前言:
而今你们对“javaad”大约比较关怀,姐妹们都想要分析一些“javaad”的相关知识。那么小编也在网络上搜集了一些有关“javaad””的相关文章,希望你们能喜欢,姐妹们一起来了解一下吧!域控制器(Active Directory)
Windows AD(Active Direcotry),域控制器是指在“域”模式下,至少有一台服务器负责每一台联入网络的电脑和用户的验证工作,相当于一个单位的门卫一样,称为“域控制器(Domain Controller,简写为DC)”。
域控制器中包含:域的账户、密码、属于这个域的计算机等信息构成的数据库。当计算机联入网络时,域控制器首先要鉴别这台计算是否是属于这个域,用户使用的登录账号是否存在、密码是否正确。
域控制器AD认证
说明
LDAP Browser客户端工具连接Windows AD域控制器。
操作代码
import java.util.Properties; import javax.naming.NamingException;import javax.naming.ldap.InitialLdapContext; public class AuthDemo { /** * @param url * @param name * @param domain * @param passwd * @return */ public static boolean auth(String url,String domain,String name,String passwd){ Properties mEnv = new Properties(); mEnv.put(InitialLdapContext.AUTHORITATIVE, "true"); mEnv.put(InitialLdapContext.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); mEnv.put(InitialLdapContext.PROVIDER_URL, url); mEnv.put(InitialLdapContext.SECURITY_AUTHENTICATION, "simple"); mEnv.put(InitialLdapContext.SECURITY_PRINCIPAL, name+"@"+domain); mEnv.put(InitialLdapContext.SECURITY_CREDENTIALS, passwd); try { new InitialLdapContext(mEnv, null); return true; } catch (NamingException e) { e.printStackTrace(); } return false; } /** * @param args */ public static void main(String[] args) { String url = "ldap://10.210.81.74:389"; String domain = "what21.com"; String username = "administrator"; String passwd = "12345678"; boolean result = auth(url,domain,username,passwd); System.out.println(result); } }import java.util.Properties; import javax.naming.NamingException;import javax.naming.ldap.InitialLdapContext; public class AuthDemo2 { /** * @param url * @param userDN * @param passwd * @return */ public static boolean auth(String url,String userDN,String passwd){ Properties mEnv = new Properties(); mEnv.put(InitialLdapContext.AUTHORITATIVE, "true"); mEnv.put(InitialLdapContext.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); mEnv.put(InitialLdapContext.PROVIDER_URL, url); mEnv.put(InitialLdapContext.SECURITY_AUTHENTICATION, "simple"); mEnv.put(InitialLdapContext.SECURITY_PRINCIPAL, userDN); mEnv.put(InitialLdapContext.SECURITY_CREDENTIALS, passwd); try { new InitialLdapContext(mEnv, null); return true; } catch (NamingException e) { e.printStackTrace(); } return false; } /** * @param args */ public static void main(String[] args) { String url = "ldap://10.210.81.74:389"; String userDN = "cn=administrator,cn=users, dc=what21,dc=com"; String passwd = "12345678"; boolean result = auth(url,userDN,passwd); System.out.println(result); } }创建AD(Active Directory)域控制器用户说明
创建域控制器账号,设置账号密码和更改账号userAccountControl的属性,让域账号可以正常登录。
代码案例
import java.util.Hashtable;import javax.naming.ldap.*;import javax.naming.directory.*;import javax.naming.*;import javax.net.ssl.*;import java.io.*; public class NewUser{ /** * @param args */ public static void main (String[] args) { Hashtable env = new Hashtable(); String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com"; String adminPassword = "XXXXXXX"; String userName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com"; String groupName = "CN=All Research,OU=Research,DC=antipodes,DC=com"; env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //set security credentials, note using simple cleartext authentication env.put(Context.SECURITY_AUTHENTICATION,"simple"); env.put(Context.SECURITY_PRINCIPAL,adminName); env.put(Context.SECURITY_CREDENTIALS,adminPassword); //connect to my domain controller env.put(Context.PROVIDER_URL, "ldap://mydc.antipodes.com:389"); try { // Create the initial directory context LdapContext ctx = new InitialLdapContext(env,null); // Create attributes to be associated with the new user Attributes attrs = new BasicAttributes(true); //These are the mandatory attributes for a user object //Note that Win2K3 will automagically create a random //samAccountName if it is not present. (Win2K does not) attrs.put("objectClass","user"); attrs.put("samAccountName","AlbertE"); attrs.put("cn","Albert Einstein"); //These are some optional (but useful) attributes attrs.put("giveName","Albert"); attrs.put("sn","Einstein"); attrs.put("displayName","Albert Einstein"); attrs.put("description","Research Scientist"); attrs.put("userPrincipalName","AlbertE@antipodes.com"); attrs.put("mail","relativity@antipodes.com"); attrs.put("telephoneNumber","999 123 4567"); //some useful constants from lmaccess.h int UF_ACCOUNTDISABLE = 0x0002; int UF_PASSWD_NOTREQD = 0x0020; int UF_PASSWD_CANT_CHANGE = 0x0040; int UF_NORMAL_ACCOUNT = 0x0200; int UF_DONT_EXPIRE_PASSWD = 0x10000; int UF_PASSWORD_EXPIRED = 0x800000; //Note that you need to create the user object before you can //set the password. Therefore as the user is created with no //password, user AccountControl must be set to the following //otherwise the Win2K3 password filter will return error 53 //unwilling to perform. attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE)); // Create the context Context result = ctx.createSubcontext(userName, attrs); System.out.println("Created disabled account for: " + userName); //now that we've created the user object, we can set the //password and change the userAccountControl //and because password can only be set using SSL/TLS //lets use StartTLS StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest()); tls.negotiate(); //set password is a ldap modfy operation //and we'll update the