电话:0731-83595998
导航

JNDI连接WindowsActiveDirectory教程

来源: 2017-12-21 16:19

 百度广告

開始教程:
2. 將 CA Certificate 加入至 jre keystore 裡

1. 建立 IIS SSL:

Install AD:
Run -> dcpromote
NT domain name : joeytaserver

先安裝 IIS , 再安裝 CA.

Install IIS:
Programs -> Administrative Tools -> Configure Your Server Wizard
> Next -> Next -> Application server (IIS, ASP.NET) -> Next

進入 http://joeyserver.joeyta.local/postinfo.html 表示安裝成功.

Install CA:
Settings -> Control Panel -> Add or Remove Programs
> Add/Remove Windows Components
Next 
Next 
Next

進入 http://joeyserver.joeyta.local/CertSrv 表示安裝成功.


Start -> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager
> Internet Information Services -> (local computer) -> Web Sites
> 右鍵點選 Default Web Site -> Properties
Server Certificate
> Create a new certificate -> Prepare the request now, but send it later
最後產生 certificate request file , 預設為 c:"certreq.txt


進入 http://joeyserver.joeyta.local/CertSrv
advanced certificate request
Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file
Certificate Template 選擇 Web Server, 按 Submit


Start -> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager
> Internet Information Services -> (local computer) -> Web Sites
> 右鍵點選 Default Web Site -> Properties
Server Certificate
> Process the pending request and install the certificate -> Next
Next
Next -> Next -> Finish|||


進入 http://joeyserver.joeyta.local/CertSrv
點選 Download CA certificate , 然後下載並改名為 c:"testca_cert.cer

然後執行 command:
keytool -import -alias testca_cert -file "/testca_cert.cer" -keystore "/jdk1.5.0_09/jre/lib/security/cacerts" -storepass "changeit"

出現 Trusted this certificate? 按 "y" 即新增成功.



