LDAP 用戶認證！

package ldap;

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class TestLDAP {

	/**
	 * 相關問題：
	 * 1.權限的控制，
	 * 2.匿名登錄的驗證
	 * 3.登錄的方式：匿名，用戶名密碼驗證
	 */

	private Hashtable<String, String> env = new Hashtable<String, String>();

	/**
	 * @return
	 * @throws NamingException
	 */
	public LdapContext getLdapConnection(String userName,String passwd) {
		   LdapContext ldapContext = null;
		   //用戶名稱，cn,ou,dc 分別：用戶，組，域
		   env.put(Context.SECURITY_PRINCIPAL, userName);
		   //用戶密碼 cn 的密碼
		   env.put(Context.SECURITY_CREDENTIALS, passwd);
		   //url 格式：協議://ip:端口/組,域   ,直接連接到域或者組上面
		   env.put(Context.PROVIDER_URL, "ldap://10.0.31.243:10389/dc=sugon,dc=com");
		   //LDAP 工廠
		   env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
		   //驗證的類型     "none", "simple", "strong"
		   env.put(Context.SECURITY_AUTHENTICATION, "simple");
		   try {
			ldapContext = new InitialLdapContext(env, null);
			System.out.println("---connection is ready----");
		} catch (NamingException e) {
			//e.printStackTrace();
			System.out.println("--- get connection failure ----");
		}
		   return ldapContext;
	}

	public static void main(String[] args) throws NamingException{
		TestLDAP authUser = new TestLDAP();
		//testldap.getLdapConnection("uid=admin,ou=system","secret");
		//authUser.getLdapConnection("cn=kfc001,ou=kfc,dc=sugon,dc=com","kfc000");
		//authUser.authUser();
		authUser.updateUser();

	}

	/**
	 * 在連接的域下面，新建組，以及在組下新建用戶
	 * @param userDn
	 * @param password
	 * @return
	 * @throws NamingException
	 */
	public boolean addLDAPUser() throws NamingException{

	   LdapContext ldapContext = getLdapConnection("cn=test,ou=coreplatform,dc=sugon,dc=com","sugon123");
	   String BASE_DN ="";

	   String appName = "kfc";
	   String userName = "kfc001";
	   String passwd = "kfc001";
	   SearchControls sc = new SearchControls();
       sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
       NamingEnumeration<SearchResult> answer = ldapContext.search(BASE_DN,
               "(&(objectclass=organizationalUnit)(ou="+ appName +"))", sc);
       System.out.println("answer is :"+answer.hasMoreElements());

       if (!answer.hasMoreElements()) {
           // 創建一個組
           Attributes attrs = new BasicAttributes(true);
           attrs.put("objectClass", "organizationalUnit");
           attrs.put("ou","kfc");
           ldapContext.createSubcontext("ou=" + "kfc" , attrs);
       }

       Attributes attrs = new BasicAttributes(true);
       attrs.put("objectClass", "organizationalPerson");
       attrs.put("cn",userName);
       attrs.put("sn",userName);
       attrs.put("userPassword",passwd);
       ldapContext.createSubcontext("cn=" + userName+ "," + "ou=" + appName , attrs);

       ldapContext.close();

		System.out.println("----");
		return true;
	}

	/**
	 *更新用戶信息
	 * @throws NamingException
	 */
	public void updateUser() throws NamingException{
			LdapContext ldapContext = getLdapConnection("cn=test,ou=coreplatform,dc=sugon,dc=com","sugon123");
	        //
	        ModificationItem[] mods = new ModificationItem[3];
	        mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", "test"));
	        mods[1] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("cn", "test"));
	        mods[2] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("sn", "test"));
	        ldapContext.modifyAttributes("cn=test,ou=coreplatform", mods);
	        System.out.println("change passwd successed!");
	        ldapContext.close();

	}


}