Lightweight Directory Access Protocol (LDAP),轻型目录访问协议是一个访问在线目录服务的协议。下面的例子中简单介绍在java中队ldap的增删该查功能。目录结构为:
CD=CAS,DC=MYDC
--cn=users
----uid=zhangsan
1、通过LdapContext连接ldap
/** * 连接LDAP */ @SuppressWarnings({ "rawtypes", "unchecked" }) public LdapContext connetLDAP() throws NamingException { // 连接Ldap需要的信息 String ldapFactory = "com.sun.jndi.ldap.LdapCtxFactory"; String ldapUrl = "ldap:/IP:port";// url String ldapAccount = "cn=root"; // 用户名 String ldapPwd = "password";//密码 Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory); // LDAP server env.put(Context.PROVIDER_URL, ldapUrl); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, ldapAccount); env.put(Context.SECURITY_CREDENTIALS, ldapPwd); env.put("java.naming.referral", "follow"); LdapContext ctxTDS = new InitialLdapContext(env, null); return ctxTDS; }
2、增加用户zhangsan
// 添加 public void testAdd() throws Exception { LdapContext ctx = connetLDAP(); Attributes attrs = new BasicAttributes(true); Attribute objclass = new BasicAttribute("objectclass"); // 添加ObjectClass String[] attrObjectClassPerson = { "inetOrgPerson", "organizationalPerson", "person", "top" }; Arrays.sort(attrObjectClassPerson); for (String ocp : attrObjectClassPerson) { objclass.add(ocp); } attrs.put(objclass); String uid = "zhangsan"; String userDN = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc"; // 密码处理 // attrs.put("uid", uid); attrs.put("cn", uid); attrs.put("sn", uid); attrs.put("displayName", "张三"); attrs.put("mail", "[email protected]"); attrs.put("description", ""); attrs.put("userPassword", "Passw0rd".getBytes("UTF-8")); ctx.createSubcontext(userDN, attrs); }
3、删除用户zhangsan
//删除 public void testRemove() throws Exception { LdapContext ctx = connetLDAP(); String uid = "zhangsan"; String userDN = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc"; ctx.destroySubcontext(userDN); }
4、修改zhangsan的邮件地址
//修改 public boolean testModify() throws Exception { boolean result = true; LdapContext ctx = connetLDAP(); String uid = "zhangsan"; String userDN = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc"; Attributes attrs = new BasicAttributes(true); attrs.put("mail", "[email protected]"); ctx.modifyAttributes(userDN, DirContext.REPLACE_ATTRIBUTE, attrs); return result; }
5、查找用户
//查询 public void testSearch() throws Exception { LdapContext ctx = connetLDAP(); // 设置过滤条件 String uid = "zhangsan"; String filter = "(&(objectClass=top)(objectClass=organizationalPerson)(uid=" + uid + "))"; // 限制要查询的字段内容 String[] attrPersonArray = { "uid", "userPassword", "displayName", "cn", "sn", "mail", "description" }; SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); // 设置将被返回的Attribute searchControls.setReturningAttributes(attrPersonArray); // 三个参数分别为: // 上下文; // 要搜索的属性,如果为空或 null,则返回目标上下文中的所有对象; // 控制搜索的搜索控件,如果为 null,则使用默认的搜索控件 NamingEnumeration<SearchResult> answer = ctx.search("cn=users,dc=cas,dc=mydc", filter.toString(), searchControls); // 输出查到的数据 while (answer.hasMore()) { SearchResult result = answer.next(); NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll(); while (attrs.hasMore()) { Attribute attr = attrs.next(); System.out.println(attr.getID() + "=" + attr.get()); } System.out.println("============"); } }