package test.ldap;
import javax.naming.AuthenticationException;import javax.naming.Context;
import javax.naming.directory.Attribute;import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;import javax.naming.directory.ModificationItem;
import javax.naming.ldap.Control;import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsResponse;
   public byte getEncodedValue() {
   }
    return "1.2.840.113556.1.4.1781";
public boolean isCritical() {
}public class LDAPFastBind {
   public LdapContext ctx = null; 
   public LDAPFastBind(String ldapurl) {
   env.put(Context.INITIAL_CONTEXT_FACTORY, 
   env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
       env.put(Context.SECURITY_PROTOCOL,"ssl");  
   System.setProperty("javax.net.ssl.trustStore",keystore);
    // first time we initialize the context, no credentials are supplied
   try {
    } catch (NamingException e) {
   }
   public boolean Authenticate(String username, String password) {
     ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username); 
     ctx.reconnect(connCtls);     System.out.println(username + " is authenticated"); 
   }||| 
     System.out.println(username + " is not authenticated"); 
     return false; 
     System.out.println(username + " is not authenticated"); 
     return false;
   }
    try {
     System.out.println("Context is closed");
     System.out.println("Context close failure " + e);
   }
    try {
     SearchControls searchCtls = new SearchControls();
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
     //String searchFilter = "(&(objectClass=user)(CN=test))";
     String searchFilter = "(&(objectClass=user)(CN=peter lee))";
     String searchBase = "DC=joeyta,DC=local"; 
     int totalResults = 0; 
     String returnedAtts = { "givenName", "mail" };
     // Search for objects using the filter
         searchCtls);
     while (answer.hasMoreElements()) {
       System.out.println(">>>" + sr.getName());
       Attributes attrs = sr.getAttributes();
         try {
               .hasMore();) {
             System.out.println("Attribute: " + attr.getID());
                .hasMore(); totalResults++) {
                  + e.next());
           }
           System.err.println("Problem listing membership: " + e);
       }
     System.out.println("Total attrs: " + totalResults);
    catch (NamingException e) {
    }
    public boolean adminChangePassword(String sUserName, String sNewPassword){
         //set password is a ldap modfy operation
      //Replace the "unicdodePwd" attribute with a new value 
     String newQuotedPassword = """" + sNewPassword + """";
      mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
     ctx.modifyAttributes(sUserName, mods); 
            return true;
    catch (NamingException e) {
    }
     System.out.println("Problem encoding password: " + e);
    return false;
    public boolean userChangePassword(String sUserName, String sOldPassword, String sNewPassword){
     //StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
           //change password is a single ldap modify operation
     ModificationItem mods = new ModificationItem;
     //Then add the new password,Passwords must be both Unicode and a quoted string
    te oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
    te newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); 
     mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); 
     ctx.modifyAttributes(sUserName, mods);
       //tls.close();
    }
     System.err.println("Problem changing password: " + e);
    catch (UnsupportedEncodingException e) {
    } catch ( Exception e){
         }
   }
    try {
     Attributes attrs = new BasicAttributes(true);
     //Note that Win2K3 will automagically create a random
     attrs.put("objectClass","user"); 
     attrs.put("cn","Alan Tang"); 
     attrs.put("givenName","Alan");
     attrs.put("displayName","Alan Tang");
     attrs.put("userPrincipalName","alan-AT-joeyta.local"); 
     attrs.put("telephoneNumber","123 456 789");
     int UF_ACCOUNTDISABLE = 0x0002;
     int UF_PASSWD_CANT_CHANGE = 0x0040;
     int UF_DONT_EXPIRE_PASSWD = 0x10000;
         //Note that you need to create the user object before you can
      //password, user AccountControl must be set to the following
     //unwilling to perform.
           // Create the context
     System.out.println("Created disabled account for: " + sUserName); 
     //password and change the userAccountControl 
     //lets use StartTLS
     //tls.negotiate();
     //and we'll update the userAccountControl
     //the first time they login 
         //Replace the "unicdodePwd" attribute with a new value 
     String newQuotedPassword = """P-AT-ssw0rd""";
      mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); 
         // Perform the update 
     System.out.println("Set password & updated userccountControl");
       try 
         ModificationItem member = new ModificationItem[1]; 
                 ctx.modifyAttributes(sGroupName,member);
        }
         System.err.println("Problem adding user to group: " + e);
     //Could have put tls.close()  prior to the group modification
     //tls.close();
     return true;
    catch (NamingException e) {
    } 
     System.err.println("Problem creating object: " + e);
   return false;
   public boolean addUserToGroup(LdapContext ctx, String userDN, String groupDN) {
     ModificationItem mods = new ModificationItem[1]; 
     System.out.println("Added user " + userDN + " to group " + groupDN);
    } catch (NamingException ne){
    } 
   public boolean removeUserFromGroup(LdapContext ctx, String userDN, String groupDN) {
     ModificationItem mods = new ModificationItem[1]; 
     System.out.println("Remove user " + userDN + " from group " + groupDN);
   } catch (NamingException ne){
    } 
   } 

/***************************** LDAPClient.java *****************/package test.ldap;class LDAPClient {
    // Could also use ldaps over port 636 to protect the communication to 
    // env.put(Context.SECURITY_PROTOCOL,"ssl") to the "server" code
    String ldapurl = ldap://joeyserver.joeyta.local:636;
         String sAdminUserName = "CN=Administrator,CN=Users,DC=joeyta,DC=local";
       //    String sUserName = "CN=peter lee,CN=Users,DC=joeyta,DC=local";
    //    String sUserName = peter@joeyta.local;
    String sNewPassword = P@$$w0rd;
   String sNewGroupName = "CN=test,CN=Users,DC=joeyta,DC=local"; 
    //    boolean IsAuthenticated = ctx.Authenticate(sUserName, sOldPassword);           ctx.printUserAccountControl();
       //boolean IsAdminSuccessChangePWD = ctx.adminChangePassword(sUserName,sNewPassword);
       ctx.finito();

编辑推荐:

下载Word文档

温馨提示:因考试政策、内容不断变化与调整,长理培训网站提供的以上信息仅供参考,如有异议,请考生以权威部门公布的内容为准! (责任编辑:长理培训)

网络课程 新人注册送三重礼

已有 22658 名学员学习以下课程通过考试

网友评论(共0条评论)

请自觉遵守互联网相关政策法规,评论内容只代表网友观点!

最新评论

点击加载更多评论>>

精品课程

更多
10781人学习

免费试听更多

相关推荐
图书更多+
  • 电网书籍
  • 财会书籍
  • 其它工学书籍
拼团课程更多+
  • 电气拼团课程
  • 财会拼团课程
  • 其它工学拼团
热门排行

长理培训客户端 资讯,试题,视频一手掌握

去 App Store 免费下载 iOS 客户端