AD证书或者SSL证书导入的方法步骤(在root用户下操作)
1、 将证书命名为AD-PRO.cer,并确定证书的颁发。
2、 将/app/ad_cert/keystore下的原有证书删除掉和文件security.keystore删掉(查询证书:keytool -list -v -keystore security.keystore,删除证书:keytool -delete -alias adkey1 -keystore security.keystore)
3、 将/app/jdk1.7.0_79/jre/lib/security下的证书和文件cacerts删掉(查询证书:keytool -list -v -keystore cacerts,删除证书:keytool -delete -alias adkey1 -keystore cacerts)
4、 将证书上传到:/app/ad_cert/keystore,并复制到/app/jdk1.7.0_79/jre/lib/security
5、 在/app/ad_cert/keystore执行命令/app/jdk1.7.0_79/jre/bin/keytool -import -alias adkey1 -file AD-PRO.cer -keystore security.keystore,密码设置为xxxx;
6、 在/app/jdk1.7.0_79/jre/lib/security下执行命令/app/jdk1.7.0_79/jre/bin/keytool -import -alias adkey1 -file AD-PRO.cer -keystore cacerts,密码设置为xxxxx。
重启服务器
java连接AD,修改密码需要使用证书,
导出步骤,
Windows Server2019 搭建CA认证服务器部署方案:
Windows Server2019 导出步骤,https://www.miensi.com/1449.html
Windows Server 2019 活动目录服务器搭建完成后,在域环境中搭建证书服务器。
生产环境中切记不能将证书服务安装在DC,强烈建议证书服务部署在单独的一台服务器。
将服务器初始化完成后(计算机名称、IP地址、防火墙、加域等)
计算机名称:Miensi-CA
IP地址:10.36.10.202
证书作用
- 加密数据
- 身份识别
1、AD CS的功能
1) 证书颁发机构(CA):可以向用户、机构和服务颁发证书。
2) CA WEB注册:用户可以通过web浏览器申请证书。
3) 联机响应程序服务:联机响应程序服务通过对特定证书的吊销状态申请进行解码,评估这些证书的状态,并发送回包含所申请证书状态信息的签名响应来实现联机证书状态协议 (OCSP)。
4) 网络设备注册服务:网络设备注册服务可根据 Cisco Systems Inc. 提供的简单证书注册协议 (SCEP) 允许路由器和其他网络设备获取证书。
安装域控服务器:
Windows Server 2019安装域控制器完整版
安装证书服务器
1. 打开服务器管理器,选择添加角色和功能
2. 选择,下一步
3.选择,下一步
4. 选择Active Directory证书服务 ,添加功能
5. 选择添加功能
6. 选择,下一步
7. 选择,下一步 保持默认
8. 选择,下一步
9. 勾选,证书颁发机构和证书颁发机构Web注册,下一步
10.web服务器角色(IIS)
11.选择角色服务
12. 选择,安装
13. 选择配置目标服务器上的Active Directory 证书服务
14. 选择,下一步
15. 勾选证书颁发机构和证书颁发机构Web注册,下一步
16. 指定类型一定要为企业CA,如果这一个选项为灰色不可选,需要看一看域配置是否正确
17. CA类型选择默认,默认为根CA,直接下一步
18.私钥类型选择默认,创建新的私钥,直接下一步
19. 选择加密算法,默认即可,当前的计算2048为密钥长度即可
20. CA名称主机会直接默认生成,也可以自行修改
21. 更改证书有效期为100年,下一步
22. 数据库位置也会自动生成,下一步
23. 选择,配置 , 关闭
24. 打开控制面板-管理工具,会看到一个“证书颁发机构”,到此证书服务器已安装完毕
25.点击”miensi-ad-server-ca” 右键‘属性’
26.在”扩展“选项卡,按照下图配置后,点击”应用“
27. 点击”是“
28. 选择扩展”AIA“,勾选”包含在颁发的证书的AIA扩展中“
29.点击”是“
30.右键”吊销的证书“—”所有任务“—”发布“
31.选择”新的CRL“,点击”确定“
以上即完成了整个Active Directory证书服务器的安装与配置,配置完成后需重启证书服务器即可。
下载证书:
把certnew.cer证书文件放到开发电脑的C:\tmp目录下,
使用以下命令将证书导入到java环境中
1 |
|
修改密码:
正常情况下,JAVA修改AD域用户属性,只能修改一些普通属性,
如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改,
SSL连接的方式需要操作以下步骤:
1.安装AD域证书服务
2.证书颁发机构中设置以web的方式获取证书
3.访问http://localhost/certsrv/下载证书文件
4.将证书导入开发电脑的C:\tmp目录下,使用keytool -import -keystore命令
(以上步骤,在上一篇文章里介绍了)
5.写代码(注意端口是636)
package com.case.ldap;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import com.cts.spring.boot.Main.Person;
/**
* @Description:对AD域用户的增删改查操作
* @author zhuyr
* @date 2018-07-03
*/
public class ADDUser {
//DirContext dc = null;
LdapContext dc = null;
String root = "OU=maad,DC=case,DC=com"; // LDAP的根节点的DC
/**
* @Description:程序入口
* @author zhuyr
* @date 2018-07-03
*/
public static void main(String[] args) {
ADDUser utils = new ADDUser();
//0.用户连接
//utils.init();
//1.添加用户
//utils.add("testzhu");
//2.查找组织单位下的所有用户
//utils.searchInformation(utils.root);
//3.查找组织单位下的某个用户
/*SearchResult sr = utils.searchByUserName(utils.root, "testzhu");
System.out.println(sr.getName());*/
//4.修改用户属性
//utils.modifyInformation("testzhu", "M1380005");
//utils.updatePerson("testzhu");
//5.重命名用户
//utils.renameEntry("CN=testzhu,OU=maad,DC=case,DC=com", "CN=testzzz,OU=maad,DC=case,DC=com");
//6.删除用户
//utils.delete("CN=testzhu,OU=maad,DC=case,DC=com");
utils.certinit();
//7.修改密码失败
//utils.updatePWD("testzhu");
utils.enablePerson("testzhu");
//utils.searchInformation(utils.root);
utils.close();
}
/**
* @Description:使用帐户密码登录
* @author zhuyr
