnection();
LDAPAttributeSet attributeSet = new LDAPAttributeSet();
attributeSet.add(new LDAPAttribute("objectclass", new String(
"inetOrgPerson")));
attributeSet.add(new LDAPAttribute("cn", "Wukong Sun"));
attributeSet.add(new LDAPAttribute("sn", "Sun"));
attributeSet.add(new LDAPAttribute("mail", "sjsky007@gmail.com"));
attributeSet.add(new LDAPAttribute("labeledURI",
"http://www.micmiu.com"));
attributeSet.add(new LDAPAttribute("userPassword", "111111"));
attributeSet.add(new LDAPAttribute("uid", "addnew"));
String dn = "uid=addnew,ou=Developer,"+containerName;
LDAPEntry newEntry = new LDAPEntry(dn, attributeSet);
try {
lc.connect(ldapHost, ldapPort);
lc.bind(ldapVersion, loginDN, password.getBytes("UTF8"));
System.out.println("login ldap server successfully.");
lc.add(newEntry);
System.out.println("Added object: " + dn + " successfully.");
} catch (LDAPException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
System.out.println("Error: " + e.toString());
} finally {
try {
if (lc.isConnected()) {
lc.disconnect();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
运行结果:
login ldap server successfully. Added object: uid=addnew,ou=Developer,dc=micmiu,dc=com successfully.
客户端刷新后的截图:
3.删除
java代码:LDAPDeleteEntry.java
package com.micmiu.ldap;
import java.io.UnsupportedEncodingException;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
/**
* 删除条目的示例
* blog http://www.micmiu.com
*
* @author Michael
*
*/
public class LDAPDeleteEntry {
/**
* @param args
*/
public static void main(String[] args) {
String ldapHost = "localhost";
String loginDN = "cn=Manager,dc=micmiu,dc=com";
String password = "secret";
String deleteDN = "uid=addnew,ou=Developer,dc=micmiu,dc=com";
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapVersion = LDAPConnection.LDAP_V3;
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(ldapHost, ldapPort);
lc.bind(ldapVersion, loginDN, password.getBytes("UTF8"));
lc.delete(deleteDN);
System.out.println(" delete Entry: " + deleteDN + " success.");
lc.disconnect();
} catch (LDAPException e) {
if (e.getResultCode() == LDAPException.NO_SUCH_OBJECT) {
System.err.println("Error: No such object");
} else if (e.getResultCode() == LDAPException.INSUFFICIENT_ACCESS_RIGHTS) {
System.err.println("Error: Insufficient rights");
} else {
System.err.println("Error: " + e.toString());
}
} catch (UnsupportedEncodingException e) {
System.out.println("Error: " + e.toString());
} finally {
try {
if (lc.isConnected()) {
lc.disconnect();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
运行结果:
delete Entry: uid=addnew,ou=Developer,dc=micmiu,dc=com success.
在刷新客户端后发现刚新增加的条目:addnew 已经被删除了。
4.修改属性
java代码:LDAPAddEntry.java
package com.micmiu.ldap;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPModification;
/**
* 修改操作示例
* blog http://www.micmiu.com
*
* @author Michael
*
*/
public class LDAPModifyAttrs {
/**
* @param args
*/
public static void main(String[] args) {
String ldapHost = "localhost";
String loginDN = "cn=Manager,dc=micmiu,dc=com";
String password = "secret";
String modifyDN = "uid=Michael,ou=Developer,dc=micmiu,dc=com";
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapVersion = LDAPConnection.LDAP_V3;
LDAPConnection lc = new LDAPConnection();
List<LDAPModification> modList = new ArrayList<LDAPModification>();
// Add a new value to the description attribute
String desc = "This object was modified at " + new Date();
LDAPAttribute attribute = new LDAPAttribute("description", desc);
modList.add(new LDAPModification(LDAPModification.ADD, attribute));
attribute = new LDAPAttribute("telephoneNumber", "180-8888-xxxx");
modList.add(new LDAPModification(LDAPModification.ADD, attribute));
// Replace the labeledURI address with a new value
attribute = new LDAPAttribute("labeledURI", "www.micmiu.com");
modList.add(new LDAPModification(LDAPModification.REPLACE, attribute));
// delete the email attribute
attribute = new LDAPAttribute("mail");
modList.add(new LDAPModification(LDAPModification.DELETE, attribute));
LDAPModification[] mods = new LDAPModification[modList.size()];
mods = (LDAPModification[]) modList.toArray(mods);
try {
lc.connect(ldapHost, ldapPort);
lc.bind(ldapVersion, loginDN, password.getBytes("UTF8"));
lc.modify(modifyDN, mods);
System.out
.println("LDAPAttribute add、replace、delete all successful.");
} catch (LDAPException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
System.out.println("Error: " + e.toString());
} finally {
try {
if (lc.isConnected()) {
lc.disconnect();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
修改后客户端查询到的信息截图如下:
5.验证密码
java代码:LDAPVerifyPassword.java
package com.micmiu.ldap;
import java.io.UnsupportedEncodingException;
import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
/**
* 验证密码的示例
* blog http://www.micmiu.com
*
* @author Michael
*
*/
public class LDAPVerifyPassword {
/**
* @param args
*/
public static void main(String[] args) {
String ldapHost = "localhost";
String loginDN = "cn=Manager,dc=micmiu,dc=com";
String password = "secret";
String verifyDN = "uid=Michael,ou=Developer,dc=micmiu,dc=com";
String verifyPassword = "111111";
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapVersion = LDAPConnection.LDAP_V3;
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(ldapHost, ldapPort);
lc.bind(ldapVersion, loginDN, password.getBytes("UTF8"));
LDAPAttribute attr = new LDAPAttribute("userPassword",
verifyPassword);
boolean correct = lc.compare(verifyDN, attr);
System.out.println(correct ? "The password is correct.^_^"
: "The password is incorrect.!!!");
} catch (LDAPException e) {
e.printStackTrace();
if (e.getResultCode() == LDAPException.NO_SUCH_OBJECT) {
System.err.println("Error: No such entry");
} else if (e.getResultCode() == LDAPException.NO_SUCH_ATTRIBUTE) {
System.err.println("Error: No such attribute");
} else {
System.err.println("Error: " + e.toString());
}
} catch (UnsupportedEncodingException e) {
System.err.println("Error: " + e.toString());
} finally {
try {
if (lc.isConnected()) {
lc.disconnect();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
运行结果:
The password is correct.^_^
验证密码成功。
—-