java修改AD域用户密码使用SSL连接方式

正常情况下,JAVA修改AD域用户属性,只能修改一些普通属性,

如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改,

SSL连接的方式需要操作以下步骤:

1.安装AD域证书服务

2.证书颁发机构中设置以web的方式获取证书

3.访问http://localhost/certsrv/下载证书文件

4.将证书导入开发电脑的C:\tmp目录下,使用keytool -import -keystore命令

(以上步骤,在上一篇文章里介绍了https://www.cnblogs.com/amoyzhu/p/9259264.html)

5.写代码(注意端口是636)

package com.case.ldap;

import java.util.ArrayList;
import java.util.List;
import java.util.Properties; import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext; import com.cts.spring.boot.Main.Person; /**
* @Description:对AD域用户的增删改查操作
* @author zhuyr
* @date 2018-07-03
*/
public class ADDUser {
//DirContext dc = null;
LdapContext dc = null;
String root = "OU=maad,DC=case,DC=com"; // LDAP的根节点的DC /**
* @Description:程序入口
* @author zhuyr
* @date 2018-07-03
*/
public static void main(String[] args) { ADDUser utils = new ADDUser(); //0.用户连接
//utils.init();
//1.添加用户
//utils.add("testzhu"); //2.查找组织单位下的所有用户
//utils.searchInformation(utils.root); //3.查找组织单位下的某个用户
/*SearchResult sr = utils.searchByUserName(utils.root, "testzhu");
System.out.println(sr.getName());*/ //4.修改用户属性
//utils.modifyInformation("testzhu", "M1380005");
//utils.updatePerson("testzhu"); //5.重命名用户
//utils.renameEntry("CN=testzhu,OU=maad,DC=case,DC=com", "CN=testzzz,OU=maad,DC=case,DC=com"); //6.删除用户
//utils.delete("CN=testzhu,OU=maad,DC=case,DC=com"); utils.certinit();
//7.修改密码失败
//utils.updatePWD("testzhu");
utils.enablePerson("testzhu");
//utils.searchInformation(utils.root); utils.close();
} /**
* @Description:使用帐户密码登录
* @author zhuyr
* @date 2018-07-03
*/
public void init() {
Properties env = new Properties();
String adminName = "read-only-admin@case.com";// username@domain
String adminPassword = "Root.123";// password
String ldapURL = "ldap://172.16.160.7:389";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL);
try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域帐户密码认证成功");
} catch (Exception e) {
System.out.println("AD域帐户密码认证失败");
e.printStackTrace();
}
} /**
* @Description:使用SSl的方式登录
* @author zhuyr
* @date 2018-07-03
*/
public void certinit() { Properties env = new Properties();
String adminName = "cn=read-only-admin,cn=Users,dc=case,dc=com";
String adminPassword = "Root.123";// password
String ldapURL = "ldap://172.16.160.7:636";// ip:port
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
env.put(Context.PROVIDER_URL, ldapURL); String keystore = "C:\\ProgramInstall\\Java\\jdk1.8.0_51\\jre\\lib\\security\\cacerts";
System.setProperty("javax.net.ssl.trustStore", keystore);
env.put(Context.SECURITY_PROTOCOL, "ssl"); try {
dc = new InitialLdapContext(env, null);
System.out.println("AD域ssl身份认证成功");
} catch (Exception e) {
System.out.println("AD域ssl身份认证失败");
e.printStackTrace();
}
} /**
* @Description:关闭AD域服务连接
* @author zhuyr
* @date 2018-07-03
*/
public void close() {
if (dc != null) {
try {
dc.close();
System.out.println("AD域服务连接关闭");
} catch (NamingException e) {
System.out.println("NamingException in close():" + e);
}
}
} /**
* @Description:新增AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void add(String newUserName) {
try {
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "user");
attrs.put("samAccountName", newUserName);
attrs.put("userPrincipalName", newUserName + "@mayocase.com");
//attrs.put("userAccountControl","66048");
//attrs.put("userPassword","Root.123");
attrs.put("telephoneNumber","15880277368");
attrs.put("displayName", "显示名称");
attrs.put("description","描述");
attrs.put("mail",newUserName + "@case.com");
attrs.put("givenName","名字");
attrs.put("name","newUserName");
attrs.put("cn", newUserName);
attrs.put("sn", newUserName); dc.createSubcontext("CN=" + newUserName + "," + root, attrs);
System.out.println("新增AD域用户成功:" + newUserName);
} catch (Exception e) {
e.printStackTrace();
System.out.println("新增AD域用户失败:" + newUserName);
}
} /**
* @Description:删除AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void delete(String dn) {
try {
dc.destroySubcontext(dn);
System.out.println("删除AD域用户成功:" + dn);
} catch (Exception e) {
System.out.println("删除AD域用户失败:" + dn);
e.printStackTrace();
}
