DAP資料介紹可以參考:http://wenku.baidu.com/view/262742f9f705cc17552709f9.html
ldap訪問AD域的的錯誤一般會如下格式:
Ldap load error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
其中紅字部分的意思如下(這些錯誤碼跟語言無關):
525 - 用戶沒有找到
52e - 證書不正確
530 - not permitted to logon at this time
532 - 密碼期滿
533 - 帳戶不可用
701 - 賬戶期滿
773 - 用戶必須重設密碼
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
publicclass LdapADHelper {
public LdapADHelper() {
}
private String host,url,adminName,adminPassword;
private LdapContext ctx = null;
/**
* 初始化ldap
*/
publicvoid initLdap(){
//ad服務器
this.host = "xxx.com"; // AD服務器
this.url = new String("ldap://" + host );//默認端口爲80的可以不用填寫,其他端口需要填寫,如ldap://xxx.com:8080
this.adminName = "[email protected]";// 注意用戶名的寫法:domain\User 或 [email protected]
this.adminPassword = "admin";
Hashtable HashEnv = new Hashtable();
HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); // LDAP訪問安全級別
HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); // AD User
HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); // AD Password
HashEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // LDAP工廠類
HashEnv.put(Context.PROVIDER_URL, url);
try {
ctx = new InitialLdapContext(HashEnv, null);
System.out.println("初始化ldap成功!");
} catch (NamingException e) {
e.printStackTrace();
System.err.println("Throw Exception : " + e);
}
}
/**
* 關閉ldap
*/
publicvoid closeLdap(){
try {
this.ctx.close();
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**
*
* @param type organizationalUnit:組織架構 group:用戶組 user|person:用戶
* @param name
* @return
*/
public String GetADInfo(String type ,String filter ,String name) {
String userName = name; // 用戶名稱
if (userName == null) {
userName = "";
}
String company = "";
String result = "";
try {
// 域節點
String searchBase = "DC=xx,DC=xxx,DC=com";
// LDAP搜索過濾器類
//cn=*name*模糊查詢 cn=name 精確查詢
// String searchFilter = "(objectClass="+type+")";
String searchFilter = "(&(objectClass="+type+")("+filter+"=*" + name + "*))";
// 創建搜索控制器
SearchControls searchCtls = new SearchControls();
// 設置搜索範圍
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// String returnedAtts[] = { "memberOf" }; // 定製返回屬性
// searchCtls.setReturningAttributes(returnedAtts); // 設置返回屬性集 不設置則返回所有屬性
// 根據設置的域節點、過濾器類和搜索控制器搜索LDAP得到結果
NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);// Search for objects using the filter
// 初始化搜索結果數爲0
int totalResults = 0;// Specify the attributes to return
int rows = 0;
while (answer.hasMoreElements()) {// 遍歷結果集
SearchResult sr = (SearchResult) answer.next();// 得到符合搜索條件的DN
++rows;
String dn = sr.getName();
System.out.println(dn);
Attributes Attrs = sr.getAttributes();// 得到符合條件的屬性集
if (Attrs != null) {
try {
for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore();) {
Attribute Attr = (Attribute) ne.next();// 得到下一個屬性
System.out.println(" AttributeID=屬性名:"+ Attr.getID().toString());
// 讀取屬性值
for (NamingEnumeration e = Attr.getAll(); e.hasMore(); totalResults++) {
company = e.next().toString();
System.out.println(" AttributeValues=屬性值:"+ company);
}
System.out.println(" ---------------");
}
} catch (NamingException e) {
System.err.println("Throw Exception : " + e);
}
}// if
}// while
System.out.println("************************************************");
System.out.println("Number: " + totalResults);
System.out.println("總共用戶數:"+rows);
} catch (NamingException e) {
e.printStackTrace();
System.err.println("Throw Exception : " + e);
}
return result;
}
publicstaticvoid main(String args[]) {
// 實例化
LdapADHelper ad = new LdapADHelper();
ad.initLdap();
ad.GetADInfo("user","cn","李XX");//查找用戶
ad.GetADInfo("organizationalUnit","ou","工程");//查找組織架構
ad.GetADInfo("group","cn","福建xxx");//查找用戶組
ad.closeLdap();
}
}