📄 ldap.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>JAVA使用LDAP修改windows Active Directory 域用户密码</title>
</head>
<body>
<table>
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" bgColor="#ffffff" border="0">
<tbody>
<tr>
<td class="title1" align="middle" width="100%" bgColor="#eeeeee" colSpan="3" height="40"><b>JAVA使用LDAP修改windows Active Directory 域用户密码</b></td>
</tr>
<tr>
<td align="middle" width="100%" bgColor="#eeeeee"><a href="mailto:moaihe1111@163.ocm">liaowufeng</a>
原创 更新:2005-12-12 13:53:38 版本:
1.0 </td>
</tr>
</tbody>
</table>
</td>
</tr>
<!-- end of article title -->
<tr>
<td vAlign="top" align="middle" width="100%"><!--start of article content -->
<table class="rtable" width="98%" border="0">
<tbody>
<tr>
<td class="text" align="left" width="100%"><br>
<h3>JAVA使用LDAP修改windows Active Directory 域用户密码</h3>
<br>
<h5><b>作者:廖武锋</b></h5>
<br>
<h5>MSN:liaowufeng1111@hotmail.com</h5>
<br>
<h5>QQ: 38773367</h5>
<br>
<h5>email: moaihe1111@163.com</h5>
<br>
本人为作者原创,若转贴,请保留作者署名,谢谢!<br>
1 注意:<br>
1. LDAP 无法获取windows Active Directory 用户密码<br>
2. 系统管理员可以修改其他用户的密码(不需要知道原来的旧密码),或者用户可以修改自己的密码(用户必须知道自己的密码)。这些密码修改操作必须通过一个安全通道来执行,象SSL、TLS、Kerberos。<br>
3. Windows 2000 域控制器不支持TLS协议。但是Windows 2000 和 Windows Server 2003 域控制器都支持SSL。对基于SSL或TLS的会话,你的工作站(或指定的JRE)必须信任域控制器认证中心发布的CA证书。<br>
<br>
相关资料可到<a class="l2" href="http://" target="_blank">www.ldapchina.com</a>网站在看<br>
<br>
具体步骤如下:<br>
环境要求:<br>
一台安装Active Directory 的服务器,域名为security.boco<br>
一台安装证书服务(需安装企业根证书)的服务器,此服务器加入security域中<br>
一台安装JAVA应用的服务器,此服务器不需要加入security域中<br>
安装步骤:<br>
1 安装Active Directory 域控制器<br>
2 安装证书服务<br>
3 以域用户登录到安装了证书服务的服务器中,导出域根证书和计算机证书<br>
第一步:进入MMC控制台,添加证书,选择本地计算机<br>
<br>
<img src="LDAP/Snap21.JPG" width="800" height="600"><br>
进入MMC 控制台<br>
<br>
<img src="LDAP/Snap22.JPG" width="800" height="600"><br>
<br>
添加证书管理单元,选择本地计算机<br>
<br>
<br>
第二步展开刚增加的证书节点,选择证书个人->证书,选择CA证书,导出<br>
<br>
<img src="LDAP/Snap23.JPG" width="800" height="600"><br>
<br>
第三步展开证书节点,选择证书个人证书 ,右击所有任务,申请新证书,证书类型选择计算机类型<br>
<br>
<img src="LDAP/Snap24.JPG" width="800" height="600"><br>
<br>
<br>
<img src="LDAP/Snap25.JPG" width="800" height="600"><br>
<br>
<br>
4 将从证书中导出的两个证书文件,*.cer 使用java的keytool工具创建或导入证书库文件中<br>
<br>
<br>
导入CA证书<br>
D:\Borland\jdk142_05\bin>keytool -import -keystore security51.keystore -file 51A<br>
Droot.cer<br>
输入keystore密码: lwfmah<br>
Owner: CN=securityCA, DC=security, DC=boco<br>
发照者: CN=securityCA, DC=security, DC=boco<br>
序号: 72880fb3005cd7a54efa9c224241008b<br>
有效期间: Thu Nov 10 20:48:49 CST 2005 至: Tue Nov 10 20:55:33 CST 2015<br>
认证指纹:<br>
MD5: 51:3F:C3:B1:C3:A6:EF:24:55:70:2A:25:0D:EB:57:59<br>
SHA1: B3:EE:CC:92:E3:D4:87:48:D4:1D:F3:53:5B:0E:99:E1:B7:0F:27:20<br>
信任这个认证? [否]: y<br>
认证已添加至keystore中<br>
<br>
导入申请的计算机证书<br>
D:\Borland\jdk142_05\bin>keytool -import -keystore security51.keystore -alias co<br>
mkey -file 51AD.cer<br>
输入keystore密码: lwfmah<br>
认证已添加至keystore中<br>
<br>
5 编写如下代码修改Active Direcotry 域用户密码<br>
<br>
<div class="codeStyle">
<ol>
<li>
<li><b><font color="#0000ff">public</font></b> <b><font color="#0000ff">static</font></b> <b><font color="#0000ff">void</font></b> main(<b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b>[] args) <b><font color="#0000ff">throws</font></b> <font color="#ff0000">UnknownHostException</font>,
<li> <font color="#ff0000">IOException</font> {
<li><i><font color="#339900">// java.net.Socket sock = new java.net.Socket("10.110.180.50",636);</font></i>
<li><i><font color="#339900">// boolean b = sock.isConnected();</font></i>
<li> <font color="#ff0000">Hashtable</font> env = <b><font color="#0000ff">new</font></b> <font color="#ff0000">Hashtable</font>();
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> adminName = <font color="#ff33ff">"cn=administrator,cn=users,DC=security,DC=boco"</font>;
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> adminpassword = <font color="#ff33ff">"123456789"</font>;
