java 通过LDAP 验证、添加、修改、删除
2015-08-27 13:09
651 查看
1. 域服务器(dc=dctest,dc=com),安装证书服务,创建企业根证书,名称为dctest.com
则:cn=dctest.com,dc=dctest,dc=com
2. 申请证书类型域控制器的证书
3. 将企业根证书和域控制器证书导入到应用服务器cacerts
4. 在应用程序中,编写代码引用cacerts认证。
keytool
[java] view
plaincopy
package bof.usermanager.auth.impl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import com.report.service.PropertyItem;
import com.report.vo.OrganizationalUnitDomain;
import com.report.vo.UserDomain;
/**
* 功能:本操作类提供AD域用户的增、删、查、改功能
* 作者:陈艺武
* 日期:2010-4-13
*/
public class LdapADManager {
protected DataSourceConnectLDAPVO transientInstance = null;
/** 用户的objectClass*/
private String default_objectclass = "user";
/**用户的默认根DN*/
private String default_base = "CN=Users,DC=all,DC=com";
/** 用户默认主键*/
private String key_index = "CN";
/** 用户默认密码属性.*/
private String pwd_index = "unicodePwd";
private Control[] connCtls = null;
private static LdapADManager LdapADManager = null;
private LdapADManager(){}
public static LdapADManager getInstance(){
if(LdapADManager==null)
LdapADManager = new LdapADManager();
return LdapADManager;
}
/**
* 从连接池中获取一个连接.
*
* @return LdapContext
* @throws NamingException
*/
public LdapContext getConnectionFromFool() throws NamingException {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
String keystore = "c:/Java/jdk1.6.0_10/jre/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore", keystore);
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.connect.pool", "true");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
//env.put("java.naming.referral", "follow");
env.put(Context.PROVIDER_URL, ldapProperty.getLdapURL());
connCtls = new Control[] { new LdapADManagerControl() };
return new InitialLdapContext(env, connCtls);
}
/**
* 功能:校验用户登录.
* @param userName
* @param password
* @return
*
* 作者:陈艺武
* 日期:Apr 13, 2010
*/
public boolean authenticate(String userName, String password) {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
String userDn = userName + "@" + ldapProperty.getDomain();
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
ctx.getRequestControls();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDn);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
return true;
} catch (AuthenticationException e) {
e.printStackTrace();
return false;
} catch (NamingException e) {
e.printStackTrace();
return false;
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
}
/**
* 功能:获取AD用户列表
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public List listUser(){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
List list = new ArrayList();
LdapContext ctx = null;
UserDomain user=null;
String base = "OU=" + ldapProperty.getBase() + "," + ldapProperty.getDomainDC();
try{
ctx = this.getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapProperty.getUserName() + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, ldapProperty.getPassWord());
//base = "OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
String filter = "(&(objectCategory=person)(objectClass=USER)(name=*))";
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//controls.setReturningAttributes(new String[] {"sAMAccountName", "displayName", "department"});
controls.setReturningAttributes(new String[] {"sAMAccountName", "cn"});
NamingEnumeration<SearchResult> answer = ctx.search(base, filter, controls);
while (answer.hasMore()) {
user=new UserDomain();
SearchResult result = answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
int count=0;
while (attrs.hasMore()) {
Attribute attr = attrs.next();
if(count==0){
user.setUserName(attr.get().toString());
}else{
user.setUserAliasName(attr.get().toString());
}
count++;
}
user.setNameSpace(ldapProperty.getDomain());
list.add(user);
}
}catch(Exception e){
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
return list;
}
/**
* 功能:查询组织单位列表
* @param ouName
* @return
*
* 作者:陈艺武
* 日期:Apr 13, 2010
* 说明:base格式如:"OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
*/
public List listOrganizztionalUnit(String ouName){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
List list = new ArrayList();
LdapContext ctx = null;
OrganizationalUnitDomain ouDomain = null;
String base = "OU=" + ldapProperty.getBase() + "," + ldapProperty.getDomainDC();
try{
