添加用户、修改ad密码

java 代码

/**
 *
 */
package ldap;

import java.util.Properties;

import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;

/**
 * @author Keven Chen
 * @version $Revision 1.0 $
 *
 */
public class AddAdUser {
    private static final String SUN_JNDI_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";

    public static void main(String[] args) throws Exception {
        String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";
        System.setProperty("javax.net.ssl.trustStore", keystore);

        Properties env = new Properties();

        env.put(Context.INITIAL_CONTEXT_FACTORY, SUN_JNDI_PROVIDER);// java.naming.factory.initial
        env.put(Context.PROVIDER_URL, "ldap://192.168.1.32:636");// java.naming.provider.url
        env.put(Context.SECURITY_AUTHENTICATION, "simple");// java.naming.security.authentication
        env.put(Context.SECURITY_PRINCIPAL,
                "cn=Administrator,cn=Users,dc=comwave,dc=com");// java.naming.security.principal
        env.put(Context.SECURITY_CREDENTIALS, "password");// java.naming.security.credentials
        env.put(Context.SECURITY_PROTOCOL, "ssl");

        String userName = "CN=test,CN=Users,DC=comwave,DC=com";
        String groupName = "CN=Domain Admins,CN=Users,DC=comwave,DC=com";

        LdapContext ctx = new InitialLdapContext(env, null);

        // Create attributes to be associated with the new user
        Attributes attrs = new BasicAttributes(true);

        // These are the mandatory attributes for a user object
        // Note that Win2K3 will automagically create a random
        // samAccountName if it is not present. (Win2K does not)
        attrs.put("objectClass", "user");
        attrs.put("sAMAccountName", "test");
        attrs.put("cn", "test");

        // These are some optional (but useful) attributes
        attrs.put("sn", "test");
        attrs.put("displayName", "test");
        attrs.put("description", "测试");
        attrs.put("userPrincipalName", "test@comwave.com");
        attrs.put("mail", "test@comwave.com");
        attrs.put("telephoneNumber", "1234568999");

        // some useful constants from lmaccess.h
        int UF_ACCOUNTDISABLE = 0x0002;
        int UF_PASSWD_NOTREQD = 0x0020;
        int UF_PASSWD_CANT_CHANGE = 0x0040;
        int UF_NORMAL_ACCOUNT = 0x0200;
        int UF_DONT_EXPIRE_PASSWD = 0x10000;
        int UF_PASSWORD_EXPIRED = 0x800000;

        // Note that you need to create the user object before you can
        // set the password. Therefore as the user is created with no
        // password, user AccountControl must be set to the following
        // otherwise the Win2K3 password filter will return error 53
        // unwilling to perform.

        attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT
                + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));

        // Create the context
        Context result = ctx.createSubcontext(userName, attrs);
        System.out.println("Created disabled account for: " + userName);

        ModificationItem[] mods = new ModificationItem[2];

        // Replace the "unicdodePwd" attribute with a new value
        // Password must be both Unicode and a quoted string
        String newQuotedPassword = "\"Password2000\"";
        byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

        mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
                new BasicAttribute("unicodePwd", newUnicodePassword));
        mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
                new BasicAttribute("userAccountControl", Integer
                        .toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));

        // Perform the update
        ctx.modifyAttributes(userName, mods);
        System.out.println("Set password & updated userccountControl");
        // now add the user to a group.

        try {
            ModificationItem member[] = new ModificationItem[1];
            member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
                    new BasicAttribute("member", userName));

            ctx.modifyAttributes(groupName, member);
            System.out.println("Added user to group: " + groupName);

        } catch (NamingException e) {
            System.err.println("Problem adding user to group: " + e);
        }
        // Could have put tls.close() prior to the group modification
        // but it seems to screw up the connection or context ?

        ctx.close();

        System.out.println("Successfully created User: " + userName);

    }

}

java 代码

/**
 *
 */
package ldap;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;

/**
 * @author Keven Chen
 * @version $Revision 1.0 $
 *
 */
public class UpdatePasswordTLS {
    public static void main (String[] args)
    {

        Hashtable env = new Hashtable();
        String adminName = "CN=Administrator,CN=Users,DC=comwave,DC=com";
        String adminPassword = "aadsasdfasd";
        String userName = "CN=keven,CN=Users,DC=comwave,DC=com";
        String newPassword = "aaaaaaaa";

        String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";
        System.setProperty("javax.net.ssl.trustStore",keystore);

        //Access the keystore, this is where the Root CA public key cert was installed
        //Could also do this via command line java -Djavax.net.ssl.trustStore....
        //String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts";
        //System.setProperty("javax.net.ssl.trustStore",keystore);

