300字范文 > java修改AD域用户密码使用SSL连接方式

java修改AD域用户密码使用SSL连接方式

时间：2021-12-16 16:21:15

正常情况下，JAVA修改AD域用户属性，只能修改一些普通属性，

如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改，

SSL连接的方式需要操作以下步骤：

1.安装AD域证书服务

2.证书颁发机构中设置以web的方式获取证书

3.访问http://localhost/certsrv/下载证书文件

4.将证书导入开发电脑的C:\tmp目录下，使用keytool -import-keystore命令

（以上步骤，在上一篇文章里介绍了/amoyzhu/p/9259264.html）

5.写代码(注意端口是636)

package com.case.ldap;import java.util.ArrayList;import java.util.List;import java.util.Properties;import javax.naming.Context;import javax.naming.NamingEnumeration;import javax.naming.NamingException;import javax.naming.directory.Attributes;import javax.naming.directory.BasicAttribute;import javax.naming.directory.BasicAttributes;import javax.naming.directory.DirContext;import javax.naming.directory.ModificationItem;import javax.naming.directory.SearchControls;import javax.naming.directory.SearchResult;import javax.naming.ldap.InitialLdapContext;import javax.naming.ldap.LdapContext;import com.cts.spring.boot.Main.Person;/*** @Description:对AD域用户的增删改查操作* @author zhuyr* @date -07-03*/public class ADDUser {//DirContext dc = null;LdapContext dc = null;String root = "OU=maad,DC=case,DC=com"; // LDAP的根节点的DC/*** @Description:程序入口* @author zhuyr* @date -07-03*/public static void main(String[] args) {ADDUser utils = new ADDUser();//0.用户连接//utils.init();//1.添加用户//utils.add("testzhu");//2.查找组织单位下的所有用户//utils.searchInformation(utils.root); //3.查找组织单位下的某个用户/*SearchResult sr = utils.searchByUserName(utils.root, "testzhu");System.out.println(sr.getName());*///4.修改用户属性//utils.modifyInformation("testzhu", "M1380005");//utils.updatePerson("testzhu");//5.重命名用户//utils.renameEntry("CN=testzhu,OU=maad,DC=case,DC=com", "CN=testzzz,OU=maad,DC=case,DC=com");//6.删除用户//utils.delete("CN=testzhu,OU=maad,DC=case,DC=com");utils.certinit();//7.修改密码失败//utils.updatePWD("testzhu");utils.enablePerson("testzhu");//utils.searchInformation(utils.root); utils.close();}/*** @Description:使用帐户密码登录* @author zhuyr* @date -07-03*/public void init() {Properties env = new Properties();String adminName = "read-only-admin@";// username@domainString adminPassword = "Root.123";// passwordString ldapURL = "ldap://172.16.160.7:389";// ip:portenv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别："none","simple","strong"env.put(Context.SECURITY_PRINCIPAL, adminName);env.put(Context.SECURITY_CREDENTIALS, adminPassword);env.put(Context.PROVIDER_URL, ldapURL);try {dc = new InitialLdapContext(env, null);System.out.println("AD域帐户密码认证成功");} catch (Exception e) {System.out.println("AD域帐户密码认证失败");e.printStackTrace();}}/*** @Description:使用SSl的方式登录* @author zhuyr* @date -07-03*/public void certinit() {Properties env = new Properties();String adminName = "cn=read-only-admin,cn=Users,dc=case,dc=com";String adminPassword = "Root.123";// passwordString ldapURL = "ldap://172.16.160.7:636";// ip:portenv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别："none","simple","strong"env.put(Context.SECURITY_PRINCIPAL, adminName);env.put(Context.SECURITY_CREDENTIALS, adminPassword);env.put(Context.PROVIDER_URL, ldapURL);String keystore = "C:\\ProgramInstall\\Java\\jdk1.8.0_51\\jre\\lib\\security\\cacerts";System.setProperty(".ssl.trustStore", keystore); env.put(Context.SECURITY_PROTOCOL, "ssl");try {dc = new InitialLdapContext(env, null);System.out.println("AD域ssl身份认证成功");} catch (Exception e) {System.out.println("AD域ssl身份认证失败");e.printStackTrace();}}/*** @Description:关闭AD域服务连接* @author zhuyr* @date -07-03*/public void close() {if (dc != null) {try {dc.close();System.out.println("AD域服务连接关闭");} catch (NamingException e) {System.out.println("NamingException in close():" + e);}}}/*** @Description:新增AD域用户* @author zhuyr* @date -07-03*/public void add(String newUserName) {try {Attributes attrs = new BasicAttributes(true);attrs.put("objectClass", "user");attrs.put("samAccountName", newUserName);attrs.put("userPrincipalName", newUserName + "@");//attrs.put("userAccountControl","66048"); //attrs.put("userPassword","Root.123");attrs.put("telephoneNumber","15880277368");attrs.put("displayName", "显示名称");attrs.put("description","描述");attrs.put("mail",newUserName + "@");attrs.put("givenName","名字");attrs.put("name","newUserName");attrs.put("cn", newUserName);attrs.put("sn", newUserName);dc.createSubcontext("CN=" + newUserName + "," + root, attrs);System.out.println("新增AD域用户成功:" + newUserName);} catch (Exception e) {e.printStackTrace();System.out.println("新增AD域用户失败:" + newUserName);}}/*** @Description:删除AD域用户* @author zhuyr* @date -07-03*/public void delete(String dn) {try {dc.destroySubcontext(dn);System.out.println("删除AD域用户成功:" + dn);} catch (Exception e) {System.out.println("删除AD域用户失败:" + dn);e.printStackTrace();}}/*** @Description:重命名AD域用户* @author zhuyr* @date -07-03*/public boolean renameEntry(String oldDN, String newDN) {try {dc.rename(oldDN, newDN);System.out.println("重命名AD域用户成功");return true;} catch (NamingException ne) {System.out.println("重命名AD域用户失败");ne.printStackTrace();return false;}} /*** @Description:修改AD域用户属性* @author zhuyr* @date -07-03*/public void updatePerson(String dn) {Person person = new Person();person.setCn("testzhu");person.setsAMAccountName(person.getCn());person.setName(person.getCn());person.setSn("3");person.setUserAccountControl("66048");person.setTelephoneNumber("18506999958");person.setGivenName("33");person.setDescription("3333");person.setDisplayName("333");person.setMail("testzhu@");person.setUserPassword("Root.123");if (person == null || person.getCn() == null || person.getCn().length() <= 0) {return;}//修改的属性List<ModificationItem> mList = new ArrayList<ModificationItem>();//不能修改//mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl())));mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("sn",person.getSn())));mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("telephoneNumber", person.getTelephoneNumber())));mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("mail", person.getMail())));mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("givenName", person.getGivenName())));mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("displayName", person.getDisplayName())));mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("description", person.getDescription())));if (mList.size() > 0) {//集合转为数组ModificationItem[] mArray = new ModificationItem[mList.size()];for (int i = 0; i < mList.size(); i++) {mArray[i] = mList.get(i);}try {dc.modifyAttributes("cn="+dn + "," + root, mArray);System.out.println("修改AD域用户属性成功");} catch (NamingException e) {System.err.println("修改AD域用户属性失败");e.printStackTrace();}}}/*** @Description:修改AD域用户密码* @author zhuyr* @date -07-03*/public void updatePWD(String dn) {Person person = new Person();person.setCn("testzhu");person.setUserPassword("Root.456");String sOldPassword ="Root.123";if (person == null || person.getCn() == null || person.getCn().length() <= 0) {return;}try {String oldQuotedPassword = "\"" + sOldPassword + "\""; byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE"); String newQuotedPassword = "\"" + person.getUserPassword() + "\"";byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");ModificationItem[] mods = new ModificationItem[2];//mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword)); //userPasswordmods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); dc.modifyAttributes("cn="+dn + "," + root, mods);System.out.println("修改密码成功！");}catch(Exception e) {e.printStackTrace();}}/*** @Description:修改AD域用户属性* @author zhuyr* @date -07-03*/public void enablePerson(String dn) {Person person = new Person();person.setCn("testzhu");person.setUserAccountControl("66048");if (person == null || person.getCn() == null || person.getCn().length() <= 0) {return;}try {ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl()));dc.modifyAttributes("cn="+dn + "," + root, mods);System.out.println("启用用户成功！");}catch(Exception e) {e.printStackTrace();}}/*** @Description:搜索指定节点下的所有AD域用户* @author zhuyr* @date -07-03*/public void searchInformation(String searchBase) {try {SearchControls searchCtls = new SearchControls();searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);String searchFilter = "objectClass=user";String returnedAtts[] = { "memberOf" };searchCtls.setReturningAttributes(returnedAtts);NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);while (answer.hasMoreElements()) {SearchResult sr = (SearchResult) answer.next();System.out.println(sr.getName());}} catch (Exception e) {e.printStackTrace();}}/*** @Description:指定搜索节点搜索指定域用户* @author zhuyr* @date -07-03*/public SearchResult searchByUserName(String searchBase, String userName) {SearchControls searchCtls = new SearchControls();searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);String searchFilter = "sAMAccountName=" + userName;String returnedAtts[] = { "memberOf" }; //定制返回属性searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集try {NamingEnumeration<SearchResult> answer = dc.search(searchBase, searchFilter, searchCtls);return answer.next();} catch (Exception e) {System.err.println("指定搜索节点搜索指定域用户失败");e.printStackTrace();}return null;}}

本内容不代表本网观点和政治立场，如有侵犯你的权益请联系我们处理。

网友评论

网友评论仅供其表达个人看法，并不表明网站立场。