`
balaschen
  • 浏览: 190178 次
  • 性别: Icon_minigender_1
社区版块
存档分类
最新评论

添加用户、修改ad密码

SUNJavaSecurity.netthread 
阅读更多
java 代码
 
  1. /**  
  2.  *   
  3.  */  
  4. package ldap;   
  5.   
  6. import java.util.Properties;   
  7.   
  8. import javax.naming.*;   
  9. import javax.naming.ldap.*;   
  10. import javax.naming.directory.*;   
  11.   
  12. /**  
  13.  * @author Keven Chen  
  14.  * @version $Revision 1.0 $  
  15.  *   
  16.  */  
  17. public class AddAdUser {   
  18.     private static final String SUN_JNDI_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";   
  19.   
  20.     public static void main(String[] args) throws Exception {   
  21.         String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";   
  22.         System.setProperty("javax.net.ssl.trustStore", keystore);   
  23.   
  24.         Properties env = new Properties();   
  25.   
  26.         env.put(Context.INITIAL_CONTEXT_FACTORY, SUN_JNDI_PROVIDER);// java.naming.factory.initial   
  27.         env.put(Context.PROVIDER_URL, "ldap://192.168.1.32:636");// java.naming.provider.url   
  28.         env.put(Context.SECURITY_AUTHENTICATION, "simple");// java.naming.security.authentication   
  29.         env.put(Context.SECURITY_PRINCIPAL,   
  30.                 "cn=Administrator,cn=Users,dc=comwave,dc=com");// java.naming.security.principal   
  31.         env.put(Context.SECURITY_CREDENTIALS, "password");// java.naming.security.credentials   
  32.         env.put(Context.SECURITY_PROTOCOL, "ssl");   
  33.   
  34.         String userName = "CN=test,CN=Users,DC=comwave,DC=com";   
  35.         String groupName = "CN=Domain Admins,CN=Users,DC=comwave,DC=com";   
  36.   
  37.         LdapContext ctx = new InitialLdapContext(env, null);   
  38.   
  39.         // Create attributes to be associated with the new user   
  40.         Attributes attrs = new BasicAttributes(true);   
  41.   
  42.         // These are the mandatory attributes for a user object   
  43.         // Note that Win2K3 will automagically create a random   
  44.         // samAccountName if it is not present. (Win2K does not)   
  45.         attrs.put("objectClass""user");   
  46.         attrs.put("sAMAccountName""test");   
  47.         attrs.put("cn""test");   
  48.   
  49.         // These are some optional (but useful) attributes   
  50.         attrs.put("sn""test");   
  51.         attrs.put("displayName""test");   
  52.         attrs.put("description""测试");   
  53.         attrs.put("userPrincipalName""test@comwave.com");   
  54.         attrs.put("mail""test@comwave.com");   
  55.         attrs.put("telephoneNumber""1234568999");   
  56.   
  57.         // some useful constants from lmaccess.h   
  58.         int UF_ACCOUNTDISABLE = 0x0002;   
  59.         int UF_PASSWD_NOTREQD = 0x0020;   
  60.         int UF_PASSWD_CANT_CHANGE = 0x0040;   
  61.         int UF_NORMAL_ACCOUNT = 0x0200;   
  62.         int UF_DONT_EXPIRE_PASSWD = 0x10000;   
  63.         int UF_PASSWORD_EXPIRED = 0x800000;   
  64.   
  65.         // Note that you need to create the user object before you can   
  66.         // set the password. Therefore as the user is created with no   
  67.         // password, user AccountControl must be set to the following   
  68.         // otherwise the Win2K3 password filter will return error 53   
  69.         // unwilling to perform.   
  70.   
  71.         attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT   
  72.                 + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));   
  73.   
  74.         // Create the context   
  75.         Context result = ctx.createSubcontext(userName, attrs);   
  76.         System.out.println("Created disabled account for: " + userName);   
  77.   
  78.         ModificationItem[] mods = new ModificationItem[2];   
  79.   
  80.         // Replace the "unicdodePwd" attribute with a new value   
  81.         // Password must be both Unicode and a quoted string   
  82.         String newQuotedPassword = "\"Password2000\"";   
  83.         byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");   
  84.   
  85.         mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,   
  86.                 new BasicAttribute("unicodePwd", newUnicodePassword));   
  87.         mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,   
  88.                 new BasicAttribute("userAccountControl", Integer   
  89.                         .toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));   
  90.   
  91.         // Perform the update   
  92.         ctx.modifyAttributes(userName, mods);   
  93.         System.out.println("Set password & updated userccountControl");   
  94.         // now add the user to a group.   
  95.   
  96.         try {   
  97.             ModificationItem member[] = new ModificationItem[1];   
  98.             member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,   
  99.                     new BasicAttribute("member", userName));   
  100.   
  101.             ctx.modifyAttributes(groupName, member);   
  102.             System.out.println("Added user to group: " + groupName);   
  103.   
  104.         } catch (NamingException e) {   
  105.             System.err.println("Problem adding user to group: " + e);   
  106.         }   
  107.         // Could have put tls.close() prior to the group modification   
  108.         // but it seems to screw up the connection or context ?   
  109.   
  110.         ctx.close();   
  111.   
  112.         System.out.println("Successfully created User: " + userName);   
  113.   
  114.     }   
  115.   
  116. }   
java 代码
 
