package ldap;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class TestLDAP {
/**
* 相關問題:
* 1.權限的控制,
* 2.匿名登錄的驗證
* 3.登錄的方式:匿名,用戶名密碼驗證
*/
private Hashtable<String, String> env = new Hashtable<String, String>();
/**
* @return
* @throws NamingException
*/
public LdapContext getLdapConnection(String userName,String passwd) {
LdapContext ldapContext = null;
//用戶名稱,cn,ou,dc 分別:用戶,組,域
env.put(Context.SECURITY_PRINCIPAL, userName);
//用戶密碼 cn 的密碼
env.put(Context.SECURITY_CREDENTIALS, passwd);
//url 格式:協議://ip:端口/組,域 ,直接連接到域或者組上面
env.put(Context.PROVIDER_URL, "ldap://10.0.31.243:10389/dc=sugon,dc=com");
//LDAP 工廠
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
//驗證的類型 "none", "simple", "strong"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
try {
ldapContext = new InitialLdapContext(env, null);
System.out.println("---connection is ready----");
} catch (NamingException e) {
//e.printStackTrace();
System.out.println("--- get connection failure ----");
}
return ldapContext;
}
public static void main(String[] args) throws NamingException{
TestLDAP authUser = new TestLDAP();
//testldap.getLdapConnection("uid=admin,ou=system","secret");
//authUser.getLdapConnection("cn=kfc001,ou=kfc,dc=sugon,dc=com","kfc000");
//authUser.authUser();
authUser.updateUser();
}
/**
* 在連接的域下面,新建組,以及在組下新建用戶
* @param userDn
* @param password
* @return
* @throws NamingException
*/
public boolean addLDAPUser() throws NamingException{
LdapContext ldapContext = getLdapConnection("cn=test,ou=coreplatform,dc=sugon,dc=com","sugon123");
String BASE_DN ="";
String appName = "kfc";
String userName = "kfc001";
String passwd = "kfc001";
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> answer = ldapContext.search(BASE_DN,
"(&(objectclass=organizationalUnit)(ou="+ appName +"))", sc);
System.out.println("answer is :"+answer.hasMoreElements());
if (!answer.hasMoreElements()) {
// 創建一個組
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "organizationalUnit");
attrs.put("ou","kfc");
ldapContext.createSubcontext("ou=" + "kfc" , attrs);
}
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "organizationalPerson");
attrs.put("cn",userName);
attrs.put("sn",userName);
attrs.put("userPassword",passwd);
ldapContext.createSubcontext("cn=" + userName+ "," + "ou=" + appName , attrs);
ldapContext.close();
System.out.println("----");
return true;
}
/**
*更新用戶信息
* @throws NamingException
*/
public void updateUser() throws NamingException{
LdapContext ldapContext = getLdapConnection("cn=test,ou=coreplatform,dc=sugon,dc=com","sugon123");
//
ModificationItem[] mods = new ModificationItem[3];
mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", "test"));
mods[1] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("cn", "test"));
mods[2] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("sn", "test"));
ldapContext.modifyAttributes("cn=test,ou=coreplatform", mods);
System.out.println("change passwd successed!");
ldapContext.close();
}
}
LDAP 用戶認證!
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.