ctx = this.getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapProperty.getUserName() + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, ldapProperty.getPassWord());
String filter = "(&(objectClass=organizationalUnit)";
if(ouName!=null&&!ouName.equals(""))
filter = filter + "(name=*" + ouName + "*)";
filter = filter + ")";
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
controls.setReturningAttributes(new String[] {"name"});
NamingEnumeration<SearchResult> answer = ctx.search(base, filter, controls);
while (answer.hasMore()) {
ouDomain = new OrganizationalUnitDomain();
SearchResult result = answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
int count=0;
while (attrs.hasMore()) {
Attribute attr = attrs.next();
if(count==0){
ouDomain.setOuName(attr.get().toString());
}
count++;
}
list.add(ouDomain);
}
}catch(Exception e){
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
return list;
}
/**
* 功能:添加用户
* @param ou 组织单位:中投证券,销售部门
* @param department
* @param realName 真实姓名,如:李伟
* @param userName 用户名,如:administrator
* @param userPwd
* @param adminUser
* @param adminPwd
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public boolean addUser(String ou,String department,String realName, String userName, String adminUser,String adminPwd) {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
Attributes attrs = new BasicAttributes(true);
Attribute objclass = new BasicAttribute("objectclass");
setObjectclassToAttribute(objclass);
attrs.put(objclass);
attrs.put("sAMAccountName", userName);
attrs.put("cn", realName);
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
//String newUser = "CN="+realName+"," + cvtOuString(ou) + "," + ldapProperty.getDomainDC();
String newUser = "CN="+realName+"," + this.getFullOu(ctx, ou) + "," + ldapProperty.getDomainDC();
ctx.createSubcontext(newUser, attrs);
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "/"" + userName + "/"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
ctx.modifyAttributes(newUser, mods);
mods = null;
return true;
} catch (NamingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}finally{
if(ctx != null){
try{
ctx.close();
}catch(NamingException e){
e.printStackTrace();
}
ctx = null;
}
}
return false;
}
/**
* 功能:管理员用户初始化用户密码
* @param sUserName
* @param sNewPassword
* @return
*
* 作者:陈艺武
* 日期:Apr 13, 2010
*/
public boolean adminChangePassword(String adminUser,String adminPwd,String sUserName){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
//不能从应用中修改超级管理员密码
if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
return false;
try {
ctx = getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "/"" + sUserName + "/"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
String cnUser = getUser(ctx,sUserName) + "," + ldapProperty.getDomainDC();
ctx.modifyAttributes(cnUser, mods);
return true;
}catch(Exception e){
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
return false;
}
/**
* 功能:用户修改密码
* @param sUserName
* @param sOldPassword
* @param sNewPassword
* @return
*
* 作者:陈艺武
* 日期:Apr 9, 2010
*/
public boolean userChangePassword(String sUserName, String sOldPassword, String sNewPassword){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
String userNameAndDomain = sUserName + "@" + ldapProperty.getDomain();
//不能从应用中修改超级管理员密码
if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
return false;
try {
ctx = getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userNameAndDomain);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, sOldPassword);
ModificationItem[] mods = new ModificationItem[2];
String oldQuotedPassword = "/"" + sOldPassword + "/"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "/"" + sNewPassword + "/"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
String cnUser = getUser(ctx,sUserName) + "," + ldapProperty.getDomainDC();
ctx.modifyAttributes(cnUser, mods);
return true;
}catch( Exception e){
e.printStackTrace();
}finally{
try{
ctx.close();
}catch(Exception e){
e.printStackTrace();
}
}
return false;
}
/**
* 功能:修改用户信息
* @param attrs
* @param userDN
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public boolean modify(Attributes attrs, String userDN) {
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
attrs.remove(key_index);
ctx.modifyAttributes(userDN, DirContext.REPLACE_ATTRIBUTE, attrs);
