jldap实现Java对LDAP的基本操作 -

晴天雨天

浏览: 14742 次
性别:
来自: 上海

最近访客更多访客>>

beibei1022

qryl

Broleon

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

jldap实现Java对LDAP的基本操作

博客分类：

LDAP

OpenLDAP

目录：

概述
基本操作

查询
添加
删除
修改属性
验证密码

[一]、概述

jldap 官网：http://www.openldap.org/jldap/

可以从官网下载源编译生成jar包，如果项目是用maven构建的，在pom.xml中增加如下内容即可：

 
XHTML
 
1
2
3
4
5
6
7

    <dependency>

     <groupId>com.novell.ldap</groupId>

     <artifactId>jldap</artifactId>

     <version>4.3</version>

     <type>jar</type>

     <scope>compile</scope>

    </dependency>

[二]、基本操作

为了演示基本的操作，需要搭建个LDAP服务，有关openLDAP在windows上的安装配置可参见：http://www.micmiu.com/enterprise-app/sso/openldap-windows-config/ ，我配置好演示用的LDAP基本信息可见客户端截图：

1.查询

java代码：LDAPSearchDemo.java

 
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98


packagecom.micmiu.ldap;
 

import java.io.UnsupportedEncodingException;

import java.util.Enumeration;

import java.util.Iterator;
 

import com.novell.ldap.LDAPAttribute;

import com.novell.ldap.LDAPAttributeSet;

import com.novell.ldap.LDAPConnection;

import com.novell.ldap.LDAPEntry;

import com.novell.ldap.LDAPException;

import com.novell.ldap.LDAPSearchResults;

import com.novell.ldap.util.Base64;
 
/**
 * 查询条目示例 blog http://www.micmiu.com
 *
 * @author Michael
 *
 */

publicclassLDAPSearchDemo{
 
/**
 *
 * @param args
 */

publicstaticvoidmain(String[]args){
 

StringldapHost="localhost";

StringloginDN="cn=Manager,dc=micmiu,dc=com";

Stringpassword="secret";

StringsearchBase="dc=micmiu,dc=com";

StringsearchFilter="objectClass=*";
 

intldapPort=LDAPConnection.DEFAULT_PORT;
// 查询范围
// SCOPE_BASE、SCOPE_ONE、SCOPE_SUB、SCOPE_SUBORDINATESUBTREE

intsearchScope=LDAPConnection.SCOPE_SUB;
 

LDAPConnection lc=newLDAPConnection();

try{

lc.connect(ldapHost,ldapPort);

lc.bind(LDAPConnection.LDAP_V3,loginDN,password.getBytes("UTF8"));

LDAPSearchResults searchResults=lc.search(searchBase,

searchScope,searchFilter,null,false);
 

while(searchResults.hasMore()){

LDAPEntry nextEntry=null;

try{

nextEntry=searchResults.next();

}catch(LDAPExceptione){

System.out.println("Error: "+e.toString());

if(e.getResultCode()==LDAPException.LDAP_TIMEOUT

||e.getResultCode()==LDAPException.CONNECT_ERROR){

break;

}else{

continue;
}
}

System.out.println("DN =: "+nextEntry.getDN());

System.out.println("|---- Attributes list: ");

LDAPAttributeSet attributeSet=nextEntry.getAttributeSet();

Iterator&lt;LDAPAttribute&gt;allAttributes=attributeSet.iterator();

while(allAttributes.hasNext()){

LDAPAttribute attribute=allAttributes.next();

StringattributeName=attribute.getName();
 

Enumeration&lt;String&gt;allValues=attribute.getStringValues();

if(null==allValues){

continue;
}

while(allValues.hasMoreElements()){

Stringvalue=allValues.nextElement();

if(!Base64.isLDIFSafe(value)){
// base64 encode and then print out

value=Base64.encode(value.getBytes());
}

System.out.println("|---- ---- "+attributeName

+" = "+value);
}
}
}
 

}catch(LDAPExceptione){

System.out.println("Error: "+e.toString());

}catch(UnsupportedEncodingExceptione){

System.out.println("Error: "+e.toString());

}finally{

try{

if(lc.isConnected()){

lc.disconnect();
}

}catch(Exceptione){

e.printStackTrace();
}
}
}
}

运行结果：

 
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89


DN=:dc=micmiu,dc=com

|----Attributes list:

|--------dc=micmiu

|--------o=Michael Blog

|--------objectClass=domain

|--------objectClass=top

DN=:ou=Developer,dc=micmiu,dc=com

|----Attributes list:

|--------description=Container fordeveloper entries

|--------ou=Developer

|--------objectClass=organizationalUnit

DN=:ou=Tester,dc=micmiu,dc=com

|----Attributes list:

|--------description=Container fortest entries

|--------ou=Tester

|--------objectClass=organizationalUnit

DN=:uid=Michael,ou=Developer,dc=micmiu,dc=com

|----Attributes list:

|--------userPassword=111111

|--------labeledURI=http://www.micmiu.com

|--------uid=Michael

|--------sn=Sun

|--------cn=Michael Sun

|--------mail=sjsky007@gmail.com

|--------objectClass=inetOrgPerson

DN=:uid=Miumiu,ou=Tester,dc=micmiu,dc=com

|----Attributes list:

|--------userPassword=111111

|--------labeledURI=http://www.micmiu.com

|--------uid=Miumiu

|--------sn=Wu

|--------cn=Miumiu Wu

|--------objectClass=inetOrgPerson

DN=:dc=app1,dc=micmiu,dc=com

|----Attributes list:

|--------dc=app1

|--------o=Michael Demo

|--------objectClass=domain

DN=:dc=app2,dc=micmiu,dc=com

|----Attributes list:

|--------dc=app2

|--------o=Michael Demo

|--------objectClass=domain

DN=:ou=Demo,dc=app1,dc=micmiu,dc=com

|----Attributes list:

|--------description=Container forDemo entries

|--------ou=Developer

|--------ou=Demo

|--------objectClass=organizationalUnit

DN=:ou=Demo,dc=app2,dc=micmiu,dc=com

|----Attributes list:

|--------description=Container forDemo entries

|--------ou=Developer

|--------ou=Demo

|--------objectClass=organizationalUnit

DN=:uid=michael,ou=Demo,dc=app1,dc=micmiu,dc=com

|----Attributes list:

|--------userPassword=111111

|--------labeledURI=http://www.micmiu.com

|--------uid=michael

|--------sn=Sun

|--------cn=Michael Sun

|--------mail=sjsky007@gmail.com

|--------objectClass=inetOrgPerson

DN=:uid=hazel,ou=Demo,dc=app1,dc=micmiu,dc=com

|----Attributes list:

|--------userPassword=111111

|--------labeledURI=http://www.micmiu.com

|--------uid=hazel

|--------sn=Wu

|--------cn=Hazel Wu

|--------objectClass=inetOrgPerson

DN=:uid=michael,ou=Demo,dc=app2,dc=micmiu,dc=com

|----Attributes list:

|--------userPassword=111111

|--------labeledURI=http://www.micmiu.com

|--------uid=michael

|--------sn=Sun

|--------cn=Michael Sun

|--------mail=sjsky007@gmail.com

|--------objectClass=inetOrgPerson

DN=:uid=hazel,ou=Demo,dc=app2,dc=micmiu,dc=com

|----Attributes list:

|--------userPassword=111111

|--------labeledURI=http://www.micmiu.com

|--------uid=hazel

|--------sn=Wu

|--------cn=Hazel Wu

|--------objectClass=inetOrgPerson

查询结果和客户端查询出的信息一致。

2.添加

java代码：LDAPAddEntry.java

 
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67


packagecom.micmiu.ldap;
 

import java.io.UnsupportedEncodingException;
 

import com.novell.ldap.LDAPAttribute;

import com.novell.ldap.LDAPAttributeSet;

import com.novell.ldap.LDAPConnection;

import com.novell.ldap.LDAPEntry;

import com.novell.ldap.LDAPException;
 
/**
 * 添加新条目的示例
 * blog http://www.micmiu.com
 *
 * @author Michael
 *
 */

publicclassLDAPAddEntry{
 
/**
 *
 * @param args
 */

publicstaticvoidmain(String[]args){
 

StringldapHost="localhost";

StringloginDN="cn=Manager,dc=micmiu,dc=com";

Stringpassword="secret";

StringcontainerName="dc=micmiu,dc=com";
 

intldapPort=LDAPConnection.DEFAULT_PORT;

intldapVersion=LDAPConnection.LDAP_V3;

LDAPConnection lc=newLDAPConnection();

LDAPAttributeSet attributeSet=newLDAPAttributeSet();
 

attributeSet.add(newLDAPAttribute("objectclass",newString(

"inetOrgPerson")));

attributeSet.add(newLDAPAttribute("cn","Wukong Sun"));

attributeSet.add(newLDAPAttribute("sn","Sun"));

attributeSet.add(newLDAPAttribute("mail","sjsky007@gmail.com"));

attributeSet.add(newLDAPAttribute("labeledURI",

"http://www.micmiu.com"));

attributeSet.add(newLDAPAttribute("userPassword","111111"));

attributeSet.add(newLDAPAttribute("uid","addnew"));

Stringdn="uid=addnew,ou=Developer,"+containerName;

LDAPEntry newEntry=newLDAPEntry(dn,attributeSet);

try{

lc.connect(ldapHost,ldapPort);

lc.bind(ldapVersion,loginDN,password.getBytes("UTF8"));

System.out.println("login ldap server successfully.");

lc.add(newEntry);

System.out.println("Added object: "+dn+" successfully.");

}catch(LDAPExceptione){

e.printStackTrace();

}catch(UnsupportedEncodingExceptione){

System.out.println("Error: "+e.toString());

}finally{

try{

if(lc.isConnected()){

lc.disconnect();
}

}catch(Exceptione){

e.printStackTrace();
}
}
}
}

运行结果：

 
1
2

login ldap server successfully.

Added object:uid=addnew,ou=Developer,dc=micmiu,dc=com successfully.

客户端刷新后的截图：

3.删除

java代码：LDAPDeleteEntry.java

 
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59


packagecom.micmiu.ldap;
 

import java.io.UnsupportedEncodingException;
 

import com.novell.ldap.LDAPConnection;

import com.novell.ldap.LDAPException;
 
/**
 * 删除条目的示例
 * blog http://www.micmiu.com
 *
 * @author Michael
 *
 */

publicclassLDAPDeleteEntry{
 
/**
 * @param args
 */

publicstaticvoidmain(String[]args){
 

StringldapHost="localhost";

StringloginDN="cn=Manager,dc=micmiu,dc=com";

Stringpassword="secret";

StringdeleteDN="uid=addnew,ou=Developer,dc=micmiu,dc=com";
 

intldapPort=LDAPConnection.DEFAULT_PORT;

intldapVersion=LDAPConnection.LDAP_V3;

LDAPConnection lc=newLDAPConnection();

try{

lc.connect(ldapHost,ldapPort);

lc.bind(ldapVersion,loginDN,password.getBytes("UTF8"));
 

lc.delete(deleteDN);

System.out.println(" delete Entry: "+deleteDN+" success.");

lc.disconnect();

}catch(LDAPExceptione){

if(e.getResultCode()==LDAPException.NO_SUCH_OBJECT){

System.err.println("Error: No such object");

}elseif(e.getResultCode()==LDAPException.INSUFFICIENT_ACCESS_RIGHTS){

System.err.println("Error: Insufficient rights");

}else{

System.err.println("Error: "+e.toString());
}

}catch(UnsupportedEncodingExceptione){

System.out.println("Error: "+e.toString());

}finally{

try{

if(lc.isConnected()){

lc.disconnect();
}

}catch(Exceptione){

e.printStackTrace();
}
}
 
}
 
}

运行结果：

 
1

delete Entry:uid=addnew,ou=Developer,dc=micmiu,dc=com success.

在刷新客户端后发现刚新增加的条目：addnew 已经被删除了。

4.修改属性

java代码:LDAPAddEntry.java

 
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79


packagecom.micmiu.ldap;
 

import java.io.UnsupportedEncodingException;

import java.util.ArrayList;

import java.util.Date;

import java.util.List;
 

import com.novell.ldap.LDAPAttribute;

import com.novell.ldap.LDAPConnection;

import com.novell.ldap.LDAPException;

import com.novell.ldap.LDAPModification;
 
/**
 * 修改操作示例
 * blog http://www.micmiu.com
 *
 * @author Michael
 *
 */

publicclassLDAPModifyAttrs{
 
/**
 * @param args
 */

publicstaticvoidmain(String[]args){
 

StringldapHost="localhost";

StringloginDN="cn=Manager,dc=micmiu,dc=com";

Stringpassword="secret";

StringmodifyDN="uid=Michael,ou=Developer,dc=micmiu,dc=com";
 

intldapPort=LDAPConnection.DEFAULT_PORT;

intldapVersion=LDAPConnection.LDAP_V3;

LDAPConnection lc=newLDAPConnection();
 

List&lt;LDAPModification&gt;modList=newArrayList&lt;LDAPModification&gt;();
 
// Add a new value to the description attribute

Stringdesc="This object was modified at "+newDate();

LDAPAttribute attribute=newLDAPAttribute("description",desc);

modList.add(newLDAPModification(LDAPModification.ADD,attribute));
 

attribute=newLDAPAttribute("telephoneNumber","180-8888-xxxx");

modList.add(newLDAPModification(LDAPModification.ADD,attribute));
 
// Replace the labeledURI address with a new value

attribute=newLDAPAttribute("labeledURI","www.micmiu.com");

modList.add(newLDAPModification(LDAPModification.REPLACE,attribute));
 
// delete the email attribute

attribute=newLDAPAttribute("mail");

modList.add(newLDAPModification(LDAPModification.DELETE,attribute));
 

LDAPModification[]mods=newLDAPModification[modList.size()];

mods=(LDAPModification[])modList.toArray(mods);
 

try{

lc.connect(ldapHost,ldapPort);

lc.bind(ldapVersion,loginDN,password.getBytes("UTF8"));

lc.modify(modifyDN,mods);

System.out

.println("LDAPAttribute add、replace、delete all successful.");

}catch(LDAPExceptione){

e.printStackTrace();

}catch(UnsupportedEncodingExceptione){

System.out.println("Error: "+e.toString());

}finally{

try{

if(lc.isConnected()){

lc.disconnect();
}

}catch(Exceptione){

e.printStackTrace();
}
}
 
}
 
}

修改后客户端查询到的信息截图如下：

5.验证密码

java代码：LDAPVerifyPassword.java

 
 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63


packagecom.micmiu.ldap;
 

import java.io.UnsupportedEncodingException;
 

import com.novell.ldap.LDAPAttribute;

import com.novell.ldap.LDAPConnection;

import com.novell.ldap.LDAPException;
 
/**
 * 验证密码的示例
 * blog http://www.micmiu.com
 * 
 * @author Michael
 * 
 */

publicclassLDAPVerifyPassword{
 
/**
 * @param args
 */

publicstaticvoidmain(String[]args){
 

StringldapHost="localhost";

StringloginDN="cn=Manager,dc=micmiu,dc=com";

Stringpassword="secret";

StringverifyDN="uid=Michael,ou=Developer,dc=micmiu,dc=com";

StringverifyPassword="111111";
 

intldapPort=LDAPConnection.DEFAULT_PORT;
 

intldapVersion=LDAPConnection.LDAP_V3;

LDAPConnection lc=newLDAPConnection();
 

try{

lc.connect(ldapHost,ldapPort);

lc.bind(ldapVersion,loginDN,password.getBytes("UTF8"));

LDAPAttribute attr=newLDAPAttribute("userPassword",

verifyPassword);

booleancorrect=lc.compare(verifyDN,attr);

System.out.println(correct?"The password is correct.^_^"

:"The password is incorrect.!!!");

}catch(LDAPExceptione){

e.printStackTrace();

if(e.getResultCode()==LDAPException.NO_SUCH_OBJECT){

System.err.println("Error: No such entry");

}elseif(e.getResultCode()==LDAPException.NO_SUCH_ATTRIBUTE){

System.err.println("Error: No such attribute");

}else{

System.err.println("Error: "+e.toString());
}

}catch(UnsupportedEncodingExceptione){

System.err.println("Error: "+e.toString());

}finally{

try{

if(lc.isConnected()){

lc.disconnect();
}

}catch(Exceptione){

e.printStackTrace();
}
}
}
}