JNDI 连接LDAP
WINDOWS下搭建LDAP服务器 | RFC 855----Telnet选项说明书 2009
-07-07JNDI 连接Windows Active Directory 教程http://www.matrix.org.cn/resource/article/2007-03-05/JNDI+AD_ea943628-cab3-11db-b4f4-dd5a5e123c5c.html
http://www.javaworld.com.tw/jute/post/view?bid=7&id=164710&sty=1&tpg=1&age=0
JNDI, Active Directory, Paging and Range Retrieval
JNDI, Active Directory, Referrals and Global Catalog
JNDI, Active Directory (Creating new users & demystifying userAccountControl)
JNDI, Active Directory & Changing Passwords
JNDI, Active Directory and Group Memberships
JNDI, Active Directory and objectGUID's
JNDI, Active Directory and SID's (Security Identifiers)
JNDI, Active Directory and Error codes
JNDI, Active Directory and Server Side Sorting
JNDI, Active Directory & Persistent Searches (part 1)
JNDI, Active Directory and Persistent Searches (part 2)
Sample code demonstrating a search for disabled accounts.
JNDI, Active Directory and User Account status (account expired, locked)
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
jndi sun的教程
http://java.sun.com/developer/technicalArticles/Programming/jndi/index.html
用ldap方式访问AD域的的错误解释
用ldap方式访问AD域的的错误一般会如下格式:
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
其中红字部分的意思如下:
525 - 用户没有找到
52e - 证书不正确
530 - not permitted to logon at this time
532 - 密码期满
533 - 帐户不可用
701 - 账户期满
773 - 用户必须重设密码
Java代码
1.import java.util.Hashtable;??
2.import javax.naming.Context;??
3.import javax.naming.ldap.LdapContext;??
4.import javax.naming.ldap.InitialLdapContext;??
5.import javax.naming.NamingEnumeration;??
6.import javax.naming.directory.SearchControls;??
7.import javax.naming.directory.SearchResult;??
8.import javax.naming.NamingException;??
9.import javax.naming.directory.Attribute;??
10.import javax.naming.directory.Attributes;??
11.import java.util.Enumeration;??
12.?
13.public class ADOperTest {??
14.? public ADOperTest() {??
15.? }??
16.?
17.? public void GetADInfo() {??
18.??? Hashtable HashEnv = new Hashtable();??
19.?
20.??? String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址??
21.??? //String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名??
22.??? String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法:domain\User 或 User@domain.com??
23.??? adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法:domain\User 或 User@domain.com??
24.??? String adminPassword = "chenzuooaup02"; //密码??
25.?
26.??? HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别??
27.??? HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User??
28.??? HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password??
29.??? HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类??
30.??? HashEnv.put(Context.PROVIDER_URL, LDAP_URL);??
31.?
32.??? try {??
33.????? LdapContext ctx = new InitialLdapContext(HashEnv, null);??
34.????? SearchControls searchCtls = new SearchControls(); //Create the search controls??
35.????? searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope??
36.?
37.????? String searchFilter = "objectClass=User"; //specify the LDAP search filter??
38.????? //String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter??
39.?
40.????? String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点??
41.????? int totalResults = 0;??
42.?
43.????? //Specify the attributes to return??
44.????? //String returnedAtts[] = {"memberOf"};//定制返回属性??
45.????? String returnedAtts[] = {??
46.????????? "url", "whenChanged", "employeeID", "name", "userPrincipalName",??
47.????????? "physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",??
48.????????? "homePhone", "mobile", "department", "sAMAccountName", "whenChanged",??
49.????????? "mail"}; //定制返回属性??
50.?
51.????? searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集??
52.?
53.????? //Search for objects using the filter??
54.????? NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);??
55.?
56.????? while (answer.hasMoreElements()) {??
57.??????? SearchResult sr = (SearchResult) answer.next();??
58.??????? System.out.println("************************************************");??
59.??????? System.out.println(sr.getName());??
60.?
61.??????? Attributes Attrs = sr.getAttributes();??
62.??????? if (Attrs != null) {??
63.????????? try {??
64.??????????? for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {??
65.????????????? Attribute Attr = (Attribute) ne.next();??
66.?
67.????????????? System.out.println("? AttributeID=" + Attr.getID().toString());??
68.?
69.????????????? //读取属性值??
70.????????????? for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {??
71.??????????????? System.out.println("??? AttributeValues=" + e.next().toString());??
72.????????????? }??
73.????????????? System.out.println("??? ---------------");??
74.?
75.????????????? //读取属性值??
76.????????????? Enumeration values = Attr.getAll();??
77.????????????? if (values != null) { // 迭代??
78.??????????????? while (values.hasMoreElements()) {??
79.????????????????? System.out.println("??? AttributeValues=" + values.nextElement());??
