這編主要是描述 Java JNDI 連 Windows Active Directory 的教程
包括認證
作者原文:
開始教程:
Install Windows
Install AD:
Start
domain name : joeyta
NT domain name : joeytaserver
即 Fully Qualified Domain Name (FQDN) 為 joeytaserver
先安裝 IIS
Install IIS:
Start
進入 表示安裝成功
Install CA:
Start
選擇 Certificate Services
選擇 Enterprise root CA
Common name for this CA: testca
進入 表示安裝成功
Generating a Certificate Signing Request:
Start
選擇
一直按 Next
最後產生 certificate request file
Request a certificate on CA:
進入
按 Request a certificate
使用 notepad 打開 c:\certreq
Certificate Template 選擇 Web Server
然後點選 Download certificate
Installing a Certificate:
Start
選擇
Path and file name: c:\certnew
SSL port this web site should use:
進入
點選 Download a CA certificate
點選 Download CA certificate
然後執行 command:
c:\temp>keytool
出現 Trusted this certificate? 按
/***************************** LDAPFastBind
package test
import java
import java
import java
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
import javax
class FastBindConnectionControl implements Control {
public byte[] getEncodedValue() {
return null;
}
public String getID() {
return
}
public boolean isCritical() {
return true;
}
}
public class LDAPFastBind {
public Hashtable env = null;
public LdapContext ctx = null;
public Control[] connCtls = null;
public LDAPFastBind(String ldapurl) {
env = new Hashtable();
env
env
env
env
String keystore =
System
connCtls = new Control[] { new FastBindConnectionControl() };
// first time we initialize the context
// therefore it is an anonymous bind
try {
ctx = new InitialLdapContext(env
} catch (NamingException e) {
System
}
}
public boolean Authenticate(String username
try {
ctx
ctx
ctx
System
return true;
}
catch (AuthenticationException e) {
System
System
return false;
} catch (NamingException e) {
System
System
return false;
}
}
public void finito() {
try {
ctx
System
} catch (NamingException e) {
System
}
}
public void printUserAccountControl() {
try {
// Create the search controls
SearchControls searchCtls = new SearchControls();
// Specify the search scope
searchCtls
// specify the LDAP search filter
//String searchFilter =
//String searchFilter =
String searchFilter =
// Specify the Base for the search
String searchBase =
// initialize counter to total the group members
int totalResults =
// Specify the attributes to return
String returnedAtts[] = {
searchCtls
// Search for objects using the filter
NamingEnumeration answer = ctx
searchCtls);
// Loop through the search results
while (answer
SearchResult sr = (SearchResult) answer
System
// Print out the groups
Attributes attrs = sr
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs
Attribute attr = (Attribute) ae
System
for (NamingEnumeration e = attr
System
+ e
}
}
} catch (NamingException e) {
System
}
}
}
System
}
catch (NamingException e) {
System
}
}
public boolean adminChangePassword(String sUserName
try {
//set password is a ldap modfy operation
ModificationItem[] mods = new ModificationItem[
//Replace the
//Password must be both Unicode and a quoted string
String newQuotedPassword =
byte[] newUnicodePassword = newQuotedPassword
mods[
new BasicAttribute(
// Perform the update
ctx
System
return true;
}
catch (NamingException e) {
System
}
catch (UnsupportedEncodingException e) {
System
}
return false;
}
public boolean userChangePassword(String sUserName
String sNewPassword){
try {
//StartTlsResponse tls=
//(StartTlsResponse)ctx
//tls
//change password is a single ldap modify operation
//that deletes the old password and adds the new password
ModificationItem[] mods = new ModificationItem[
//Firstly delete the
//Then add the new password
String oldQuotedPassword =
byte[] oldUnicodePassword = oldQuotedPassword
String newQuotedPassword =
byte[] newUnicodePassword = newQuotedPassword
mods[
new BasicAttribute(
mods[
new BasicAttribute(
// Perform the update
ctx
System
//tls
return true;
}
catch (NamingException e) {
System
}
catch (UnsupportedEncodingException e) {
System
} catch ( Exception e){
System
}
return false;
}
public boolean createNewUser(String sGroupName
try {
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
//These are the mandatory attributes for a user object
//Note that Win
//samAccountName if it is not present
attrs
attrs
attrs
//These are some optional (but useful) attributes
attrs
attrs
attrs
attrs
attrs
attrs
attrs
//some useful constants from lmaccess
int UF_ACCOUNTDISABLE =
int UF_PASSWD_NOTREQD =
int UF_PASSWD_CANT_CHANGE =
int UF_NORMAL_ACCOUNT =
int UF_DONT_EXPIRE_PASSWD =
int UF_PASSWORD_EXPIRED =
//Note that you need to create the user object before you can
//set the password
//password
//otherwise the Win
//unwilling to perform
attrs
(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx
System
//now that we
//password and change the userAccountControl
//and because password can only be set using SSL/TLS
//lets use StartTLS
//StartTlsResponse tls = (StartTlsResponse)ctx
(new StartTlsRequest());
//tls
//set password is a ldap modfy operation
//and we
//enabling the acount and force the user to update ther password
//the first time they login
ModificationItem[] mods = new ModificationItem[
//Replace the
//Password must be both Unicode and a quoted string
String newQuotedPassword =
byte[] newUnicodePassword = newQuotedPassword
mods[
new BasicAttribute(
mods[
new BasicAttribute(
Integer
// Perform the update
ctx
System
//now add the user to a group
try {
ModificationItem member[] = new ModificationItem[
member[
new BasicAttribute(
ctx
System
}
catch (NamingException e) {
System
}
//Could have put tls
//but it seems to screw up the connection or context ?
//tls
System
return true;
}
catch (NamingException e) {
System
}
catch (IOException e) {
System
}
return false;
}
public boolean addUserToGroup(LdapContext ctx
{
try{
ModificationItem[] mods = new ModificationItem[
mods[
new BasicAttribute(
ctx
System
return true;
} catch (NamingException ne){
System
}
return false;
}
public boolean removeUserFromGroup(LdapContext ctx
String groupDN) {
try{
ModificationItem[] mods = new ModificationItem[
mods[
new BasicAttribute(
ctx
System
return true;
} catch (NamingException ne){
System
}
return false;
}
}
/***************************** LDAPFastBind
/***************************** LDAPClient
package test
class LDAPClient {
public static void main(String[] args) {
// Could also use ldaps over port
// the
// Active Directory domain controller
// env
//String ldapurl =
String ldapurl =
LDAPFastBind ctx = new LDAPFastBind(ldapurl);
String sAdminUserName =
String sAdminPassword =
// String sUserName =
String sUserName =
// String sUserName =
String sOldPassword =
String sNewPassword =
String sNewUserName =
String sNewGroupName =
boolean IsAuthenticated = ctx
// boolean IsAuthenticated = ctx
ctx
ctx
//boolean IsAdminSuccessChangePWD =
//ctx
//boolean IsUserSuccessChangePWD =
//ctx
ctx
}
}
/***************************** LDAPClient
參考資料:
;id=
a?forumID=
From:http://tw.wingwit.com/Article/program/Java/hx/201311/27091.html