java修改AD域用户密码使用SSL连接方式

正常情况下,JAVA修改AD域用户属性,只能修改一些普通属性,

如果要修改AD域用户密码和userAccountControl属性就得使用SSL连接的方式修改,

SSL连接的方式需要操作以下步骤:

1.安装AD域证书服务

2.证书颁发机构中设置以web的方式获取证书

3.访问http://localhost/certsrv/下载证书文件

4.将证书导入开发电脑的C:\tmp目录下,使用keytool -import -keystore命令

(以上步骤,在上一篇文章里介绍了https://www.cnblogs.com/amoyzhu/p/9259264.html)

5.写代码(注意端口是636)

package com.case.ldap;


import java.util.ArrayList;
import java.util.List;
import java.util.Properties;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

import com.cts.spring.boot.Main.Person;

/**
 * @Description:对AD域用户的增删改查操作
 * @author zhuyr
 * @date 2018-07-03
 */
public class ADDUser {
    //DirContext dc = null;
	LdapContext dc = null;
    String root = "OU=maad,DC=case,DC=com"; // LDAP的根节点的DC
    
    /**
     * @Description:程序入口
     * @author zhuyr
     * @date 2018-07-03
     */
    public static void main(String[] args) {
    	
    	ADDUser utils = new ADDUser();
    	
    	//0.用户连接
    	//utils.init();
    	//1.添加用户
    	//utils.add("testzhu");
    	
        //2.查找组织单位下的所有用户
    	//utils.searchInformation(utils.root); 
    	
    	//3.查找组织单位下的某个用户
        /*SearchResult sr = utils.searchByUserName(utils.root, "testzhu");
        System.out.println(sr.getName());*/

        //4.修改用户属性
        //utils.modifyInformation("testzhu", "M1380005");
        //utils.updatePerson("testzhu");
    	   	
    	//5.重命名用户
        //utils.renameEntry("CN=testzhu,OU=maad,DC=case,DC=com", "CN=testzzz,OU=maad,DC=case,DC=com");
        
    	//6.删除用户
        //utils.delete("CN=testzhu,OU=maad,DC=case,DC=com");
    	
    	
    	
    	utils.certinit();
    	//7.修改密码失败
        //utils.updatePWD("testzhu");
        utils.enablePerson("testzhu");
        //utils.searchInformation(utils.root); 
    	
        
        utils.close();
    }
    
    

    /**
     * @Description:使用帐户密码登录
     * @author zhuyr
     * @date 2018-07-03
     */
    public void init() {
        Properties env = new Properties();
        String adminName = "[email protected]";// username@domain
		String adminPassword = "Root.123";// password
		String ldapURL = "ldap://172.16.160.7:389";// ip:port
        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
        env.put(Context.SECURITY_PRINCIPAL, adminName);
        env.put(Context.SECURITY_CREDENTIALS, adminPassword);
        env.put(Context.PROVIDER_URL, ldapURL);
        try {
            dc = new InitialLdapContext(env, null);
            System.out.println("AD域帐户密码认证成功");
        } catch (Exception e) {
            System.out.println("AD域帐户密码认证失败");
            e.printStackTrace();
        }
    }
    
    /**
     * @Description:使用SSl的方式登录
     * @author zhuyr
     * @date 2018-07-03
     */
    public void certinit() {
    	
        Properties env = new Properties();
        String adminName = "cn=read-only-admin,cn=Users,dc=case,dc=com";
		String adminPassword = "Root.123";// password
		String ldapURL = "ldap://172.16.160.7:636";// ip:port
        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");//LDAP访问安全级别:"none","simple","strong"
        env.put(Context.SECURITY_PRINCIPAL, adminName);
        env.put(Context.SECURITY_CREDENTIALS, adminPassword);
        env.put(Context.PROVIDER_URL, ldapURL);
        
        String keystore = "C:\\ProgramInstall\\Java\\jdk1.8.0_51\\jre\\lib\\security\\cacerts";
        System.setProperty("javax.net.ssl.trustStore", keystore);  
        env.put(Context.SECURITY_PROTOCOL, "ssl");
        
        try {
            dc = new InitialLdapContext(env, null);
            System.out.println("AD域ssl身份认证成功");
        } catch (Exception e) {
            System.out.println("AD域ssl身份认证失败");
            e.printStackTrace();
        }
    }
    
    
    
    /**
     * @Description:关闭AD域服务连接
     * @author zhuyr
     * @date 2018-07-03
     */
    public void close() {
        if (dc != null) {
            try {
                dc.close();
                System.out.println("AD域服务连接关闭");
            } catch (NamingException e) {
                System.out.println("NamingException in close():" + e);
            }
        }
    }
    
    /**
     * @Description:新增AD域用户
     * @author zhuyr
     * @date 2018-07-03
     */
    public void add(String newUserName) {
        try {
            Attributes attrs = new BasicAttributes(true);
            attrs.put("objectClass", "user");
            attrs.put("samAccountName", newUserName);
            attrs.put("userPrincipalName", newUserName + "@mayocase.com");
	        //attrs.put("userAccountControl","66048"); 
            //attrs.put("userPassword","Root.123");
	        attrs.put("telephoneNumber","15880277368");
	        attrs.put("displayName", "显示名称");
	        attrs.put("description","描述");
	        attrs.put("mail",newUserName + "@case.com");
	        attrs.put("givenName","名字");
	        attrs.put("name","newUserName");
	        attrs.put("cn", newUserName);
	        attrs.put("sn", newUserName);
            
            dc.createSubcontext("CN=" + newUserName + "," + root, attrs);
            System.out.println("新增AD域用户成功:" + newUserName);
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("新增AD域用户失败:" + newUserName);
        }
    }

    /**
     * @Description:删除AD域用户
     * @author zhuyr
     * @date 2018-07-03
     */
    public void delete(String dn) {
        try {
            dc.destroySubcontext(dn);
            System.out.println("删除AD域用户成功:" + dn);
        } catch (Exception e) {
            System.out.println("删除AD域用户失败:" + dn);
            e.printStackTrace();
        }
    }

    /**
     * @Description:重命名AD域用户
     * @author zhuyr
     * @date 2018-07-03
     */
    public boolean renameEntry(String oldDN, String newDN) {
        try {
            dc.rename(oldDN, newDN);
            System.out.println("重命名AD域用户成功");
            return true;
        } catch (NamingException ne) {
            System.out.println("重命名AD域用户失败");
            ne.printStackTrace();
            return false;
        }
    }    
    
    /**
     * @Description:修改AD域用户属性
     * @author zhuyr
     * @date 2018-07-03
     */
    public void updatePerson(String dn) {
    	Person person = new Person();		
		person.setCn("testzhu");
        person.setsAMAccountName(person.getCn());
        person.setName(person.getCn());
        person.setSn("3");
        person.setUserAccountControl("66048");
        person.setTelephoneNumber("18506999958");
        person.setGivenName("33");
        person.setDescription("3333");
        person.setDisplayName("333");
        person.setMail("[email protected]");
        person.setUserPassword("Root.123");
    	
        if (person == null || person.getCn() == null 
                || person.getCn().length() <= 0) {
            return;
        }
        
        //修改的属性
        List mList = new ArrayList();
        //不能修改
        //mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl())));
        mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("sn",person.getSn())));
        mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("telephoneNumber", person.getTelephoneNumber())));
        mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("mail", person.getMail())));
        mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("givenName", person.getGivenName())));
        mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("displayName", person.getDisplayName())));
        mList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("description", person.getDescription())));
        
        if (mList.size() > 0) {
        	
        	//集合转为数组
            ModificationItem[] mArray = new ModificationItem[mList.size()];
            for (int i = 0; i < mList.size(); i++) {
                mArray[i] = mList.get(i);
            }
            try {
				dc.modifyAttributes("cn="+dn + "," + root, mArray);
				System.out.println("修改AD域用户属性成功");
			} catch (NamingException e) {
				System.err.println("修改AD域用户属性失败");
				e.printStackTrace();
			}
        }                
    }
    /**
     * @Description:修改AD域用户密码
     * @author zhuyr
     * @date 2018-07-03
     */
    public void updatePWD(String dn) {
    	Person person = new Person();	
    	person.setCn("testzhu");
    	person.setUserPassword("Root.456");
    	String sOldPassword ="Root.123";
        
    	if (person == null || person.getCn() == null 
                || person.getCn().length() <= 0) {
            return;
        }
        
        try {
        	
        	String oldQuotedPassword = "\"" + sOldPassword + "\"";  
            byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE"); 
        	
        	String newQuotedPassword = "\"" + person.getUserPassword() + "\"";
    		byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
        	
        	ModificationItem[] mods = new ModificationItem[2];
        	//mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));
    		mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));  //userPassword
            mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));  
        	
        	
    		    		
    		dc.modifyAttributes("cn="+dn + "," + root, mods);
    		System.out.println("修改密码成功!");
        }catch(Exception e) {
			e.printStackTrace();
        }
    }
    
    /**
     * @Description:修改AD域用户属性
     * @author zhuyr
     * @date 2018-07-03
     */
    public void enablePerson(String dn) {
    	Person person = new Person();	
    	person.setCn("testzhu");
        person.setUserAccountControl("66048");
        
    	if (person == null || person.getCn() == null 
                || person.getCn().length() <= 0) {
            return;
        }
        
        try {
    		ModificationItem[] mods = new ModificationItem[1]; 
            mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", person.getUserAccountControl()));
    		    		
    		dc.modifyAttributes("cn="+dn + "," + root, mods);
    		System.out.println("启用用户成功!");
        }catch(Exception e) {
			e.printStackTrace();
        }
    }

    /**
     * @Description:搜索指定节点下的所有AD域用户
     * @author zhuyr
     * @date 2018-07-03
     */
    public void searchInformation(String searchBase) {
        try {
            SearchControls searchCtls = new SearchControls();
            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            String searchFilter = "objectClass=user";
            String returnedAtts[] = { "memberOf" };
            searchCtls.setReturningAttributes(returnedAtts);
            NamingEnumeration answer = dc.search(searchBase, searchFilter, searchCtls);
            while (answer.hasMoreElements()) {
                SearchResult sr = (SearchResult) answer.next();
                System.out.println(sr.getName());
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * @Description:指定搜索节点搜索指定域用户
     * @author zhuyr
     * @date 2018-07-03
     */
    public SearchResult searchByUserName(String searchBase, String userName) {
        SearchControls searchCtls = new SearchControls();
        searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        String searchFilter = "sAMAccountName=" + userName;
        String returnedAtts[] = { "memberOf" }; //定制返回属性
        searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
        try {
            NamingEnumeration answer = dc.search(searchBase, searchFilter, searchCtls);
            return answer.next();
        } catch (Exception e) {
            System.err.println("指定搜索节点搜索指定域用户失败");
            e.printStackTrace();
        }
        return null;
    }
}

  

 

转载于:https://www.cnblogs.com/amoyzhu/p/9261844.html

你可能感兴趣的:(java修改AD域用户密码使用SSL连接方式)