龙空技术网

Java,域控制器AD认证,创建域用户,修改域用户密码,代码案例

古怪今人 194

前言:

而今你们对“javaad”大约比较关怀,姐妹们都想要分析一些“javaad”的相关知识。那么小编也在网络上搜集了一些有关“javaad””的相关文章,希望你们能喜欢,姐妹们一起来了解一下吧!

域控制器(Active Directory)

Windows AD(Active Direcotry),域控制器是指在“域”模式下,至少有一台服务器负责每一台联入网络的电脑和用户的验证工作,相当于一个单位的门卫一样,称为“域控制器(Domain Controller,简写为DC)”。

域控制器中包含:域的账户、密码、属于这个域的计算机等信息构成的数据库。当计算机联入网络时,域控制器首先要鉴别这台计算是否是属于这个域,用户使用的登录账号是否存在、密码是否正确。

域控制器AD认证

说明

LDAP Browser客户端工具连接Windows AD域控制器。

操作代码

import java.util.Properties; import javax.naming.NamingException;import javax.naming.ldap.InitialLdapContext; public class AuthDemo {     /**     * @param url     * @param name     * @param domain     * @param passwd     * @return     */    public static boolean auth(String url,String domain,String name,String passwd){        Properties mEnv = new Properties();        mEnv.put(InitialLdapContext.AUTHORITATIVE, "true");        mEnv.put(InitialLdapContext.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");        mEnv.put(InitialLdapContext.PROVIDER_URL, url);        mEnv.put(InitialLdapContext.SECURITY_AUTHENTICATION, "simple");        mEnv.put(InitialLdapContext.SECURITY_PRINCIPAL, name+"@"+domain);        mEnv.put(InitialLdapContext.SECURITY_CREDENTIALS, passwd);        try {            new InitialLdapContext(mEnv, null);            return true;        } catch (NamingException e) {            e.printStackTrace();        }        return false;    }         /**     * @param args     */    public static void main(String[] args) {        String url = "ldap://10.210.81.74:389";        String domain = "what21.com";        String username = "administrator";        String passwd = "12345678";        boolean result = auth(url,domain,username,passwd);        System.out.println(result);    } }
import java.util.Properties; import javax.naming.NamingException;import javax.naming.ldap.InitialLdapContext; public class AuthDemo2 {     /**     * @param url     * @param userDN     * @param passwd     * @return     */    public static boolean auth(String url,String userDN,String passwd){        Properties mEnv = new Properties();        mEnv.put(InitialLdapContext.AUTHORITATIVE, "true");        mEnv.put(InitialLdapContext.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");        mEnv.put(InitialLdapContext.PROVIDER_URL, url);        mEnv.put(InitialLdapContext.SECURITY_AUTHENTICATION, "simple");        mEnv.put(InitialLdapContext.SECURITY_PRINCIPAL, userDN);        mEnv.put(InitialLdapContext.SECURITY_CREDENTIALS, passwd);        try {            new InitialLdapContext(mEnv, null);            return true;        } catch (NamingException e) {            e.printStackTrace();        }        return false;    }         /**     * @param args     */    public static void main(String[] args) {        String url = "ldap://10.210.81.74:389";        String userDN = "cn=administrator,cn=users, dc=what21,dc=com";        String passwd = "12345678";        boolean result = auth(url,userDN,passwd);        System.out.println(result);    } }
创建AD(Active Directory)域控制器用户

说明

创建域控制器账号,设置账号密码和更改账号userAccountControl的属性,让域账号可以正常登录。

代码案例

import java.util.Hashtable;import javax.naming.ldap.*;import javax.naming.directory.*;import javax.naming.*;import javax.net.ssl.*;import java.io.*; public class NewUser{      /**      * @param args      */     public static void main (String[] args)     {                Hashtable env = new Hashtable();          String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";          String adminPassword = "XXXXXXX";          String userName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com";          String groupName = "CN=All Research,OU=Research,DC=antipodes,DC=com";                     env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");          //set security credentials, note using simple cleartext authentication          env.put(Context.SECURITY_AUTHENTICATION,"simple");          env.put(Context.SECURITY_PRINCIPAL,adminName);          env.put(Context.SECURITY_CREDENTIALS,adminPassword);                     //connect to my domain controller          env.put(Context.PROVIDER_URL, "ldap://mydc.antipodes.com:389");                               try {                // Create the initial directory context               LdapContext ctx = new InitialLdapContext(env,null);                // Create attributes to be associated with the new user               Attributes attrs = new BasicAttributes(true);                               //These are the mandatory attributes for a user object               //Note that Win2K3 will automagically create a random                //samAccountName if it is not present. (Win2K does not)               attrs.put("objectClass","user");               attrs.put("samAccountName","AlbertE");               attrs.put("cn","Albert Einstein");                //These are some optional (but useful) attributes               attrs.put("giveName","Albert");               attrs.put("sn","Einstein");               attrs.put("displayName","Albert Einstein");               attrs.put("description","Research Scientist");               attrs.put("userPrincipalName","AlbertE@antipodes.com");               attrs.put("mail","relativity@antipodes.com");               attrs.put("telephoneNumber","999 123 4567");                               //some useful constants from lmaccess.h               int UF_ACCOUNTDISABLE = 0x0002;               int UF_PASSWD_NOTREQD = 0x0020;               int UF_PASSWD_CANT_CHANGE = 0x0040;               int UF_NORMAL_ACCOUNT = 0x0200;               int UF_DONT_EXPIRE_PASSWD = 0x10000;               int UF_PASSWORD_EXPIRED = 0x800000;                          //Note that you need to create the user object before you can               //set the password. Therefore as the user is created with no                //password, user AccountControl must be set to the following               //otherwise the Win2K3 password filter will return error 53               //unwilling to perform.                attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));                           // Create the context               Context result = ctx.createSubcontext(userName, attrs);               System.out.println("Created disabled account for: " + userName);                //now that we've created the user object, we can set the                //password and change the userAccountControl               //and because password can only be set using SSL/TLS               //lets use StartTLS                StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());               tls.negotiate();                          //set password is a ldap modfy operation               //and we'll update the userAccountControl               //enabling the acount and force the user to update ther password               //the first time they login               ModificationItem[] mods = new ModificationItem[2];                          //Replace the "unicdodePwd" attribute with a new value               //Password must be both Unicode and a quoted string               String newQuotedPassword = "\"Password2000\"";               byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");                mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));               mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));                          // Perform the update               ctx.modifyAttributes(userName, mods);               System.out.println("Set password & updated userccountControl");                //now add the user to a group.                try{                    ModificationItem member[] = new ModificationItem[1];                    member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));                                          ctx.modifyAttributes(groupName,member);                    System.out.println("Added user to group: " + groupName);               }catch (NamingException e) {                    System.err.println("Problem adding user to group: " + e);               }               //Could have put tls.close()  prior to the group modification               //but it seems to screw up the connection  or context ?               tls.close();               ctx.close();                          System.out.println("Successfully created User: " + userName);                     }           catch (NamingException e) {               System.err.println("Problem creating object: " + e);          }           catch (IOException e) {               System.err.println("Problem creating object: " + e);          }     }}
修改AD域控制器用户密码

