JAVA_基本LDAP操作
一、简介
Lightweight Directory Access Protocol (LDAP),轻型目录访问协议是一个访问在线目录服务的协议。下面的例子中简单介绍在java中队ldap的增删该查功能。目录结构为:
CD=CAS,DC=MYDC
--cn=users
----uid=zhangsan
二、示例
1、通过LdapContext连接ldap
/**
* 连接LDAP
*/
@SuppressWarnings({ "rawtypes", "unchecked" })
public LdapContext connetLDAP() throws NamingException {
// 连接Ldap需要的信息
String ldapFactory = "com.sun.jndi.ldap.LdapCtxFactory";
String ldapUrl = "ldap:/IP:port";// url
String ldapAccount = "cn=root"; // 用户名
String ldapPwd = "password";//密码
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory);
// LDAP server
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapAccount);
env.put(Context.SECURITY_CREDENTIALS, ldapPwd);
env.put("java.naming.referral", "follow");
LdapContext ctxTDS = new InitialLdapContext(env, null);
return ctxTDS;
}
2、增加用户zhangsan
// 添加
public void testAdd() throws Exception {
LdapContext ctx = connetLDAP();
Attributes attrs = new BasicAttributes(true);
Attribute objclass = new BasicAttribute("objectclass");
// 添加ObjectClass
String[] attrObjectClassPerson = { "inetOrgPerson", "organizationalPerson", "person", "top" };
Arrays.sort(attrObjectClassPerson);
for (String ocp : attrObjectClassPerson) {
objclass.add(ocp);
}
attrs.put(objclass);
String uid = "zhangsan";
String userDN = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc";
// 密码处理
// attrs.put("uid", uid);
attrs.put("cn", uid);
attrs.put("sn", uid);
attrs.put("displayName", "张三");
attrs.put("mail", "[email protected]");
attrs.put("description", "");
attrs.put("userPassword", "Passw0rd".getBytes("UTF-8"));
ctx.createSubcontext(userDN, attrs);
} 3、删除用户zhangsan
//删除
public void testRemove() throws Exception {
LdapContext ctx = connetLDAP();
String uid = "zhangsan";
String userDN = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc";
ctx.destroySubcontext(userDN);
}
4、修改zhangsan的邮件地址
//修改
public boolean testModify() throws Exception {
boolean result = true;
LdapContext ctx = connetLDAP();
String uid = "zhangsan";
String userDN = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc";
Attributes attrs = new BasicAttributes(true);
attrs.put("mail", "[email protected]");
ctx.modifyAttributes(userDN, DirContext.REPLACE_ATTRIBUTE, attrs);
return result;
}
5、查找用户
//查询
public void testSearch() throws Exception {
LdapContext ctx = connetLDAP();
// 设置过滤条件
String uid = "zhangsan";
String filter = "(&(objectClass=top)(objectClass=organizationalPerson)(uid=" + uid + "))";
// 限制要查询的字段内容
String[] attrPersonArray = { "uid", "userPassword", "displayName", "cn", "sn", "mail", "description" };
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// 设置将被返回的Attribute
searchControls.setReturningAttributes(attrPersonArray);
// 三个参数分别为:
// 上下文;
// 要搜索的属性,如果为空或 null,则返回目标上下文中的所有对象;
// 控制搜索的搜索控件,如果为 null,则使用默认的搜索控件
NamingEnumeration<SearchResult> answer = ctx.search("cn=users,dc=cas,dc=mydc", filter.toString(), searchControls);
// 输出查到的数据
while (answer.hasMore()) {
SearchResult result = answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
while (attrs.hasMore()) {
Attribute attr = attrs.next();
System.out.println(attr.getID() + "=" + attr.get());
}
System.out.println("============");
}
}