* @date 2018-07-03
*/
public void init() {
Properties env = new Properties();
String adminName = "read-only-admin@case.com";// username@domain
String adminPassword = "Root.123";// password
String ldapURL = "ldap://172.16.160.7:389";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域帐户密码认证成功");
} catch (Exception e) {
System.out.println("AD域帐户密码认证失败");
e.printStackTrace();
}
}
/**
* @Description:使用SSl的方式登录
* @author zhuyr
* @date 2018-07-03
*/
public void certinit() {
Properties env = new Properties();
String adminName = "cn=read-only-admin,cn=Users,dc=case,dc=com";
String adminPassword = "Root.123";// password
String ldapURL = "ldap://172.16.160.7:636";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
String keystore = "C:\\ProgramInstall\\Java\\jdk1.8.0_51\\jre\\lib\\security\\cacerts";
System.setProperty("javax.net.ssl.trustStore", keystore);
env.put(Context.SECURITY_PROTOCOL, "ssl");
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域ssl身份认证成功");
} catch (Exception e) {
System.out.println("AD域ssl身份认证失败");
e.printStackTrace();
}
}
/**
* @Description:关闭AD域服务连接
* @author zhuyr
* @date 2018-07-03
*/
public void close() {
if (dc != null) {
try {
dc.close();
System.out.println("AD域服务连接关闭");
} catch (NamingException e) {
System.out.println("NamingException in close():" + e);
}
}
}
/**
* @Description:新增AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void add(String newUserName) {
try {
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "user");
attrs.put("samAccountName", newUserName);
attrs.put("userPrincipalName", newUserName + "@mayocase.com");
//attrs.put("userAccountControl","66048");
//attrs.put("userPassword","Root.123");
attrs.put("telephoneNumber","15880277368");
attrs.put("displayName", "显示名称");
attrs.put("description","描述");
attrs.put("mail",newUserName + "@case.com");
attrs.put("givenName","名字");
attrs.put("name","newUserName");
attrs.put("cn", newUserName);
attrs.put("sn", newUserName);
dc.createSubcontext("CN=" + newUserName + "," + root, attrs);
System.out.println("新增AD域用户成功:" + newUserName);
} catch (Exception e) {
e.printStackTrace();
System.out.println("新增AD域用户失败:" + newUserName);
}
}
/**
* @Description:删除AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void delete(String dn) {
try {
dc.destroySubcontext(dn);
System.out.println("删除AD域用户成功:" + dn);
} catch (Exception e) {
System.out.println("删除AD域用户失败:" + dn);
e.printStackTrace();
}
}
/**
* @Description:重命名AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public boolean renameEntry(String oldDN, String newDN) {
try {
dc.rename(oldDN, newDN);
System.out.println("重命名AD域用户成功");
return true;
} catch (NamingException ne) {
System.out.println("重命名AD域用户失败");
ne.printStackTrace();
return false;
}
}
/**
* @Description:修改AD域用户属性
* @author zhuyr
* @date 2018-07-03
*/
public void updatePerson(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setsAMAccountName(person.getCn());
person.setName(person.getCn());
person.setSn("3");
person.setUserAccountControl("66048");
person.setTelephoneNumber("18506999958");
person.setGivenName("33");
person.setDescription("3333");
person.setDisplayName("333");
person.setMail("testzhu@case.com");
person.setUserPassword("Root.123");
if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
}
//修改的属性
List<ModificationItem> mList = new ArrayList<ModificationItem>();
//不能修改
//mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("sn",person.getSn())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("telephoneNumber", person.getTelephoneNumber())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("mail", person.getMail())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("givenName", person.getGivenName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("displayName", person.getDisplayName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("description", person.getDescription())));
if (mList.size() > 0) {
//集合转为数组
ModificationItem[] mArray = new ModificationItem[mList.size()];
for (int i = 0; i < mList.size(); i++) {
mArray[i] = mList.get(i);
}
try {
dc.modifyAttributes("cn="+dn + "," + root, mArray);
System.out.println("修改AD域用户属性成功");
} catch (NamingException e) {
System.err.println("修改AD域用户属性失败");
e.printStackTrace();
}
}
}
/**
* @Description:修改AD域用户密码
* @author zhuyr
* @date 2018-07-03
*/
public void updatePWD(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setUserPassword("Root.456");
String sOldPassword ="Root.123";
if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
}
try {
String oldQuotedPassword = "\"" + sOldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "\"" + person.getUserPassword() + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
ModificationItem[] mods = new ModificationItem[2];
//mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword)); //userPassword
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
dc.modifyAttributes("cn="+dn + "," + root, mods);
System.out.println("修改密码成功!");
}catch(Exception e) {
e.printStackTrace();
}
}
/**
* @Description:修改AD域用户属性
* @author zhuyr
* @date 2018-07-03
*/
public void enablePerson(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setUserAccountControl("66048");
if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
}
try {
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl()));
dc.modifyAttributes("cn="+dn + "," + root, mods);
System.out.println("启用用户成功!");
}catch(Exception e) {
e.printStackTrace();
}
}
/**
* @Description:搜索指定节点下的所有AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void searchInformation(String searchBase) {
try {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "objectClass=user";
String returnedAtts[] = { "memberOf" };
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
System.out.println(sr.getName());
}
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* @Description:指定搜索节点搜索指定域用户
* @author zhuyr
* @date 2018-07-03
*/
public SearchResult searchByUserName(String searchBase, String userName) {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "sAMAccountName=" + userName;
String returnedAtts[] = { "memberOf" }; //定制返回属性
searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
try {
NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);
return answer.next();
} catch (Exception e) {
System.err.println("指定搜索节点搜索指定域用户失败");
e.printStackTrace();
}
return null;
}
}
如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改,
SSL连接的方式需要操作以下步骤:
1.安装AD域证书服务
2.证书颁发机构中设置以web的方式获取证书
3.访问http://localhost/certsrv/下载证书文件
4.将证书导入开发电脑的C:\tmp目录下,使用keytool -import -keystore命令
(以上步骤,在上一篇文章里介绍了)
5.写代码(注意端口是636)
package com.case.ldap;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import com.cts.spring.boot.Main.Person;
/**
* @Description:对AD域用户的增删改查操作
* @author zhuyr
* @date 2018-07-03
*/
public class ADDUser {
//DirContext dc = null;
LdapContext dc = null;
String root = "OU=maad,DC=case,DC=com"; // LDAP的根节点的DC
/**
* @Description:程序入口
* @author zhuyr
* @date 2018-07-03
*/
public static void main(String[] args) {
ADDUser utils = new ADDUser();
//0.用户连接
//utils.init();
//1.添加用户
//utils.add("testzhu");
