最近研究了下在AD中如何添加和修改用户密码。AD中修改密码一定要通过SSL或TLS才可以进行修改,这是MS硬性规定的,这就造成了还要做很多其它方面的配置工作,很麻烦,不过想想也合理,传输密码不加密被截获了也就完了。
前期要做的工作基本就是安装CA,获取证书,绑定keystore等等,过几天会详细写一下这几步的操作,现在先贴出代码。
import java.io.UnsupportedEncodingException.
import java.util.Hashtable.
import javax.naming.Context.
import javax.naming.NamingEnumeration.
import javax.naming.NamingException.
import javax.naming.directory.Attribute.
import javax.naming.directory.Attributes.
import javax.naming.directory.BasicAttribute.
import javax.naming.directory.DirContext.
import javax.naming.directory.ModificationItem.
import javax.naming.directory.SearchControls.
import javax.naming.directory.SearchResult.
import javax.naming.ldap.InitialLdapContext.
import javax.naming.ldap.LdapContext.
public class OpAD{
private LdapContext ctx = null.
private String adminName = "administrator@testad.com".
private String adminpassword = "password".
private String keystore = "C:/testca.keystore".
private String keyPassword = "changeit".
private String ldapURL = "ldaps://ldap.testad.com:636".
private String searchBase = "DC=testad,DC=com".
private String returnedAtts[] = { "distinguishedName" }.
private boolean initial_Ldap() {
Hashtable env = new Hashtable().
System.setProperty("javax.net.ssl.trustStore", keystore).
System.setProperty("javax.net.ssl.trustStorePassword", keyPassword).
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory").
env.put(Context.SECURITY_AUTHENTICATION, "simple").
env.put(Context.SECURITY_PRINCIPAL, adminName).
env.put(Context.SECURITY_CREDENTIALS, adminpassword).
env.put(Context.SECURITY_PROTOCOL, "ssl").
env.put(Context.PROVIDER_URL, ldapURL).
try {
System.out.println("Start InitialLdapContext").
ctx = new InitialLdapContext(env, null).
System.out.println("InitialLdapContext succeed").
} catch (NamingException e) {
System.out.println("Problem initial_Ldap NamingException: " e).
return false.
}
return true.
}
private boolean close_Ldap() {
System.out.println("Close Ldap").
try {
ctx.close().