        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

        //set security credentials, note using simple cleartext authentication
        env.put(Context.SECURITY_AUTHENTICATION,"simple");
        env.put(Context.SECURITY_PRINCIPAL,adminName);
        env.put(Context.SECURITY_CREDENTIALS,adminPassword);
        env.put(Context.SECURITY_PROTOCOL,"ssl");

        //connect to my domain controller
        String ldapURL = "ldap://192.168.1.32:636";
        env.put(Context.PROVIDER_URL,ldapURL);

        try {

//           Create the initial directory context
            LdapContext ctx = new InitialLdapContext(env,null);

            //set password is a ldap modfy operation
            ModificationItem[] mods = new ModificationItem[1];

            //Replace the "unicdodePwd" attribute with a new value
            //Password must be both Unicode and a quoted string
            String newQuotedPassword = "\"" + newPassword + "\"";
            byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

            //注意：如果是当前用户自行修改密码，需要先删除oldpassword，然后在添加新的password
            /*
            ModificationItem[] mods = new ModificationItem[2];
            //Firstly delete the "unicdodePwd" attribute, using the old password
            //Then add the new password,Passwords must be both Unicode and a quoted string
            String oldQuotedPassword = "\"" + sOldPassword + "\"";
            byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
            String newQuotedPassword = "\"" + sNewPassword + "\"";
            byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
            mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
            mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
            // Perform the update
            ctx.modifyAttributes(sUserName, mods);
            */

            mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));

            // Perform the update
            ctx.modifyAttributes(userName, mods);

            System.out.println("Reset Password for: " + userName);
            ctx.close();


        }
        catch (NamingException e) {
            System.out.println("Problem resetting password: " + e);
        }
        catch (UnsupportedEncodingException e) {
            System.out.println("Problem encoding password: " + e);
        }
        catch (IOException e) {
            System.out.println("Problem with TLS: " + e);
        }

    }

}

评论

9 楼 路人甲wxf 2014-05-26  

.net可以在不使用证书的情况下修改密码，java做不到吗？

8 楼 Leecupn 2009-08-21  

是的，确实是证书没正确导入。后来我解决了。
请问，我能不能添加或删除一个Group呢？？？
你做过相关项目吗？
还有，一定要通过
      String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";   
     System.setProperty("javax.net.ssl.trustStore", keystore); 
这种方式来导入证书吗？还有其他方式没有啊？

7 楼 balaschen 2009-08-19  

应该是证书没正确导入到keyStord指定的位置

6 楼 balaschen 2009-08-19  

你这明显是SSL没配置好。

5 楼 Leecupn 2009-08-17  

你好，我用你的方法，但是不知道怎么搞的，报以下异常:
Exception in thread "main" javax.naming.CommunicationException: simple bind failed: 192.168.136.202:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at com.zony.ldap2.AddAdUser.main(AddAdUser.java:29)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
... 12 more
能帮助我吗？？
谢谢

4 楼 Fire_Wings 2009-04-01  

wls981 写道

您好，我也用java通过LDAP修改AD的用户密码，我是用admin修改其他用户的密码的，但是报下面的错误，我导入证书了：Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0];&nbsp; remaining name 'cn=wls,cn=Users,dc=gnt,dc=com,dc=cn' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758) at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1441) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161) at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148) at test.LdapOperator.changePassword(LdapOperator.java:166) at test.LdapOperator.main(LdapOperator.java:334)请问会是什么原因引起的，我新增用户，修改用户的属性都没有问题，唯独修改密码不行。谢谢！

你的密码不符合密码策略,换个符合策略的密码就行了,我也遇到了这种情况,换个密码是一种解决方案

3 楼 wls981 2009-01-12  

您好，我也用java通过LDAP修改AD的用户密码，我是用admin修改其他用户的密码的，但是报下面的错误，我导入证书了：

Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0];  remaining name 'cn=wls,cn=Users,dc=gnt,dc=com,dc=cn'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1441)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148)
at test.LdapOperator.changePassword(LdapOperator.java:166)
at test.LdapOperator.main(LdapOperator.java:334)


请问会是什么原因引起的，我新增用户，修改用户的属性都没有问题，唯独修改密码不行。
谢谢！

2 楼 balaschen 2008-09-04  

你AD Server的SSL配置没配好吧，netstat查看有没有打开636端口号

1 楼 haidii 2008-08-20  

你好，我用你的方法，不知道怎么搞的，报以下异常:
Exception in thread "main" javax.naming.CommunicationException: simple bind failed: localhost:636 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at ldap.AddAdUser.main(AddAdUser.java:34)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
... 12 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 20 more
你能帮助我吗？？
谢谢!