//2.查找组织单位下的所有用户
//utils.searchInformation(utils.root);
//3.查找组织单位下的某个用户
/*SearchResult sr = utils.searchByUserName(utils.root, "testzhu");
System.out.println(sr.getName());*/
//4.修改用户属性
//utils.modifyInformation("testzhu", "M1380005");
//utils.updatePerson("testzhu");
//5.重命名用户
//utils.renameEntry("CN=testzhu,OU=maad,DC=case,DC=com", "CN=testzzz,OU=maad,DC=case,DC=com");
//6.删除用户
//utils.delete("CN=testzhu,OU=maad,DC=case,DC=com");
utils.certinit();
//7.修改密码失败
//utils.updatePWD("testzhu");
utils.enablePerson("testzhu");
//utils.searchInformation(utils.root);
utils.close();
}
/**
* @Description:使用帐户密码登录
* @author zhuyr
* @date 2018-07-03
*/
public void init() {
Properties env = new Properties();
String adminName = "read-only-admin@case.com";// username@domain
String adminPassword = "Root.123";// password
String ldapURL = "ldap://172.16.160.7:389";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域帐户密码认证成功");
} catch (Exception e) {
System.out.println("AD域帐户密码认证失败");
e.printStackTrace();
}
}
/**
* @Description:使用SSl的方式登录
* @author zhuyr
* @date 2018-07-03
*/
public void certinit() {
Properties env = new Properties();
String adminName = "cn=read-only-admin,cn=Users,dc=case,dc=com";
String adminPassword = "Root.123";// password
String ldapURL = "ldap://172.16.160.7:636";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
String keystore = "C:\\ProgramInstall\\Java\\jdk1.8.0_51\\jre\\lib\\security\\cacerts";
System.setProperty("javax.net.ssl.trustStore", keystore);
env.put(Context.SECURITY_PROTOCOL, "ssl");
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域ssl身份认证成功");
} catch (Exception e) {
System.out.println("AD域ssl身份认证失败");
e.printStackTrace();
}
}
/**
* @Description:关闭AD域服务连接
* @author zhuyr
* @date 2018-07-03
*/
public void close() {
if (dc != null) {
try {
dc.close();
System.out.println("AD域服务连接关闭");
} catch (NamingException e) {
System.out.println("NamingException in close():" + e);
}
}
}
/**
* @Description:新增AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void add(String newUserName) {
try {
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "user");
attrs.put("samAccountName", newUserName);
attrs.put("userPrincipalName", newUserName + "@mayocase.com");
//attrs.put("userAccountControl","66048");
//attrs.put("userPassword","Root.123");
attrs.put("telephoneNumber","15880277368");
attrs.put("displayName", "显示名称");
attrs.put("description","描述");
attrs.put("mail",newUserName + "@case.com");
attrs.put("givenName","名字");
attrs.put("name","newUserName");
attrs.put("cn", newUserName);
attrs.put("sn", newUserName);
dc.createSubcontext("CN=" + newUserName + "," + root, attrs);
System.out.println("新增AD域用户成功:" + newUserName);
} catch (Exception e) {
e.printStackTrace();
System.out.println("新增AD域用户失败:" + newUserName);
}
}
/**
* @Description:删除AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void delete(String dn) {
try {
dc.destroySubcontext(dn);
System.out.println("删除AD域用户成功:" + dn);
} catch (Exception e) {
System.out.println("删除AD域用户失败:" + dn);
e.printStackTrace();
}
}
/**
* @Description:重命名AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public boolean renameEntry(String oldDN, String newDN) {
try {
dc.rename(oldDN, newDN);
System.out.println("重命名AD域用户成功");
return true;
} catch (NamingException ne) {
System.out.println("重命名AD域用户失败");
ne.printStackTrace();
return false;
}
}
/**
* @Description:修改AD域用户属性
* @author zhuyr
* @date 2018-07-03
*/
public void updatePerson(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setsAMAccountName(person.getCn());