return true;
} catch (NamingException e) {
System.err.println("Problem changing password: " + e);
} catch (Exception e) {
System.err.println("Problem: " + e);
} finally {
try {
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return false;
}
/**
* 功能:删除用户
* @param adminUser
* @param adminPwd
* @param userDN 用户登陆名
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public boolean del(String adminUser,String adminPwd,String userName) {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
String adUser = getUser(ctx,userName) + "," + ldapProperty.getDomainDC();
ctx.destroySubcontext(adUser);
return true;
} catch (NamingException e) {
System.err.println("Problem changing password: " + e);
} catch (Exception e) {
System.err.println("Problem: " + e);
} finally {
try {
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return false;
}
private void setObjectclassToAttribute(Attribute objclass){
objclass.add("top");
objclass.add("person");
objclass.add("organizationalPerson");
objclass.add("inetorgperson");
}
private String getUser(LdapContext ctx,String usr){
String userName = "";
String filter = "sAMAccountName="+usr;
SearchResult si = getSearchResult(ctx,filter);
if(si!=null)
userName = si.getName();
return userName;
}
private String getFullOu(LdapContext ctx,String ou){
String userName = "";
String filter = "(&(objectClass=organizationalUnit)(name=" + ou + "))";
SearchResult si = getSearchResult(ctx,filter);
if(si!=null)
userName = si.getName();
return userName;
}
private SearchResult getSearchResult(LdapContext ctx,String filter){
SearchResult si = null;
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
try {
SearchControls constraints = new SearchControls();
co<mce:script type="text/javascript" src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js" mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js"></mce:script><mce:script type="text/javascript" src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js" mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js"></mce:script>nstraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration en = ctx.search(ldapProperty.getDomainDC(), filter , constraints); // 查询所有用户
while(en!= null&&en.hasMoreElements()){
Object obj = en.nextElement();
if (obj instanceof SearchResult) {
si = (SearchResult)obj;
break;
}
}
}catch (NamingException ex) {
ex.printStackTrace();
}
return si;
}
}
class LdapADManagerControl implements Control {
public byte[] getEncodedValue() {
return null;
}
public String getID() {
return "1.2.840.113556.1.4.1781";
}
public boolean isCritical() {
return true;
}
}
则:cn=dctest.com,dc=dctest,dc=com
2. 申请证书类型域控制器的证书
3. 将企业根证书和域控制器证书导入到应用服务器cacerts
4. 在应用程序中,编写代码引用cacerts认证。
keytool
[java] view
plaincopy
package bof.usermanager.auth.impl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import com.report.service.PropertyItem;
import com.report.vo.OrganizationalUnitDomain;
import com.report.vo.UserDomain;
/**
* 功能:本操作类提供AD域用户的增、删、查、改功能
* 作者:陈艺武
* 日期:2010-4-13
*/
public class LdapADManager {
protected DataSourceConnectLDAPVO transientInstance = null;
/** 用户的objectClass*/
private String default_objectclass = "user";
/**用户的默认根DN*/
private String default_base = "CN=Users,DC=all,DC=com";
/** 用户默认主键*/
private String key_index = "CN";
/** 用户默认密码属性.*/
private String pwd_index = "unicodePwd";
private Control[] connCtls = null;
private static LdapADManager LdapADManager = null;
private LdapADManager(){}
public static LdapADManager getInstance(){
if(LdapADManager==null)
LdapADManager = new LdapADManager();
return LdapADManager;
}
/**
* 从连接池中获取一个连接.
*
* @return LdapContext
* @throws NamingException
*/
public LdapContext getConnectionFromFool() throws NamingException {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
String keystore = "c:/Java/jdk1.6.0_10/jre/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore", keystore);
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.connect.pool", "true");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
//env.put("java.naming.referral", "follow");
env.put(Context.PROVIDER_URL, ldapProperty.getLdapURL());
connCtls = new Control[] { new LdapADManagerControl() };
return new InitialLdapContext(env, connCtls);
}
/**
* 功能:校验用户登录.