} /**
* @Description:重命名AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public boolean renameEntry(String oldDN, String newDN) {
try {
dc.rename(oldDN, newDN);
System.out.println("重命名AD域用户成功");
return true;
} catch (NamingException ne) {
System.out.println("重命名AD域用户失败");
ne.printStackTrace();
return false;
}
} /**
* @Description:修改AD域用户属性
* @author zhuyr
* @date 2018-07-03
*/
public void updatePerson(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setsAMAccountName(person.getCn());
person.setName(person.getCn());
person.setSn("3");
person.setUserAccountControl("66048");
person.setTelephoneNumber("18506999958");
person.setGivenName("33");
person.setDescription("3333");
person.setDisplayName("333");
person.setMail("testzhu@case.com");
person.setUserPassword("Root.123"); if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
} //修改的属性
List<ModificationItem> mList = new ArrayList<ModificationItem>();
//不能修改
//mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("sn",person.getSn())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("telephoneNumber", person.getTelephoneNumber())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("mail", person.getMail())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("givenName", person.getGivenName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("displayName", person.getDisplayName())));
mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("description", person.getDescription()))); if (mList.size() > 0) { //集合转为数组
ModificationItem[] mArray = new ModificationItem[mList.size()];
for (int i = 0; i < mList.size(); i++) {
mArray[i] = mList.get(i);
}
try {
dc.modifyAttributes("cn="+dn + "," + root, mArray);
System.out.println("修改AD域用户属性成功");
} catch (NamingException e) {
System.err.println("修改AD域用户属性失败");
e.printStackTrace();
}
}
}
/**
* @Description:修改AD域用户密码
* @author zhuyr
* @date 2018-07-03
*/
public void updatePWD(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setUserPassword("Root.456");
String sOldPassword ="Root.123"; if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
} try { String oldQuotedPassword = "\"" + sOldPassword + "\"";
byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE"); String newQuotedPassword = "\"" + person.getUserPassword() + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); ModificationItem[] mods = new ModificationItem[2];
//mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword)); //userPassword
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); dc.modifyAttributes("cn="+dn + "," + root, mods);
System.out.println("修改密码成功!");
}catch(Exception e) {
e.printStackTrace();
}
} /**
* @Description:修改AD域用户属性
* @author zhuyr
* @date 2018-07-03
*/
public void enablePerson(String dn) {
Person person = new Person();
person.setCn("testzhu");
person.setUserAccountControl("66048"); if (person == null || person.getCn() == null
|| person.getCn().length() <= 0) {
return;
} try {
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl())); dc.modifyAttributes("cn="+dn + "," + root, mods);
System.out.println("启用用户成功!");
}catch(Exception e) {
e.printStackTrace();
}
} /**
* @Description:搜索指定节点下的所有AD域用户
* @author zhuyr
* @date 2018-07-03
*/
public void searchInformation(String searchBase) {
try {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "objectClass=user";
String returnedAtts[] = { "memberOf" };
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
System.out.println(sr.getName());
}
} catch (Exception e) {
e.printStackTrace();
}
} /**
* @Description:指定搜索节点搜索指定域用户
* @author zhuyr
* @date 2018-07-03
*/
public SearchResult searchByUserName(String searchBase, String userName) {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "sAMAccountName=" + userName;
String returnedAtts[] = { "memberOf" }; //定制返回属性
searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
try {
NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);
return answer.next();
} catch (Exception e) {
System.err.println("指定搜索节点搜索指定域用户失败");
e.printStackTrace();
}
return null;
}
}

  

上一篇:C#微信登录-电脑版扫描二维码登录


下一篇:SharePoint 2010中重置windows 活动目录(AD)域用户密码的WebPart(免费下载)