1.創建連接
/**
* 獲取連接
* @param type 操作類型:1.操作用戶2.操作用戶組
* @return
*/
private static LdapContext getConnection(int type) {
LdapContext ctx = null;
Hashtable<String, String> env = new Hashtable<>();
StringBuffer ldapUrl = new StringBuffer();
if (type == 1) {// 對用戶操作時
ldapUrl.append("ldap://127.0.0.1:389/").append("ou=Duser,dc=sss,dc=com");
} else if (type == 2) {// 對用戶組操作時
ldapUrl.append("ldap://127.0.0.1:389/").append("ou=Group,dc=sss,dc=com");
}
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LadpCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=ldap,ou=aaa,dc=sss,dc=com");// 用戶名
env.put(Context.SECURITY_CREDENTIALS, "psw12345t");// 密碼
env.put(Context.PROVIDER_URL, ldapUrl.toString());// 目錄地址
try {
ctx = new InitialLdapContext(env, null);// 創建連接
} catch (NamingException e) {
e.printStackTrace();
return null;
}
return ctx;
}
2.新增用戶
/**
* 新增用戶---注意密碼部分--{加密類型}加密後的密碼
* @param userId
* @return
*/
public static boolean addUser(String userId) {
// 創建連接,此時的目錄地址是ou=Duser,dc=sss,dc=com,創建的用戶會存在這底下
LdapContext ctx = getConnection(1);
if (ctx != null) {
try {
BasicAttributes attrsbus = new BasicAttributes();
BasicAttribute objClass = new BasicAttribute("objectclass");
objClass.add("inetOrgPerson");
objClass.add("posixAccount");
objClass.add("top");
objClass.add("shadowAccount");
attrsbus.put(objClass);
attrsbus.put("cn", userId);
attrsbus.put("givenName", "小明");// 名稱
attrsbus.put("gidNumber", "121");// ldap用戶組編號(數字)
attrsbus.put("homeDirectory", "地址1");// 家庭地址
attrsbus.put("userPassword", "{md5}" + ldapEncoderByMd5("111111"));// 密碼
attrsbus.put("sn", userId);
attrsbus.put("uidNumber", "100001");// 用戶編號(數字)
String dn = "uid=" + userId;
// 在ou=Duser,dc=sss,dc=com目錄下創建uid=xxx用戶
ctx.createSubcontext(dn, attrsbus);
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return false;
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
return false;
} finally {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
} else {
return false;
}
}
/**
* 獲取md5加密後的密碼
* @param psw 密碼,明文
* @return md5加密後的密碼
* @throws NoSuchAlgorithmException
* @throws UnsupportedEncodingException
*/
private static String ldapEncoderByMd5(String psw) throws NoSuchAlgorithmException, UnsupportedEncodingException {
byte[] byteArray = null;
MessageDigest md5 = MessageDigest.getInstance("MD5");
md5.reset();
md5.update(psw.getBytes("utf-8"));
byteArray = md5.digest();
String md5pwd = new sun.misc.BASE64Encoder().encode(byteArray);
return md5pwd;
}
3.新增用戶組
/**
* 創建用戶組
* @param groupName 英文名
* @param groupId 編號
* @param groupChinseName 中文名
* @return
*/
public static boolean addLdapGroup(String groupName, String groupId, String groupChinseName) {
// 創建連接,此時的目錄地址是ou=Group,dc=sss,dc=com,創建的用戶組會存在這底下
LdapContext ctx = getConnection(2);
if (ctx != null) {
try {
BasicAttributes attrsbus = new BasicAttributes();
BasicAttribute objClass = new BasicAttribute("objectclass");
objClass.add("top");
objClass.add("posixGroup");
attrsbus.put(objClass);
attrsbus.put("cn", groupName);
attrsbus.put("gidNumber", groupId);// ldap用戶組編號(數字)
attrsbus.put("description", groupChinseName);// 用戶組中文描述
String dn = "cn=" + groupName;
// 在ou=Group,dc=sss,dc=com目錄下創建cn=xxx用戶組
ctx.createSubcontext(dn, attrsbus);
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
} finally {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
} else {
return false;
}
}
4. 刪除用戶或用戶組
/**
* 刪除用戶、用戶組
* @param dn
* @param type
* @return
*/
public static boolean delete(String userIdOrGroupName,int type) {
LdapContext ctx = getConnection(type);
StringBuffer dn = new StringBuffer();
if(ctx != null) {
if(type == 1) {
dn.append("uid=").append(userIdOrGroupName);
}else if(type == 2) {
dn.append("cn=").append(userIdOrGroupName);
}else {
return false;
}
try {
ctx.destroySubcontext(dn.toString());
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
}finally {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
} else {
return false;
}
}
5.修改用戶組信息
/**
* 修改用戶組信息
* @param groupName 用戶組英文名
* @param groupChineseName 用戶組中文名
* @return
*/
public static boolean modifyGroup(String groupName,String groupChineseName) {
LdapContext ctx = getConnection(2);
if(ctx != null) {
StringBuffer sb = new StringBuffer();
sb.append("cn=").append(groupName);
ModificationItem [] mods = new ModificationItem[1];
Attribute attr0 = new BasicAttribute("description",groupChineseName);
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr0);
try {
ctx.modifyAttributes(sb.toString(), mods);
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
}
}else {
return false;
}
}
6.修改用戶密碼
/**
* 修改用戶密碼
* @param userId 用戶名
* @param password 密碼
* @return
*/
public static boolean modifyUserPassword(String userId,String password) {
LdapContext ctx = getConnection(1);
if(ctx != null) {
StringBuffer sb = new StringBuffer();
sb.append("uid=").append(userId);
try {
ModificationItem [] mods = new ModificationItem[1];
Attribute attr0 = new BasicAttribute("userPassword","{md5}" + ldapEncoderByMd5(password));
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr0);
ctx.modifyAttributes(sb.toString(), mods);
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return false;
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
return false;
}
}else {
return false;
}
}
7.用戶組新增用戶
/**
* 用戶組新增用戶
* @param groupName 用戶組
* @param ids 用戶id數組
* @return
*/
public static boolean addUserToGroup(String groupName,String [] ids) {
LdapContext ctx = getConnection(2);
if(ctx != null) {
StringBuffer sb = new StringBuffer();
sb.append("cn=").append(groupName);
try {
ModificationItem [] mods = new ModificationItem[1];
Attribute memberUid = new BasicAttribute("memberUid");
if(ids != null && ids.length > 0) {
for(String id:ids) {
memberUid.add(id);
}
}
mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, memberUid);
ctx.modifyAttributes(sb.toString(), mods);
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
}
}else {
return false;
}
}
8.用戶組刪除用戶
/**
* 用戶組刪除用戶
* @param groupName 用戶組
* @param ids 用戶id數組
* @return
*/
public static boolean deleteUserToGroup(String groupName,String [] ids) {
LdapContext ctx = getConnection(2);
if(ctx != null) {
StringBuffer sb = new StringBuffer();
sb.append("cn=").append(groupName);
try {
ModificationItem [] mods = new ModificationItem[1];
Attribute memberUid = new BasicAttribute("memberUid");
if(ids != null && ids.length > 0) {
for(String id:ids) {
memberUid.add(id);
}
}
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, memberUid);
ctx.modifyAttributes(sb.toString(), mods);
return true;
} catch (NamingException e) {
e.printStackTrace();
return false;
}
}else {
return false;
}
}