* @param userName
* @param password
* @return
*
* 作者:陈艺武
* 日期:Apr 13, 2010
*/
public boolean authenticate(String userName, String password) {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
String userDn = userName + "@" + ldapProperty.getDomain();
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
ctx.getRequestControls();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDn);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
return true;
} catch (AuthenticationException e) {
e.printStackTrace();
return false;
} catch (NamingException e) {
e.printStackTrace();
return false;
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
}
/**
* 功能:获取AD用户列表
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public List listUser(){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
List list = new ArrayList();
LdapContext ctx = null;
UserDomain user=null;
String base = "OU=" + ldapProperty.getBase() + "," + ldapProperty.getDomainDC();
try{
ctx = this.getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapProperty.getUserName() + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, ldapProperty.getPassWord());
//base = "OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
String filter = "(&(objectCategory=person)(objectClass=USER)(name=*))";
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//controls.setReturningAttributes(new String[] {"sAMAccountName", "displayName", "department"});
controls.setReturningAttributes(new String[] {"sAMAccountName", "cn"});
NamingEnumeration<SearchResult> answer = ctx.search(base, filter, controls);
while (answer.hasMore()) {
user=new UserDomain();
SearchResult result = answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
int count=0;
while (attrs.hasMore()) {
Attribute attr = attrs.next();
if(count==0){
user.setUserName(attr.get().toString());
}else{
user.setUserAliasName(attr.get().toString());
}
count++;
}
user.setNameSpace(ldapProperty.getDomain());
list.add(user);
}
}catch(Exception e){
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
return list;
}
/**
* 功能:查询组织单位列表
* @param ouName
* @return
*
* 作者:陈艺武
* 日期:Apr 13, 2010
* 说明:base格式如:"OU=北京华融综合投资公司,DC=bjhr,DC=com,DC=cn";
*/
public List listOrganizztionalUnit(String ouName){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
List list = new ArrayList();
LdapContext ctx = null;
OrganizationalUnitDomain ouDomain = null;
String base = "OU=" + ldapProperty.getBase() + "," + ldapProperty.getDomainDC();
try{
ctx = this.getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapProperty.getUserName() + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, ldapProperty.getPassWord());
String filter = "(&(objectClass=organizationalUnit)";
if(ouName!=null&&!ouName.equals(""))
filter = filter + "(name=*" + ouName + "*)";
filter = filter + ")";
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
controls.setReturningAttributes(new String[] {"name"});
NamingEnumeration<SearchResult> answer = ctx.search(base, filter, controls);
while (answer.hasMore()) {
ouDomain = new OrganizationalUnitDomain();
SearchResult result = answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
int count=0;
while (attrs.hasMore()) {
Attribute attr = attrs.next();
if(count==0){
ouDomain.setOuName(attr.get().toString());
}
count++;
}
list.add(ouDomain);
}
}catch(Exception e){
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
return list;
}
/**
* 功能:添加用户
* @param ou 组织单位:中投证券,销售部门
* @param department
* @param realName 真实姓名,如:李伟
* @param userName 用户名,如:administrator
* @param userPwd
* @param adminUser
* @param adminPwd
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public boolean addUser(String ou,String department,String realName, String userName, String adminUser,String adminPwd) {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
Attributes attrs = new BasicAttributes(true);
Attribute objclass = new BasicAttribute("objectclass");
setObjectclassToAttribute(objclass);
attrs.put(objclass);
attrs.put("sAMAccountName", userName);
attrs.put("cn", realName);
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
//String newUser = "CN="+realName+"," + cvtOuString(ou) + "," + ldapProperty.getDomainDC();
String newUser = "CN="+realName+"," + this.getFullOu(ctx, ou) + "," + ldapProperty.getDomainDC();
ctx.createSubcontext(newUser, attrs);
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "/"" + userName + "/"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
ctx.modifyAttributes(newUser, mods);
mods = null;
return true;
} catch (NamingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}finally{
if(ctx != null){
try{
ctx.close();
}catch(NamingException e){
e.printStackTrace();
}
ctx = null;
}
}
return false;
}
/**
* 功能:管理员用户初始化用户密码
* @param sUserName
* @param sNewPassword
* @return
*
* 作者:陈艺武
* 日期:Apr 13, 2010
*/
public boolean adminChangePassword(String adminUser,String adminPwd,String sUserName){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
//不能从应用中修改超级管理员密码
if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
return false;
try {
ctx = getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "/"" + sUserName + "/"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
String cnUser = getUser(ctx,sUserName) + "," + ldapProperty.getDomainDC();
ctx.modifyAttributes(cnUser, mods);
return true;
}catch(Exception e){
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (Exception e){
e.printStackTrace();
}
}
return false;
}
/**
* 功能:用户修改密码
* @param sUserName
* @param sOldPassword
* @param sNewPassword
* @return
*
* 作者:陈艺武
* 日期:Apr 9, 2010
*/
public boolean userChangePassword(String sUserName, String sOldPassword, String sNewPassword){
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
String userNameAndDomain = sUserName + "@" + ldapProperty.getDomain();
//不能从应用中修改超级管理员密码
if(sUserName!=null&&sUserName.equalsIgnoreCase("administrator"))
return false;
try {
ctx = getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userNameAndDomain);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, sOldPassword);
ModificationItem[] mods = new ModificationItem[2];
String oldQuotedPassword = "/"" + sOldPassword + "/"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "/"" + sNewPassword + "/"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,new BasicAttribute("unicodePwd", oldUnicodePassword));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
String cnUser = getUser(ctx,sUserName) + "," + ldapProperty.getDomainDC();
ctx.modifyAttributes(cnUser, mods);
return true;
}catch( Exception e){
e.printStackTrace();
}finally{
try{
ctx.close();
}catch(Exception e){
e.printStackTrace();
}
}
return false;
}
/**
* 功能:修改用户信息
* @param attrs
* @param userDN
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public boolean modify(Attributes attrs, String userDN) {
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
attrs.remove(key_index);
ctx.modifyAttributes(userDN, DirContext.REPLACE_ATTRIBUTE, attrs);
return true;
} catch (NamingException e) {
System.err.println("Problem changing password: " + e);
} catch (Exception e) {
System.err.println("Problem: " + e);
} finally {
try {
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return false;
}
/**
* 功能:删除用户
* @param adminUser
* @param adminPwd
* @param userDN 用户登陆名
* @return
*
* 作者:陈艺武
* 日期:Apr 12, 2010
*/
public boolean del(String adminUser,String adminPwd,String userName) {
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
LdapContext ctx = null;
try {
ctx = getConnectionFromFool();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
String adUser = getUser(ctx,userName) + "," + ldapProperty.getDomainDC();
ctx.destroySubcontext(adUser);
return true;
} catch (NamingException e) {
System.err.println("Problem changing password: " + e);
} catch (Exception e) {
System.err.println("Problem: " + e);
} finally {
try {
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return false;
}
private void setObjectclassToAttribute(Attribute objclass){
objclass.add("top");
objclass.add("person");
objclass.add("organizationalPerson");
objclass.add("inetorgperson");
}
private String getUser(LdapContext ctx,String usr){
String userName = "";
String filter = "sAMAccountName="+usr;
SearchResult si = getSearchResult(ctx,filter);
if(si!=null)
userName = si.getName();
return userName;
}
private String getFullOu(LdapContext ctx,String ou){
String userName = "";
String filter = "(&(objectClass=organizationalUnit)(name=" + ou + "))";
SearchResult si = getSearchResult(ctx,filter);
if(si!=null)
userName = si.getName();
return userName;
}
private SearchResult getSearchResult(LdapContext ctx,String filter){
SearchResult si = null;
PropertyItem ldapProperty = (PropertyItem)AdProperties.getInstance().getPropertyItem().get(0);
try {
SearchControls constraints = new SearchControls();
co<mce:script type="text/javascript" src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js" mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/themes/advanced/langs/zh.js"></mce:script><mce:script type="text/javascript" src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js" mce_src="http://hi.images.csdn.net/js/blog/tiny_mce/plugins/syntaxhl/langs/zh.js"></mce:script>nstraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration en = ctx.search(ldapProperty.getDomainDC(), filter , constraints); // 查询所有用户
while(en!= null&&en.hasMoreElements()){
Object obj = en.nextElement();
if (obj instanceof SearchResult) {
si = (SearchResult)obj;
break;
}
}
}catch (NamingException ex) {
ex.printStackTrace();
}
return si;
}
}
class LdapADManagerControl implements Control {
public byte[] getEncodedValue() {
return null;
}
public String getID() {
return "1.2.840.113556.1.4.1781";
}
public boolean isCritical() {
return true;
}
}
相关文章推荐
- java获取泛型的实际类型
- Struts2笔记——Action校验器
- Struts2笔记——Action校验器
- 多个数组全排列组合(不取重)
- Struts2 静态资源映射
- JAVA根据IP地址获取详细的地域信息
- RxJava 中的map与flatMap
- eclipse乱码解决
- 为什么需要配置path,什么时候需要classpath?
- java-web-j2e学习建议路线
- java 二维码生成和加密base64压码
- Struts2笔记——文件上传
- Struts2笔记——文件上传
- java-常用类
- Struts2笔记——与ServletAPI解耦
- Struts2笔记——与ServletAPI解耦
- java中volatile关键字的含义
- springMVC上传多个文件
- Struts2笔记——通配符和动态方法调用
- Struts2笔记——通配符和动态方法调用