|
|
WINDOWS下搭建LDAP服务器 | RFC 855----Telnet选项说明书 2009
-07-07JNDI 连接Windows Active Directory 教程http://www.matrix.org.cn/resource/article/2007-03-05/JNDI+AD_ea943628-cab3-11db-b4f4-dd5a5e123c5c.html
http://www.javaworld.com.tw/jute/post/view?bid=7&id=164710&sty=1&tpg=1&age=0
JNDI, Active Directory, Paging and Range Retrieval
JNDI, Active Directory, Referrals and Global Catalog
JNDI, Active Directory (Creating new users & demystifying userAccountControl)
JNDI, Active Directory & Changing Passwords
JNDI, Active Directory and Group Memberships
JNDI, Active Directory and objectGUID's
JNDI, Active Directory and SID's (Security Identifiers)
JNDI, Active Directory and Error codes
JNDI, Active Directory and Server Side Sorting
JNDI, Active Directory & Persistent Searches (part 1)
JNDI, Active Directory and Persistent Searches (part 2)
Sample code demonstrating a search for disabled accounts.
JNDI, Active Directory and User Account status (account expired, locked)
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
jndi sun的教程
http://java.sun.com/developer/technicalArticles/Programming/jndi/index.html
用ldap方式访问AD域的的错误解释
用ldap方式访问AD域的的错误一般会如下格式:
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
其中红字部分的意思如下:
525 - 用户没有找到
52e - 证书不正确
530 - not permitted to logon at this time
532 - 密码期满
533 - 帐户不可用
701 - 账户期满
773 - 用户必须重设密码
Java代码
1.import java.util.Hashtable;
2.import javax.naming.Context;
3.import javax.naming.ldap.LdapContext;
4.import javax.naming.ldap.InitialLdapContext;
5.import javax.naming.NamingEnumeration;
6.import javax.naming.directory.SearchControls;
7.import javax.naming.directory.SearchResult;
8.import javax.naming.NamingException;
9.import javax.naming.directory.Attribute;
10.import javax.naming.directory.Attributes;
11.import java.util.Enumeration;
12.
13.public class ADOperTest {
14. public ADOperTest() {
15. }
16.
17. public void GetADInfo() {
18. Hashtable HashEnv = new Hashtable();
19.
20. String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址
21. //String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名
22. String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法:domain\User 或 User@domain.com
23. adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法:domain\User 或 User@domain.com
24. String adminPassword = "chenzuooaup02"; //密码
25.
26. HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别
27. HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User
28. HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password
29. HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类
30. HashEnv.put(Context.PROVIDER_URL, LDAP_URL);
31.
32. try {
33. LdapContext ctx = new InitialLdapContext(HashEnv, null);
34. SearchControls searchCtls = new SearchControls(); //Create the search controls
35. searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope
36.
37. String searchFilter = "objectClass=User"; //specify the LDAP search filter
38. //String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter
39.
40. String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点
41. int totalResults = 0;
42.
43. //Specify the attributes to return
44. //String returnedAtts[] = {"memberOf"};//定制返回属性
45. String returnedAtts[] = {
46. "url", "whenChanged", "employeeID", "name", "userPrincipalName",
47. "physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",
48. "homePhone", "mobile", "department", "sAMAccountName", "whenChanged",
49. "mail"}; //定制返回属性
50.
51. searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
52.
53. //Search for objects using the filter
54. NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);
55.
56. while (answer.hasMoreElements()) {
57. SearchResult sr = (SearchResult) answer.next();
58. System.out.println("************************************************");
59. System.out.println(sr.getName());
60.
61. Attributes Attrs = sr.getAttributes();
62. if (Attrs != null) {
63. try {
64. for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {
65. Attribute Attr = (Attribute) ne.next();
66.
67. System.out.println(" AttributeID=" + Attr.getID().toString());
68.
69. //读取属性值
70. for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {
71. System.out.println(" AttributeValues=" + e.next().toString());
72. }
73. System.out.println(" ---------------");
74.
75. //读取属性值
76. Enumeration values = Attr.getAll();
77. if (values != null) { // 迭代
78. while (values.hasMoreElements()) {
79. System.out.println(" AttributeValues=" + values.nextElement());
80. }
81. }
82. System.out.println(" ---------------");
83. }
84. }
85. catch (NamingException e) {
86. System.err.println("Throw Exception : " + e);
87. }
88. }
89. }
90. System.out.println("Number: " + totalResults);
91. ctx.close();
92. }
93.
94. catch (NamingException e) {
95. e.printStackTrace();
96. System.err.println("Throw Exception : " + e);
97. }
98. }
99.
100. public static void main(String args[]) {
101. ADOperTest ad = new ADOperTest();
102. ad.GetADInfo();
103. }
104.}
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import java.util.Enumeration;
public class ADOperTest {
public ADOperTest() {
}
public void GetADInfo() {
Hashtable HashEnv = new Hashtable();
String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址
//String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名
String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法:domain\User 或 User@domain.com
adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法:domain\User 或 User@domain.com
String adminPassword = "chenzuooaup02"; //密码
HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别
HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User
HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password
HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类
HashEnv.put(Context.PROVIDER_URL, LDAP_URL);
try {
LdapContext ctx = new InitialLdapContext(HashEnv, null);
SearchControls searchCtls = new SearchControls(); //Create the search controls
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope
String searchFilter = "objectClass=User"; //specify the LDAP search filter
//String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter
String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点
int totalResults = 0;
//Specify the attributes to return
//String returnedAtts[] = {"memberOf"};//定制返回属性
String returnedAtts[] = {
"url", "whenChanged", "employeeID", "name", "userPrincipalName",
"physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",
"homePhone", "mobile", "department", "sAMAccountName", "whenChanged",
"mail"}; //定制返回属性
searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
System.out.println("************************************************");
System.out.println(sr.getName());
Attributes Attrs = sr.getAttributes();
if (Attrs != null) {
try {
for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {
Attribute Attr = (Attribute) ne.next();
System.out.println(" AttributeID=" + Attr.getID().toString());
//读取属性值
for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {
System.out.println(" AttributeValues=" + e.next().toString());
}
System.out.println(" ---------------");
//读取属性值
Enumeration values = Attr.getAll();
if (values != null) { // 迭代
while (values.hasMoreElements()) {
System.out.println(" AttributeValues=" + values.nextElement());
}
}
System.out.println(" ---------------");
}
}
catch (NamingException e) {
System.err.println("Throw Exception : " + e);
}
}
}
System.out.println("Number: " + totalResults);
ctx.close();
}
catch (NamingException e) {
e.printStackTrace();
System.err.println("Throw Exception : " + e);
}
}
public static void main(String args[]) {
ADOperTest ad = new ADOperTest();
ad.GetADInfo();
}
}
备注:
使用LADP访问AD,注意用户名的写法:domain\User 或 User@domain.com。
如用户名不正确,则可能会出现如下异常:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece |
|
京ICP备14020293号-2
本网站内容均收集于互联网,如有问题请联系QQ:389897944予以删除
窥视卡
雷达卡
楼主
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