person.setName(person.getCn());
person.setSn("3");
person.setUserAccountControl("66048");
person.setTelephoneNumber("18506999958");
person.setGivenName("33");
person.setDescription("3333");
person.setDisplayName("333");
person.setMail("testzhu@case.com");
person.setUserPassword("Root.123");
if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
}
//修改的属性
List<ModificationItem> mList = new ArrayList<ModificationItem>();
//不能修改
//mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("sn",person.getSn())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("telephoneNumber", person.getTelephoneNumber())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("mail", person.getMail())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("givenName", person.getGivenName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("displayName", person.getDisplayName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("description", person.getDescription())));
if (mList.size() > 0) {
//集合转为数组
ModificationItem[] mArray = new ModificationItem[mList.size()];
for (int i = 0; i < mList.size(); i++) {
mArray[i] = mList.get(i);
}
try {
dc.modifyAttributes("cn="+dn + "," + root, mArray);
System.out.println("修改AD域用户属性成功");
} catch (NamingException e) {
System.err.println("修改AD域用户属性失败");
e.printStackTrace();
}
}
}
/**
* @Description:修改AD域用户密码
* @author zhuyr
* @date 2018-07-03
*/
public void updatePWD(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setUserPassword("Root.456");
String sOldPassword ="Root.123";
if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
}
try {
String oldQuotedPassword = "\"" + sOldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
String newQuotedPassword = "\"" + person.getUserPassword() + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
ModificationItem[] mods = new ModificationItem[2];
//mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword)); //userPassword
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
dc.modifyAttributes("cn="+dn + "," + root, mods);
System.out.println("修改密码成功!");
}catch(Exception e) {
e.printStackTrace();
}
}
/**
* @Description:修改AD域用户属性
* @author zhuyr
* @date 2018-07-03
*/
public void enablePerson(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setUserAccountControl("66048");
if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
}
try {
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl()));
dc.modifyAttributes("cn="+dn + "," + root, mods);
System.out.println("启用用户成功!");
}catch(Exception e) {
e.printStackTrace();
}
}
/**
* @Description:搜索指定节点下的所有AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void searchInformation(String searchBase) {
try {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "objectClass=user";
String returnedAtts[] = { "memberOf" };
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
System.out.println(sr.getName());
}
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* @Description:指定搜索节点搜索指定域用户
* @author zhuyr
* @date 2018-07-03
*/
public SearchResult searchByUserName(String searchBase, String userName) {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "sAMAccountName=" + userName;
String returnedAtts[] = { "memberOf" }; //定制返回属性
searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
try {
NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);
return answer.next();
} catch (Exception e) {
System.err.println("指定搜索节点搜索指定域用户失败");
e.printStackTrace();
}
return null;
}
}
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
