package ldap;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class TestLDAP {
/**
* 相关问题:
* 1.权限的控制,
* 2.匿名登录的验证
* 3.登录的方式:匿名,用户名密码验证
*/
private Hashtable<String, String> env = new Hashtable<String, String>();
/**
* @return
* @throws NamingException
*/
public LdapContext getLdapConnection(String userName,String passwd) {
LdapContext ldapContext = null;
//用户名称,cn,ou,dc 分别:用户,组,域
env.put(Context.SECURITY_PRINCIPAL, userName);
//用户密码 cn 的密码
env.put(Context.SECURITY_CREDENTIALS, passwd);
//url 格式:协议://ip:端口/组,域 ,直接连接到域或者组上面
env.put(Context.PROVIDER_URL, "ldap://10.0.31.243:10389/dc=sugon,dc=com");
//LDAP 工厂
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
//验证的类型 "none", "simple", "strong"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
try {
ldapContext = new InitialLdapContext(env, null);
System.out.println("---connection is ready----");
} catch (NamingException e) {
//e.printStackTrace();
System.out.println("--- get connection failure ----");
}
return ldapContext;
}
public static void main(String[] args) throws NamingException{
TestLDAP authUser = new TestLDAP();
//testldap.getLdapConnection("uid=admin,ou=system","secret");
//authUser.getLdapConnection("cn=kfc001,ou=kfc,dc=sugon,dc=com","kfc000");
//authUser.authUser();
authUser.updateUser();
}
/**
* 在连接的域下面,新建组,以及在组下新建用户
* @param userDn
* @param password
* @return
* @throws NamingException
*/
public boolean addLDAPUser() throws NamingException{
LdapContext ldapContext = getLdapConnection("cn=test,ou=coreplatform,dc=sugon,dc=com","sugon123");
String BASE_DN ="";
String appName = "kfc";
String userName = "kfc001";
String passwd = "kfc001";
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> answer = ldapContext.search(BASE_DN,
"(&(objectclass=organizationalUnit)(ou="+ appName +"))", sc);
System.out.println("answer is :"+answer.hasMoreElements());
if (!answer.hasMoreElements()) {
// 创建一个组
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "organizationalUnit");
attrs.put("ou","kfc");
ldapContext.createSubcontext("ou=" + "kfc" , attrs);
}
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "organizationalPerson");
attrs.put("cn",userName);
attrs.put("sn",userName);
attrs.put("userPassword",passwd);
ldapContext.createSubcontext("cn=" + userName+ "," + "ou=" + appName , attrs);
ldapContext.close();
System.out.println("----");
return true;
}
/**
*更新用户信息
* @throws NamingException
*/
public void updateUser() throws NamingException{
LdapContext ldapContext = getLdapConnection("cn=test,ou=coreplatform,dc=sugon,dc=com","sugon123");
//
ModificationItem[] mods = new ModificationItem[3];
mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", "test"));
mods[1] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("cn", "test"));
mods[2] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("sn", "test"));
ldapContext.modifyAttributes("cn=test,ou=coreplatform", mods);
System.out.println("change passwd successed!");
ldapContext.close();
}
}