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> userName = <font color="#ff33ff">"CN=iam_lwf_count,OU=网管中心,DC=security,DC=boco"</font>;
<li> <i><font color="#339900">// old password Ab123456</font></i>
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> newPassword = <font color="#ff33ff">"liaowufeng"</font>;
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> keystore = <font color="#ff33ff">"D:/Borland/jdk142_05/bin/security51.keystore"</font>;
<li> <i><font color="#339900">// String keystore = "E:/project/iam/testADlhj.keystore";</font></i>
<li><b><a href="http://www.javaresearch.org/source/jdk142/java/lang/System.java.html" target="_blank"><font class="classLink"><u>System</u></font></a></b>.setProperty(<font color="#ff33ff">"javax.net.ssl.trustStore"</font>, keystore);
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/System.java.html" target="_blank"><font class="classLink"><u>System</u></font></a></b>.setProperty(<font color="#ff33ff">"javax.net.ssl.trustStorePassword"</font>, <font color="#ff33ff">"lwfmah"</font>);
<li> env.put(<font color="#ff0000">Context</font>.INITIAL_CONTEXT_FACTORY,<font color="#ff33ff">"com.sun.jndi.ldap.LdapCtxFactory"</font>);
<li> env.put(<font color="#ff0000">Context</font>.SECURITY_AUTHENTICATION, <font color="#ff33ff">"simple"</font>);
<li> env.put(<font color="#ff0000">Context</font>.SECURITY_PRINCIPAL, adminName);
<li> env.put(<font color="#ff0000">Context</font>.SECURITY_CREDENTIALS, adminpassword);
<li> env.put(<font color="#ff0000">Context</font>.SECURITY_PROTOCOL, <font color="#ff33ff">"ssl"</font>);
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> ldapURL = <font color="#ff33ff">"ldaps://10.110.180.50:636"</font>;
<li> env.put(<font color="#ff0000">Context</font>.PROVIDER_URL, ldapURL);
<li> <b><font color="#0000ff">try</font></b> {
<li> <font color="#ff0000">LdapContext</font> ctx = <b><font color="#0000ff">new</font></b> <font color="#ff0000">InitialLdapContext</font>(env, <b><font color="#0000ff">null</font></b>);
<li> <font color="#ff0000">ModificationItem</font>[] mods = <b><font color="#0000ff">new</font></b> <font color="#ff0000">ModificationItem</font>[1];
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/String.java.html" target="_blank"><font class="classLink"><u>String</u></font></a></b> newQuotedPassword = <font color="#ff33ff">"\""</font> + newPassword + <font color="#ff33ff">"\""</font>;
<li> <b><font color="#0000ff">byte</font></b>[] newUnicodePassword = newQuotedPassword.getBytes(<font color="#ff33ff">"UTF-16LE"</font>);
<li> mods[0] = <b><font color="#0000ff">new</font></b> <font color="#ff0000">ModificationItem</font>(<font color="#ff0000">DirContext</font>.REPLACE_ATTRIBUTE,<b><font color="#0000ff">new</font></b> <font color="#ff0000">BasicAttribute</font>(<font color="#ff33ff">"unicodePwd"</font>,newUnicodePassword));
<li> ctx.modifyAttributes(userName, mods);
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/System.java.html" target="_blank"><font class="classLink"><u>System</u></font></a></b>.out.println(<font color="#ff33ff">"Reset Password for: "</font> + userName);
<li> ctx.close();
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/System.java.html" target="_blank"><font class="classLink"><u>System</u></font></a></b>.out.println(<font color="#ff33ff">"Problem encoding password222: "</font>);
<li> } <b><font color="#0000ff">catch</font></b> (<b><a href="http://www.javaresearch.org/source/jdk142/java/lang/Exception.java.html" target="_blank"><font class="classLink"><u>Exception</u></font></a></b> e) {
<li> e.printStackTrace();
<li> <b><a href="http://www.javaresearch.org/source/jdk142/java/lang/System.java.html" target="_blank"><font class="classLink"><u>System</u></font></a></b>.out.println(<font color="#ff33ff">"Problem encoding password222: "</font> + e);
<li> }
<li>}</li>
</ol>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</table>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -