JNDI Á¬½ÓWindows Active Directory ½Ì³Ì(ת£©

¸öÈËÊÕ²Ø，À´Ô´： http://www.matrix.org.cn/resource/article/2007-03-05/JNDI+AD_ea943628-cab3-11db-b4f4-dd5a5e123c5c.html

http://www.javaworld.com.tw/jute/post/view?bid=7&id=164710&sty=1&tpg=1&age=0
http://forum.java.sun.com/thread.jspa?threadID=716240&tstart=0

java ´úÂë

1. /***************************** LDAPFastBind.java *****************/
2. package test.ldap;
4. import java.io.IOException;
5. import java.io.UnsupportedEncodingException;
6. import java.util.Hashtable;
8. import javax.naming.AuthenticationException;
9. import javax.naming.Context;
10. import javax.naming.NamingEnumeration;
11. import javax.naming.NamingException;
12. import javax.naming.directory.Attribute;
13. import javax.naming.directory.Attributes;
14. import javax.naming.directory.BasicAttribute;
15. import javax.naming.directory.BasicAttributes;
16. import javax.naming.directory.DirContext;
17. import javax.naming.directory.ModificationItem;
18. import javax.naming.directory.SearchControls;
19. import javax.naming.directory.SearchResult;
20. import javax.naming.ldap.Control;
21. import javax.naming.ldap.InitialLdapContext;
22. import javax.naming.ldap.LdapContext;
23. import javax.naming.ldap.StartTlsRequest;
24. import javax.naming.ldap.StartTlsResponse;
26. class FastBindConnectionControl implements Control {
27. public byte[] getEncodedValue() {
28. return null;
29. }
31. public String getID() {
32. return "1.2.840.113556.1.4.1781";
33. }
35. public boolean isCritical() {
36. return true;
37. }
38. }
40. public class LDAPFastBind {
41. public Hashtable env = null;
43. public LdapContext ctx = null;
45. public Control[] connCtls = null;
47. public LDAPFastBind(String ldapurl) {
48. env = new Hashtable();
49. env.put(Context.INITIAL_CONTEXT_FACTORY,
50. "com.sun.jndi.ldap.LdapCtxFactory");
51. env.put(Context.SECURITY_AUTHENTICATION, "simple");
52. env.put(Context.PROVIDER_URL, ldapurl);
54. env.put(Context.SECURITY_PROTOCOL,"ssl");
56. String keystore = "/jdk1.5.0_09/jre/lib/security/cacerts";
57. System.setProperty("javax.net.ssl.trustStore",keystore);
59. connCtls = new Control[] { new FastBindConnectionControl() };
61. // first time we initialize the context, no credentials are supplied
62. // therefore it is an anonymous bind.
64. try {
65. ctx = new InitialLdapContext(env, connCtls);
67. } catch (NamingException e) {
68. System.out.println("Naming exception " + e);
69. }
70. }
72. public boolean Authenticate(String username, String password) {
73. try {
74. ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
75. ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
76. ctx.reconnect(connCtls);
77. System.out.println(username + " is authenticated");
78. return true;
79. }
81. catch (AuthenticationException e) {
82. System.out.println(username + " is not authenticated");
83. System.out.println(e);
84. return false;
85. } catch (NamingException e) {
86. System.out.println(username + " is not authenticated");
87. System.out.println(e);
88. return false;
89. }
90. }
92. public void finito() {
93. try {
94. ctx.close();
95. System.out.println("Context is closed");
96. } catch (NamingException e) {
97. System.out.println("Context close failure " + e);
98. }
99. }
101. public void printUserAccountControl() {
102. try {
104. // Create the search controls
105. SearchControls searchCtls = new SearchControls();
107. // Specify the search scope
108. searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
110. // specify the LDAP search filter
111. //String searchFilter = "(&(objectClass=user)(CN=test))";
112. //String searchFilter = "(&(objectClass=group))";
113. String searchFilter = "(&(objectClass=user)(CN=peter lee))";
115. // Specify the Base for the search
116. String searchBase = "DC=joeyta,DC=local";
118. // initialize counter to total the group members
119. int totalResults = 0;
121. // Specify the attributes to return
122. String returnedAtts[] = { "givenName", "mail" };
123. searchCtls.setReturningAttributes(returnedAtts);
125. // Search for objects using the filter
126. NamingEnumeration answer = ctx.search(searchBase, searchFilter,
127. searchCtls);
129. // Loop through the search results
130. while (answer.hasMoreElements()) {
131. SearchResult sr = (SearchResult) answer.next();
133. System.out.println(">>>" + sr.getName());
135. // Print out the groups
137. Attributes attrs = sr.getAttributes();
138. if (attrs != null) {
140. try {
141. for (NamingEnumeration ae = attrs.getAll(); ae
142. .hasMore();) {
143. Attribute attr = (Attribute) ae.next();
144. System.out.println("Attribute: " + attr.getID());
145. for (NamingEnumeration e = attr.getAll(); e
146. .hasMore(); totalResults++) {
148. System.out.println(" " + totalResults + ". "
149. + e.next());
150. }
152. }
154. } catch (NamingException e) {
155. System.err.println("Problem listing membership: " + e);
156. }
158. }
159. }
161. System.out.println("Total attrs: " + totalResults);
163. }
165. catch (NamingException e) {
166. System.err.println("Problem searching directory: " + e);
167. }
169. }
171. public boolean adminChangePassword(String sUserName, String sNewPassword){
172. try {
174. //set password is a ldap modfy operation
175. ModificationItem[] mods = new ModificationItem[1];
177. //Replace the "unicdodePwd" attribute with a new value
178. //Password must be both Unicode and a quoted string
179. String newQuotedPassword = "\"" + sNewPassword + "\"";
180. byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
182. mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
184. // Perform the update
185. ctx.modifyAttributes(sUserName, mods);
187. System.out.println("Reset Password for: " + sUserName);
189. return true;
190. }
191. catch (NamingException e) {
192. System.out.println("Problem resetting password: " + e);
193. }
194. catch (UnsupportedEncodingException e) {
195. System.out.println("Problem encoding password: " + e);
196. }
197. return false;
198. }
200. public boolean userChangePassword(String sUserName, String sOldPassword, String sNewPassword){
201. try {
202. //StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
203. //tls.negotiate();
205. //change password is a single ldap modify operation
206. //that deletes the old password and adds the new password
207. ModificationItem[] mods = new ModificationItem[2];
209. //Firstly delete the "unicdodePwd" attribute, using the old password
210. //Then add the new password,Passwords must be both Unicode and a quoted string
211. String oldQuotedPassword = "\"" + sOldPassword + "\"";
212. byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
213. String newQuotedPassword = "\"" + sNewPassword + "\"";
214. byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
216. mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
217. mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
219. // Perform the update
220. ctx.modifyAttributes(sUserName, mods);
222. System.out.println("Changed Password for: " + sUserName);
223. //tls.close();
224. return true;
226. }
227. catch (NamingException e) {
228. System.err.println("Problem changing password: " + e);
229. }
230. catch (UnsupportedEncodingException e) {
231. System.err.println("Problem encoding password: " + e);
232. } catch ( Exception e){
233. System.err.println("Problem: " + e);
234. }
235. return false;
236. }
238. public boolean createNewUser(String sGroupName, String sUserName){
239. try {
240. // Create attributes to be associated with the new user
241. Attributes attrs = new BasicAttributes(true);
243. //These are the mandatory attributes for a user object
244. //Note that Win2K3 will automagically create a random
245. //samAccountName if it is not present. (Win2K does not)
246. attrs.put("objectClass","user");
247. attrs.put("sAMAccountName","AlanT");
248. attrs.put("cn","Alan Tang");
250. //These are some optional (but useful) attributes
251. attrs.put("givenName","Alan");
252. attrs.put("sn","Tang");
253. attrs.put("displayName","Alan Tang");
254. attrs.put("description","Engineer");
255. attrs.put("userPrincipalName","alan-AT-joeyta.local");
256. attrs.put("mail","alang-AT-mail.joeyta-DOT-local");
257. attrs.put("telephoneNumber","123 456 789");
259. //some useful constants from lmaccess.h
260. int UF_ACCOUNTDISABLE = 0x0002;
261. int UF_PASSWD_NOTREQD = 0x0020;
262. int UF_PASSWD_CANT_CHANGE = 0x0040;
263. int UF_NORMAL_ACCOUNT = 0x0200;
264. int UF_DONT_EXPIRE_PASSWD = 0x10000;
265. int UF_PASSWORD_EXPIRED = 0x800000;
267. //Note that you need to create the user object before you can
268. //set the password. Therefore as the user is created with no
269. //password, user AccountControl must be set to the following
270. //otherwise the Win2K3 password filter will return error 53
271. //unwilling to perform.
273. attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
275. // Create the context
276. Context result = ctx.createSubcontext(sUserName, attrs);
277. System.out.println("Created disabled account for: " + sUserName);
279. //now that we've created the user object, we can set the
280. //password and change the userAccountControl
281. //and because password can only be set using SSL/TLS
282. //lets use StartTLS
284. //StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
285. //tls.negotiate();
287. //set password is a ldap modfy operation
288. //and we'll update the userAccountControl
289. //enabling the acount and force the user to update ther password
290. //the first time they login
291. ModificationItem[] mods = new ModificationItem[2];
293. //Replace the "unicdodePwd" attribute with a new value
294. //Password must be both Unicode and a quoted string
295. String newQuotedPassword = "\"P-AT-ssw0rd\"";
296. byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
298. mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
299. mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
301. // Perform the update
302. ctx.modifyAttributes(sUserName, mods);
303. System.out.println("Set password & updated userccountControl");
306. //now add the user to a group.
308. try {
309. ModificationItem member[] = new ModificationItem[1];
310. member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", sUserName));
312. ctx.modifyAttributes(sGroupName,member);
313. System.out.println("Added user to group: " + sGroupName);
315. }
316. catch (NamingException e) {
317. System.err.println("Problem adding user to group: " + e);
318. }
319. //Could have put tls.close() prior to the group modification
320. //but it seems to screw up the connection or context ?
321. //tls.close();
323. System.out.println("Successfully created User: " + sUserName);
324. return true;
326. }
327. catch (NamingException e) {
328. System.err.println("Problem creating object: " + e);
329. }
331. catch (IOException e) {
332. System.err.println("Problem creating object: " + e);
333. }
334. return false;
335. }
337. public boolean addUserToGroup(LdapContext ctx, String userDN, String groupDN) {
338. try{
339. ModificationItem[] mods = new ModificationItem[1];
340. mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userDN));
341. ctx.modifyAttributes(groupDN, mods);
342. System.out.println("Added user " + userDN + " to group " + groupDN);
343. return true;
344. } catch (NamingException ne){
345. System.err.println("Problem add user to group: " + ne);
346. }
347. return false;