LDAP《三》
LDAP
下面是我在网上找的关于Java+LDAP的2个例子:
dc=ibm,dc=com
ou=developer,dc=ibm,dc=com
ou=tester,dc=ibm,dc=com
uid=bill,ou=developer,dc=ibm,dc=com
uid=kent,ou=tester,dc=ibm,dc=com
OpenLDAP的配置方法:
1, 安装.
2, 修改slapd.conf, 更改suffix和root dn. 重启instance. 如果是windows,则重启service.
3, 创建ldif文件, 写入要往ldap中添加的entry. 可以参考openLDAP目录下给的example.
4, 执行添加任务. 如果存在ldapadd,则运行”ldapadd -x -D “bindDN” -w password -f xxx.ldif”. 如果没有,则使用slapdadd. “slapadd -v -l xxx.ldif”. 记住,执行slapdadd之前,要先停掉ldap.
5, 在Base DN下搜用户 ldapsearch -b “ou=tester,dc=ibm,dc=com “(uid=bi*)”
JAVA操作LDAP:
Official Guide:http://docs.oracle.com/javase/jndi/tutorial/getStarted/examples/directory.html
使用JAVA自带方法,添加修改查询并删除下面的记录
uid=test,ou=tester,dc=ibm,dc=com
执行类
public class TestLdap {
public static void main(String[] args) throws NamingException {
Ldap ldap = Factory.createInstance();
ldap.connect();
try {
// add uid=test,ou=tester,dc=ibm,dc=com
ldap.add();
// search uid=test
ldap.search();
// update cn with new value of "changed name"
ldap.update();
// search uid=test to see cn value.
ldap.search();
// delete uid=test,ou=tester,dc=ibm,dc=com
ldap.delete();
// search again.
ldap.search();
} finally {
ldap.close();
}
}
}
接口
public interface Ldap {
public void connect() throws NamingException;
public void search() throws NamingException;
public void update() throws NamingException;
public void add() throws NamingException;
public void delete() throws NamingException;
public void close() throws NamingException;
}
静态工厂模式
public class Factory {
private static Ldap instance;
public synchronized static Ldap createInstance() {
if (instance == null) {
try {
instance = (Ldap) Class.forName("ldap.LdapImpl").newInstance();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
return instance;
}
}
接口实现
public class LdapImpl implements Ldap {
private DirContext ds;
@Override
public void search() throws NamingException {
System.out.println("Searching...");
SearchControls searchCtls = new SearchControls();
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = "uid=test";
// Specify the Base for the search
String searchBase = "dc=ibm,dc=com";
// Specify the attributes to return
String returnedAtts[] = { "cn" };
searchCtls.setReturningAttributes(returnedAtts);
// Search for objects using the filter
NamingEnumeration<SearchResult> entries = ds.search(searchBase,
searchFilter, searchCtls);
// Loop through the search results
while (entries.hasMoreElements()) {
SearchResult entry = entries.next();
System.out.println(">>>" + entry.getName());
// Print out the groups
Attributes attrs = entry.getAttributes();
if (attrs != null) {
for (NamingEnumeration<? extends Attribute> names = attrs
.getAll(); names.hasMore();) {
Attribute attr = names.next();
System.out.println("AttributeID: " + attr.getID());
for (NamingEnumeration<?> e = attr.getAll(); e.hasMore();) {
System.out.println("Attributes:" + e.next());
}
}
}
}
System.out.println("Search complete.");
}
@Override
public void update() throws NamingException {
System.out.println("Updating...");
ModificationItem[] mods = new ModificationItem[1];
Attribute attr = new BasicAttribute("cn", "changed value");
// Support add, replace and remove an attribute.
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
ds.modifyAttributes("uid=test,ou=tester,dc=ibm,dc=com", mods);
System.out.println("Updated.");
}
@Override
public void add() throws NamingException {
System.out.println("Adding...");
Attributes attrs = new BasicAttributes();
attrs.put("uid", "test");
attrs.put("sn", "test");
attrs.put("cn", "test test");
attrs.put("userPassword", "111111".getBytes());
// the following attribute has two values
Attribute objclass = new BasicAttribute("objectClass");
objclass.add("inetOrgPerson");
attrs.put(objclass);
this.ds.createSubcontext("uid=test,ou=tester,dc=ibm,dc=com", attrs);
System.out.println("Add complete.");
}
@Override
public void delete() throws NamingException {
System.out.println("Deleting...");
this.ds.destroySubcontext("uid=test,ou=tester,dc=ibm,dc=com");
System.out.println("Deleted.");
}
@Override
public synchronized void connect() throws NamingException {
System.out.println("connecting...");
if (ds == null) {
Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=ibm,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "secret");
ds = new InitialDirContext(env);
// ds = (DirContext) initial.lookup("ldap://localhost:389");
}
System.out.println("connected.");
}
@Override
public void close() throws NamingException {
System.out.println("closing...");
ds.close();
System.out.println("closed.");
}
}比如administrator这个用户的dn就是cn=administrator,cn=users,dc=ds-66,dc=com(简单来说就是全路径+域的形式)
最后就可以编码了,连接的代码比较简单,使用fliter的查询部门稍微复杂点,不过仔细看看也很容易理解,如下。
[java] view plaincopy在CODE上查看代码片派生到我的代码片
public static void main(String[] args) {
String url = "ldap://10.1.0.66:389/";
String domain = "dc=ds-66,dc=com";
String user = "cn=administrator,cn=users";
String password = "111111";
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // LDAP 工厂
env.put(Context.SECURITY_AUTHENTICATION, "simple"); // LDAP访问安全级别
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_PRINCIPAL, user+","+domain); // 填DN
env.put(Context.SECURITY_CREDENTIALS, password); // AD Password
env.put("java.naming.ldap.attributes.binary", "objectSid objectGUID");
LdapContext ldapCtx = null;
try {
ldapCtx = new InitialLdapContext(env , null);
queryGroup(ldapCtx);
//queryUser(ldapCtx);
} catch (NamingException e) {
e.printStackTrace();
} finally {
if(ldapCtx != null) {
try {
ldapCtx.close();
} catch (NamingException e) {
}
}
}
}
private static void queryGroup(LdapContext ldapCtx) throws NamingException {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "objectClass=organizationalUnit";
String searchBase = "ou=myDeptSubDept,ou=myDept,dc=DS-66,dc=com";
String returnedAtts[] = {"distinguishedName", "objectGUID", "name"};
searchCtls.setReturningAttributes(returnedAtts);
NamingEnumeration<SearchResult> answer = ldapCtx.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = answer.next();
Attributes Attrs = sr.getAttributes();
if (Attrs != null) {
NamingEnumeration<?> ne = Attrs.getAll();
while(ne.hasMore()) {
Attribute Attr = (Attribute)ne.next();
String name = Attr.getID();
Enumeration<?> values = Attr.getAll();
if (values != null) { // 迭代
while (values.hasMoreElements()) {
String value = "";
if("objectGUID".equals(name)) {
value = UUID.nameUUIDFromBytes((byte[]) values.nextElement()).toString();
} else {
value = (String)values.nextElement();
}
System.out.println(name + " " + value);
}
}
}
System.out.println("=====================");
}
}
}