80.??????????????? }??
81.????????????? }??
82.????????????? System.out.println("??? ---------------");??
83.??????????? }??
84.????????? }??
85.????????? catch (NamingException e) {??
86.??????????? System.err.println("Throw Exception : " + e);??
87.????????? }??
88.??????? }??
89.????? }??
90.????? System.out.println("Number: " + totalResults);??
91.????? ctx.close();??
92.??? }??
93.?
94.??? catch (NamingException e) {??
95.????? e.printStackTrace();??
96.????? System.err.println("Throw Exception :? " + e);??
97.??? }??
98.? }??
99.?
100.? public static void main(String args[]) {??
101.??? ADOperTest ad = new ADOperTest();??
102.??? ad.GetADInfo();??
103.? }??
104.}?
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import java.util.Enumeration;
public class ADOperTest {
? public ADOperTest() {
? }
? public void GetADInfo() {
??? Hashtable HashEnv = new Hashtable();
??? String LDAP_URL = "ldap://192.168.100.3:389"; //LDAP访问地址
??? //String adminName = "CN=OAWebUser,CN=Users,DC=Hebmc,DC=com";//AD的用户名
??? String adminName = "Hebmc\\OAWebUser"; //注意用户名的写法:domain\User 或 User@domain.com
??? adminName = "OAWebUser@Hebmc.com"; //注意用户名的写法:domain\User 或 User@domain.com
??? String adminPassword = "chenzuooaup02"; //密码
??? HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); //LDAP访问安全级别
??? HashEnv.put(Context.SECURITY_PRINCIPAL, adminName); //AD User
??? HashEnv.put(Context.SECURITY_CREDENTIALS, adminPassword); //AD Password
??? HashEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //LDAP工厂类
??? HashEnv.put(Context.PROVIDER_URL, LDAP_URL);
??? try {
????? LdapContext ctx = new InitialLdapContext(HashEnv, null);
????? SearchControls searchCtls = new SearchControls(); //Create the search controls
????? searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //Specify the search scope
????? String searchFilter = "objectClass=User"; //specify the LDAP search filter
????? //String searchFilter = "objectClass=organizationalUnit";//specify the LDAP search filter
????? String searchBase = "DC=Hebmc,DC=com"; //Specify the Base for the search//搜索域节点
????? int totalResults = 0;
????? //Specify the attributes to return
????? //String returnedAtts[] = {"memberOf"};//定制返回属性
????? String returnedAtts[] = {
????????? "url", "whenChanged", "employeeID", "name", "userPrincipalName",
????????? "physicalDeliveryOfficeName", "departmentNumber", "telephoneNumber",
????????? "homePhone", "mobile", "department", "sAMAccountName", "whenChanged",
????????? "mail"}; //定制返回属性
????? searchCtls.setReturningAttributes(returnedAtts); //设置返回属性集
????? //Search for objects using the filter
????? NamingEnumeration answer = ctx.search(searchBase, searchFilter,searchCtls);
????? while (answer.hasMoreElements()) {
??????? SearchResult sr = (SearchResult) answer.next();
??????? System.out.println("************************************************");
??????? System.out.println(sr.getName());
??????? Attributes Attrs = sr.getAttributes();
??????? if (Attrs != null) {
????????? try {
??????????? for (NamingEnumeration ne = Attrs.getAll(); ne.hasMore(); ) {
????????????? Attribute Attr = (Attribute) ne.next();
????????????? System.out.println("? AttributeID=" + Attr.getID().toString());
????????????? //读取属性值
????????????? for (NamingEnumeration e = Attr.getAll(); e.hasMore();totalResults++) {
??????????????? System.out.println("??? AttributeValues=" + e.next().toString());
????????????? }
????????????? System.out.println("??? ---------------");
????????????? //读取属性值
????????????? Enumeration values = Attr.getAll();
????????????? if (values != null) { // 迭代
??????????????? while (values.hasMoreElements()) {
????????????????? System.out.println("??? AttributeValues=" + values.nextElement());
??????????????? }
????????????? }
????????????? System.out.println("??? ---------------");
??????????? }
????????? }
????????? catch (NamingException e) {
??????????? System.err.println("Throw Exception : " + e);
????????? }
??????? }
????? }
????? System.out.println("Number: " + totalResults);
????? ctx.close();
??? }
??? catch (NamingException e) {
????? e.printStackTrace();
????? System.err.println("Throw Exception :? " + e);
??? }
? }
? public static void main(String args[]) {
??? ADOperTest ad = new ADOperTest();
??? ad.GetADInfo();
? }
}
?
备注:
? 使用LADP访问AD,注意用户名的写法:domain\User 或 User@domain.com。
? 如用户名不正确,则可能会出现如下异常:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece