LDAP教程转

xfbbsnet

浏览: 93375 次
性别:
来自: 上海

最近访客更多访客>>

allenyau

a32017971

yuvo_bo

q351735157

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (50)

社区版块

存档分类

Security Mobile Windows Mobile SUN Windows

WINDOWS下搭建LDAP服务器 | RFC 855----Telnet选项说明书 2009
-07-07JNDI 连接Windows Active Directory 教程http://www.matrix.org.cn/resource/article/2007-03-05/JNDI+AD_ea943628-cab3-11db-b4f4-dd5a5e123c5c.html

http://www.javaworld.com.tw/jute/post/view?bid=7&id=164710&sty=1&tpg=1&age=0

JNDI, Active Directory, Paging and Range Retrieval
JNDI, Active Directory, Referrals and Global Catalog
JNDI, Active Directory (Creating new users & demystifying userAccountControl)
JNDI, Active Directory & Changing Passwords
JNDI, Active Directory and Group Memberships
JNDI, Active Directory and objectGUID's
JNDI, Active Directory and SID's (Security Identifiers)
JNDI, Active Directory and Error codes
JNDI, Active Directory and Server Side Sorting
JNDI, Active Directory & Persistent Searches (part 1)
JNDI, Active Directory and Persistent Searches (part 2)
Sample code demonstrating a search for disabled accounts.
JNDI, Active Directory and User Account status (account expired, locked)
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)

jndi sun的教程

http://java.sun.com/developer/technicalArticles/Programming/jndi/index.html

用ldap方式访问AD域的的错误解释
用ldap方式访问AD域的的错误一般会如下格式：
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
其中红字部分的意思如下：
525 - 用户没有找到
52e - 证书不正确
530 - not permitted to logon at this time
532 - 密码期满
533 - 帐户不可用
701 - 账户期满
773 - 用户必须重设密码
Java代码
1.import java.util.Hashtable;
2.import javax.naming.Context;
3.import javax.naming.ldap.LdapContext;
4.import javax.naming.ldap.InitialLdapContext;
5.import javax.naming.NamingEnumeration;
6.import javax.naming.directory.SearchControls;
7.import javax.naming.directory.SearchResult;
8.import javax.naming.NamingException;
9.import javax.naming.directory.Attribute;
10.import javax.naming.directory.Attributes;
11.import java.util.Enumeration;
12.
13.public class ADOperTest {
14. public ADOperTest() {
15. }
16.
17. public void GetADInfo() {
18.    Hashtable HashEnv = new Hashtable();
19.
20.    String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址
21.    //String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名
22.    String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法：domain\User 或 User@domain.com
23.    adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法：domain\User 或 User@domain.com
24.    String adminPassword = "chenzuooaup02"; //密码
25.
26.    HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别
27.    HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User
28.    HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password
29.    HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类
30.    HashEnv.put(Context.PROVIDER_URL, LDAP_URL);
31.
32.    try {
33.      LdapContext ctx = new InitialLdapContext(HashEnv, null);
34.      SearchControls searchCtls = new SearchControls(); //Create the search controls
35.      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope
36.
37.      String searchFilter = "objectClass=User"; //specify the LDAP search filter
38.      //String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter
39.
40.      String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点
41.      int totalResults = 0;
42.
43.      //Specify the attributes to return
44.      //String returnedAtts[] = {"memberOf"};//定制返回属性
45.      String returnedAtts[] = {
46.          "url", "whenChanged", "employeeID", "name", "userPrincipalName",
47.          "physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",
48.          "homePhone", "mobile", "department", "sAMAccountName", "whenChanged",
49.          "mail"}; //定制返回属性
50.
51.      searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
52.
53.      //Search for objects using the filter
54.      NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);
55.
56.      while (answer.hasMoreElements()) {
57.        SearchResult sr = (SearchResult) answer.next();
58.        System.out.println("************************************************");
59.        System.out.println(sr.getName());
60.
61.        Attributes Attrs = sr.getAttributes();
62.        if (Attrs != null) {
63.          try {
64.            for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {
65.              Attribute Attr = (Attribute) ne.next();
66.
67.              System.out.println(" AttributeID=" + Attr.getID().toString());
68.
69.              //读取属性值
70.              for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {
71.                System.out.println("    AttributeValues=" + e.next().toString());
72.              }
73.              System.out.println("    ---------------");
74.
75.              //读取属性值
76.              Enumeration values = Attr.getAll();
77.              if (values != null) { // 迭代
78.                while (values.hasMoreElements()) {
79.                  System.out.println("    AttributeValues=" + values.nextElement());
80.                }
81.              }
82.              System.out.println("    ---------------");
83.            }
84.          }
85.          catch (NamingException e) {
86.            System.err.println("Throw Exception : " + e);
87.          }
88.        }
89.      }
90.      System.out.println("Number: " + totalResults);
91.      ctx.close();
92.    }
93.
94.    catch (NamingException e) {
95.      e.printStackTrace();
96.      System.err.println("Throw Exception : " + e);
97.    }
98. }
99.
100. public static void main(String args[]) {
101.    ADOperTest ad = new ADOperTest();
102.    ad.GetADInfo();
103. }
104.}
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import java.util.Enumeration;

public class ADOperTest {
public ADOperTest() {
}

public void GetADInfo() {
    Hashtable HashEnv = new Hashtable();

    String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址
    //String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名
    String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法：domain\User 或 User@domain.com
    adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法：domain\User 或 User@domain.com
    String adminPassword = "chenzuooaup02"; //密码

    HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别
    HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User
    HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password
    HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类
    HashEnv.put(Context.PROVIDER_URL, LDAP_URL);

    try {
      LdapContext ctx = new InitialLdapContext(HashEnv, null);
      SearchControls searchCtls = new SearchControls(); //Create the search controls
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope

      String searchFilter = "objectClass=User"; //specify the LDAP search filter
      //String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter

      String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点
      int totalResults = 0;

      //Specify the attributes to return
      //String returnedAtts[] = {"memberOf"};//定制返回属性
      String returnedAtts[] = {
          "url", "whenChanged", "employeeID", "name", "userPrincipalName",
          "physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",
          "homePhone", "mobile", "department", "sAMAccountName", "whenChanged",
          "mail"}; //定制返回属性

      searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集

      //Search for objects using the filter
      NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);

      while (answer.hasMoreElements()) {
        SearchResult sr = (SearchResult) answer.next();
        System.out.println("************************************************");
        System.out.println(sr.getName());

        Attributes Attrs = sr.getAttributes();
        if (Attrs != null) {
          try {
            for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {
              Attribute Attr = (Attribute) ne.next();

              System.out.println(" AttributeID=" + Attr.getID().toString());

              //读取属性值
              for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {
                System.out.println("    AttributeValues=" + e.next().toString());
              }
              System.out.println("    ---------------");

              //读取属性值
              Enumeration values = Attr.getAll();
              if (values != null) { // 迭代
                while (values.hasMoreElements()) {
                  System.out.println("    AttributeValues=" + values.nextElement());
                }
              }
              System.out.println("    ---------------");
            }
          }
          catch (NamingException e) {
            System.err.println("Throw Exception : " + e);
          }
        }
      }
      System.out.println("Number: " + totalResults);
      ctx.close();
    }

    catch (NamingException e) {
      e.printStackTrace();
      System.err.println("Throw Exception : " + e);
    }
}

public static void main(String args[]) {
    ADOperTest ad = new ADOperTest();
    ad.GetADInfo();
}
}

备注：

使用LADP访问AD，注意用户名的写法：domain\User 或 User@domain.com。

如用户名不正确，则可能会出现如下异常：

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

分享到：