Java添加、修改MS AD用户密码
最近研究了下在AD中如何添加和修改用户密码。AD中修改密码一定要通过SSL或TLS才可以进行修改,这是MS硬性规定的,这就造成了还要做很多其它方面的配置工作,很麻烦,不过想想也合理,传输密码不加密被截获了也就完了。
前期要做的工作基本就是安装CA,获取证书,绑定keystore等等,过几天会详细写一下这几步的操作,现在先贴出代码。
import java.io.UnsupportedEncodingException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class OpAD{
private LdapContext ctx = null;
private String adminName = "[email protected]";
private String adminpassword = "password";
private String keystore = "C:/testca.keystore";
private String keyPassword = "changeit";
private String ldapURL = "ldaps://ldap.testad.com:636";
private String searchBase = "DC=testad,DC=com";
private String returnedAtts[] = { "distinguishedName" };
private boolean initial_Ldap() {
Hashtable env = new Hashtable();
System.setProperty("javax.net.ssl.trustStore", keystore);
System.setProperty("javax.net.ssl.trustStorePassword", keyPassword);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminpassword);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, ldapURL);
try {
System.out.println("Start InitialLdapContext");
ctx = new InitialLdapContext(env, null);
System.out.println("InitialLdapContext succeed");
} catch (NamingException e) {
System.out.println("Problem initial_Ldap NamingException: " + e);
return false;
}
return true;
}
private boolean close_Ldap() {
System.out.println("Close Ldap");
try {
ctx.close();
} catch (NamingException e) {
System.out.println("Problem close_Ldap NamingException: " + e);
return false;
}
return true;
}
private String search_distinguishedName(String username) {
String searchFilter = "(&(objectClass=user)(cn=" + username + "))";
try {
System.out.println("Start search " + username + "'s distinguishedName");
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration answer = ctx.search(searchBase, searchFilter,
searchCtls);
if (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
NamingEnumeration ae = attrs.getAll();
Attribute attr = (Attribute) ae.next();
NamingEnumeration e = attr.getAll();
return (String) e.next();
}
}
} catch (NamingException e) {
System.out
.println("Problem search_distinguishedName NamingException: " + e);
return "error";
}
return "none";
}
private boolean mod_Pwd(String username, String password) {
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "/"" + password + "/"";
try {
System.out.println("Start reset password");
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes(username, mods);
System.out.println("Finish reset password" + username);
} catch (UnsupportedEncodingException e) {
System.out.println("Problem mod_Pwd UnsupportedEncodingException: " + e);
return false;
} catch (NamingException e) {
System.out.println("Problem mod_Pwd NamingException: " + e);
return false;
}
return true;
}
public static void main(String args[]) {
OpAD inst = new OpAD();
inst.initial_Ldap();
String username = inst.search_distinguishedName("testuser");
inst.mod_Pwd(username, "1234AbcD");
inst.close_Ldap();
}
}