userAccountControl //enabling the acount and force the user to update ther password //the first time they login ModificationItem[] mods = new ModificationItem[2]; //Replace the "unicdodePwd" attribute with a new value //Password must be both Unicode and a quoted string String newQuotedPassword = "\"Password2000\""; byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED))); // Perform the update ctx.modifyAttributes(userName, mods); System.out.println("Set password & updated userccountControl"); //now add the user to a group. try{ ModificationItem member[] = new ModificationItem[1]; member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName)); ctx.modifyAttributes(groupName,member); System.out.println("Added user to group: " + groupName); }catch (NamingException e) { System.err.println("Problem adding user to group: " + e); } //Could have put tls.close() prior to the group modification //but it seems to screw up the connection or context ? tls.close(); ctx.close(); System.out.println("Successfully created User: " + userName); } catch (NamingException e) { System.err.println("Problem creating object: " + e); } catch (IOException e) { System.err.println("Problem creating object: " + e); } }}修改AD域控制器用户密码说明
修改AD用户密码的操作必须通过安全通道,如SSL,TLS或Kerberos,必须信任的CA颁发的证书。
代码案例
import java.util.Hashtable;import javax.naming.*;import javax.naming.ldap.*;import javax.naming.directory.*;import java.io.*; public class ModifyPasswd{ /** * @param args */ public static void main (String[] args){ Hashtable env = new Hashtable(); String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com"; String adminPassword = "XXXXXXX"; String userName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com"; String newPassword = "Password123"; //Access the keystore, this is where the Root CA public key cert was installed //Could also do this via command line java -Djavax.net.ssl.trustStore.... String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts"; System.setProperty("javax.net.ssl.trustStore",keystore); env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //set security credentials, note using simple cleartext authentication env.put(Context.SECURITY_AUTHENTICATION,"simple"); env.put(Context.SECURITY_PRINCIPAL,adminName); env.put(Context.SECURITY_CREDENTIALS,adminPassword); //specify use of ssl env.put(Context.SECURITY_PROTOCOL,"ssl"); //connect to my domain controller String ldapURL = "ldaps://mydc.antipodes.com:636"; env.put(Context.PROVIDER_URL,ldapURL); try { // Create the initial directory context LdapContext ctx = new InitialLdapContext(env,null); //set password is a ldap modfy operation ModificationItem[] mods = new ModificationItem[1]; //Replace the "unicdodePwd" attribute with a new value //Password must be both Unicode and a quoted string String newQuotedPassword = "\"" + newPassword + "\""; byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); // Perform the update ctx.modifyAttributes(userName, mods); System.out.println("Reset Password for: " + userName); ctx.close(); } catch (NamingException e) { System.out.println("Problem resetting password: " + e); } catch (UnsupportedEncodingException e) { System.out.println("Problem encoding password: " + e); } }}import java.util.Hashtable;import javax.naming.*;import javax.naming.ldap.*;import javax.naming.directory.*;import java.io.*; public class setpasstls{ /** * @param args */ public static void main (String[] args){ Hashtable env = new Hashtable(); String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com"; String adminPassword = "XXXXXX"; String userName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com"; String newPassword = "Password123"; //Access the keystore, this is where the Root CA public key cert was installed //Could also do this via command line java -Djavax.net.ssl.trustStore.... String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts"; System.setProperty("javax.net.ssl.trustStore",keystore); env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //set security credentials, note using simple cleartext authentication env.put(Context.SECURITY_AUTHENTICATION,"simple"); env.put(Context.SECURITY_PRINCIPAL,adminName); env.put(Context.SECURITY_CREDENTIALS,adminPassword); //connect to my domain controller String ldapURL = "ldap://mydc.antipodes.com:389"; env.put(Context.PROVIDER_URL,ldapURL); try { // Create the initial directory context LdapContext ctx = new InitialLdapContext(env,null); //Secure the session with TLS StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest()); tls.negotiate(); //set password is a ldap modfy operation ModificationItem[] mods = new ModificationItem[1]; //Replace the "unicdodePwd" attribute with a new value //Password must be both Unicode and a quoted string String newQuotedPassword = "\"" + newPassword + "\""; byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); // Perform the update ctx.modifyAttributes(userName, mods); System.out.println("Reset Password for: " + userName); tls.close(); ctx.close(); } catch (NamingException e) { System.out.println("Problem resetting password: " + e); } catch (UnsupportedEncodingException e) { System.out.println("Problem encoding password: " + e); } catch (IOException e) { System.out.println("Problem with TLS: " + e); } }} 版权声明:
本站文章均来自互联网搜集,如有侵犯您的权益,请联系我们删除,谢谢。
标签: #javaad #域控制器和成员服务器的关系 #ldap browser #ldap browser怎么删除数据 #ldap browser可以导出数据吗