说明

修改AD用户密码的操作必须通过安全通道,如SSL,TLS或Kerberos,必须信任的CA颁发的证书。

代码案例

import java.util.Hashtable;import javax.naming.*;import javax.naming.ldap.*;import javax.naming.directory.*;import java.io.*; public class ModifyPasswd{      /**      * @param args      */     public static void main (String[] args){                Hashtable env = new Hashtable();          String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";          String adminPassword = "XXXXXXX";          String userName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com";          String newPassword = "Password123";                     //Access the keystore, this is where the Root CA public key cert was installed          //Could also do this via command line java -Djavax.net.ssl.trustStore....          String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts";          System.setProperty("javax.net.ssl.trustStore",keystore);           env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");           //set security credentials, note using simple cleartext authentication          env.put(Context.SECURITY_AUTHENTICATION,"simple");          env.put(Context.SECURITY_PRINCIPAL,adminName);          env.put(Context.SECURITY_CREDENTIALS,adminPassword);           //specify use of ssl          env.put(Context.SECURITY_PROTOCOL,"ssl");                               //connect to my domain controller          String ldapURL = "ldaps://mydc.antipodes.com:636";          env.put(Context.PROVIDER_URL,ldapURL);                     try {                // Create the initial directory context               LdapContext ctx = new InitialLdapContext(env,null);                         //set password is a ldap modfy operation               ModificationItem[] mods = new ModificationItem[1];                //Replace the "unicdodePwd" attribute with a new value               //Password must be both Unicode and a quoted string               String newQuotedPassword = "\"" + newPassword + "\"";               byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");                mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));                // Perform the update               ctx.modifyAttributes(userName, mods);                          System.out.println("Reset Password for: " + userName);                    ctx.close();           }           catch (NamingException e) {               System.out.println("Problem resetting password: " + e);          }          catch (UnsupportedEncodingException e) {               System.out.println("Problem encoding password: " + e);          }      }}
import java.util.Hashtable;import javax.naming.*;import javax.naming.ldap.*;import javax.naming.directory.*;import java.io.*; public class setpasstls{      /**      * @param args      */     public static void main (String[] args){          Hashtable env = new Hashtable();          String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";          String adminPassword = "XXXXXX";          String userName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com";          String newPassword = "Password123";                     //Access the keystore, this is where the Root CA public key cert was installed          //Could also do this via command line java -Djavax.net.ssl.trustStore....          String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts";          System.setProperty("javax.net.ssl.trustStore",keystore);           env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");           //set security credentials, note using simple cleartext authentication          env.put(Context.SECURITY_AUTHENTICATION,"simple");          env.put(Context.SECURITY_PRINCIPAL,adminName);          env.put(Context.SECURITY_CREDENTIALS,adminPassword);           //connect to my domain controller          String ldapURL = "ldap://mydc.antipodes.com:389";          env.put(Context.PROVIDER_URL,ldapURL);                     try {                // Create the initial directory context               LdapContext ctx = new InitialLdapContext(env,null);                //Secure the session with TLS               StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());               tls.negotiate();                         //set password is a ldap modfy operation               ModificationItem[] mods = new ModificationItem[1];                //Replace the "unicdodePwd" attribute with a new value               //Password must be both Unicode and a quoted string               String newQuotedPassword = "\"" + newPassword + "\"";               byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");                mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));                // Perform the update               ctx.modifyAttributes(userName, mods);                          System.out.println("Reset Password for: " + userName);               tls.close();               ctx.close();           }           catch (NamingException e) {               System.out.println("Problem resetting password: " + e);          }          catch (UnsupportedEncodingException e) {               System.out.println("Problem encoding password: " + e);          }          catch (IOException e) {               System.out.println("Problem with TLS: " + e);          }      }}

标签: #javaad #域控制器和成员服务器的关系 #ldap browser #ldap browser怎么删除数据 #ldap browser可以导出数据吗