  1. /**  
  2.  *   
  3.  */  
  4. package ldap;   
  5.   
  6. import java.io.IOException;   
  7. import java.io.UnsupportedEncodingException;   
  8. import java.util.Hashtable;   
  9.   
  10. import javax.naming.Context;   
  11. import javax.naming.NamingException;   
  12. import javax.naming.directory.BasicAttribute;   
  13. import javax.naming.directory.DirContext;   
  14. import javax.naming.directory.ModificationItem;   
  15. import javax.naming.ldap.InitialLdapContext;   
  16. import javax.naming.ldap.LdapContext;   
  17. import javax.naming.ldap.StartTlsRequest;   
  18. import javax.naming.ldap.StartTlsResponse;   
  19.   
  20. /**  
  21.  * @author Keven Chen  
  22.  * @version $Revision 1.0 $  
  23.  *  
  24.  */  
  25. public class UpdatePasswordTLS {   
  26.     public static void main (String[] args)   
  27.     {   
  28.        
  29.         Hashtable env = new Hashtable();   
  30.         String adminName = "CN=Administrator,CN=Users,DC=comwave,DC=com";   
  31.         String adminPassword = "aadsasdfasd";   
  32.         String userName = "CN=keven,CN=Users,DC=comwave,DC=com";   
  33.         String newPassword = "aaaaaaaa";   
  34.            
  35.         String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";   
  36.         System.setProperty("javax.net.ssl.trustStore",keystore);   
  37.            
  38.         //Access the keystore, this is where the Root CA public key cert was installed   
  39.         //Could also do this via command line java -Djavax.net.ssl.trustStore....   
  40.         //String keystore = "/usr/java/jdk1.5.0_01/jre/lib/security/cacerts";   
  41.         //System.setProperty("javax.net.ssl.trustStore",keystore);   
  42.     
  43.         env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");   
  44.     
  45.         //set security credentials, note using simple cleartext authentication   
  46.         env.put(Context.SECURITY_AUTHENTICATION,"simple");   
  47.         env.put(Context.SECURITY_PRINCIPAL,adminName);   
  48.         env.put(Context.SECURITY_CREDENTIALS,adminPassword);   
  49.         env.put(Context.SECURITY_PROTOCOL,"ssl");   
  50.     
  51.         //connect to my domain controller   
  52.         String ldapURL = "ldap://192.168.1.32:636";   
  53.         env.put(Context.PROVIDER_URL,ldapURL);   
  54.            
  55.         try {   
  56.     
  57. //           Create the initial directory context   
  58.             LdapContext ctx = new InitialLdapContext(env,null);   
  59.            
  60.             //set password is a ldap modfy operation   
  61.             ModificationItem[] mods = new ModificationItem[1];   
  62.     
  63.             //Replace the "unicdodePwd" attribute with a new value   
  64.             //Password must be both Unicode and a quoted string   
  65.             String newQuotedPassword = "\"" + newPassword + "\"";   
  66.             byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");   
  67.     
  68.             //注意:如果是当前用户自行修改密码,需要先删除oldpassword,然后在添加新的password   
  69.             /*  
  70.             ModificationItem[] mods = new ModificationItem[2];  
  71.             //Firstly delete the "unicdodePwd" attribute, using the old password  
  72.             //Then add the new password,Passwords must be both Unicode and a quoted string   
  73.             String oldQuotedPassword = "\"" + sOldPassword + "\"";  
  74.             byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");  
  75.             String newQuotedPassword = "\"" + sNewPassword + "\"";  
  76.             byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");  
  77.             mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));  
  78.             mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));  
  79.             // Perform the update  
  80.             ctx.modifyAttributes(sUserName, mods);  
  81.             */  
  82.                
  83.             mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));   
  84.     
  85.             // Perform the update   
  86.             ctx.modifyAttributes(userName, mods);   
  87.            
  88.             System.out.println("Reset Password for: " + userName);     
  89.             ctx.close();   
  90.   
  91.     
  92.         }    
  93.         catch (NamingException e) {   
  94.             System.out.println("Problem resetting password: " + e);   
  95.         }   
  96.         catch (UnsupportedEncodingException e) {   
  97.             System.out.println("Problem encoding password: " + e);   
  98.         }   
  99.         catch (IOException e) {   
  100.             System.out.println("Problem with TLS: " + e);   
  101.         }   
  102.     
  103.     }   
  104.   
  105. }   
分享到:
| ldap 访问AD测试
评论
9 楼 路人甲wxf 2014-05-26  
.net可以在不使用证书的情况下修改密码,java做不到吗?
8 楼 Leecupn 2009-08-21  
是的,确实是证书没正确导入。后来我解决了。
请问,我能不能添加或删除一个Group呢???
你做过相关项目吗?
还有,一定要通过
      String keystore = "F:\\jdk1.5.0_08\\jre\\lib\\security\\cacerts";   
     System.setProperty("javax.net.ssl.trustStore", keystore); 
这种方式来导入证书吗?还有其他方式没有啊?
7 楼 balaschen 2009-08-19  
应该是证书没正确导入到keyStord指定的位置
6 楼 balaschen 2009-08-19  
你这明显是SSL没配置好。
5 楼 Leecupn 2009-08-17  
你好,我用你的方法,但是不知道怎么搞的,报以下异常:
Exception in thread "main" javax.naming.CommunicationException: simple bind failed: 192.168.136.202:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at com.zony.ldap2.AddAdUser.main(AddAdUser.java:29)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
... 12 more
能帮助我吗??
谢谢
4 楼 Fire_Wings 2009-04-01  
wls981 写道

您好,我也用java通过LDAP修改AD的用户密码,我是用admin修改其他用户的密码的,但是报下面的错误,我导入证书了:Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0];&nbsp; remaining name 'cn=wls,cn=Users,dc=gnt,dc=com,dc=cn' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758) at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1441) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161) at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148) at test.LdapOperator.changePassword(LdapOperator.java:166) at test.LdapOperator.main(LdapOperator.java:334)请问会是什么原因引起的,我新增用户,修改用户的属性都没有问题,唯独修改密码不行。谢谢!



你的密码不符合密码策略,换个符合策略的密码就行了,我也遇到了这种情况,换个密码是一种解决方案
3 楼 wls981 2009-01-12  
您好,我也用java通过LDAP修改AD的用户密码,我是用admin修改其他用户的密码的,但是报下面的错误,我导入证书了:

Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0];  remaining name 'cn=wls,cn=Users,dc=gnt,dc=com,dc=cn'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1441)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148)
at test.LdapOperator.changePassword(LdapOperator.java:166)
at test.LdapOperator.main(LdapOperator.java:334)


请问会是什么原因引起的,我新增用户,修改用户的属性都没有问题,唯独修改密码不行。
谢谢!
2 楼 balaschen 2008-09-04  
你AD Server的SSL配置没配好吧,netstat查看有没有打开636端口号
1 楼 haidii 2008-08-20  
你好,我用你的方法,不知道怎么搞的,报以下异常:
Exception in thread "main" javax.naming.CommunicationException: simple bind failed: localhost:636 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at ldap.AddAdUser.main(AddAdUser.java:34)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
... 12 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 20 more
你能帮助我吗??
谢谢!
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics