JNDI连接WindowsActiveDirectory教程
百度广告
開始教程:
2. 將 CA Certificate 加入至 jre keystore 裡
1. 建立 IIS SSL:
Install AD:
Run -> dcpromote
NT domain name : joeytaserver
先安裝 IIS , 再安裝 CA.
Install IIS:
Programs -> Administrative Tools -> Configure Your Server Wizard
> Next -> Next -> Application server (IIS, ASP.NET) -> Next
進入 http://joeyserver.joeyta.local/postinfo.html 表示安裝成功.
Install CA:
Settings -> Control Panel -> Add or Remove Programs
> Add/Remove Windows Components
Next
Next
Next
進入 http://joeyserver.joeyta.local/CertSrv 表示安裝成功.
Start -> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager
> Internet Information Services -> (local computer) -> Web Sites
> 右鍵點選 Default Web Site -> Properties
Server Certificate
> Create a new certificate -> Prepare the request now, but send it later
最後產生 certificate request file , 預設為 c:"certreq.txt
進入 http://joeyserver.joeyta.local/CertSrv
advanced certificate request
Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file
Certificate Template 選擇 Web Server, 按 Submit
Start -> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager
> Internet Information Services -> (local computer) -> Web Sites
> 右鍵點選 Default Web Site -> Properties
Server Certificate
> Process the pending request and install the certificate -> Next
Next
Next -> Next -> Finish|||
進入 http://joeyserver.joeyta.local/CertSrv
點選 Download CA certificate , 然後下載並改名為 c:"testca_cert.cer
然後執行 command:
keytool -import -alias testca_cert -file "/testca_cert.cer" -keystore "/jdk1.5.0_09/jre/lib/security/cacerts" -storepass "changeit"
出現 Trusted this certificate? 按 "y" 即新增成功.
package test.ldap;
import javax.naming.AuthenticationException;import javax.naming.Context;
import javax.naming.directory.Attribute;import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;import javax.naming.directory.ModificationItem;
import javax.naming.ldap.Control;import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsResponse;
public byte getEncodedValue() {
}
return "1.2.840.113556.1.4.1781";
public boolean isCritical() {
}public class LDAPFastBind {
public LdapContext ctx = null;
public LDAPFastBind(String ldapurl) {
env.put(Context.INITIAL_CONTEXT_FACTORY,
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL,"ssl");
System.setProperty("javax.net.ssl.trustStore",keystore);
// first time we initialize the context, no credentials are supplied
try {
} catch (NamingException e) {
}
public boolean Authenticate(String username, String password) {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
ctx.reconnect(connCtls); System.out.println(username + " is authenticated");
}|||
System.out.println(username + " is not authenticated");
return false;
System.out.println(username + " is not authenticated");
return false;
}
try {
System.out.println("Context is closed");
System.out.println("Context close failure " + e);
}
try {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//String searchFilter = "(&(objectClass=user)(CN=test))";
String searchFilter = "(&(objectClass=user)(CN=peter lee))";
String searchBase = "DC=joeyta,DC=local";
int totalResults = 0;
String returnedAtts = { "givenName", "mail" };
// Search for objects using the filter
searchCtls);
while (answer.hasMoreElements()) {
System.out.println(">>>" + sr.getName());
Attributes attrs = sr.getAttributes();
try {
.hasMore();) {
System.out.println("Attribute: " + attr.getID());
.hasMore(); totalResults++) {
+ e.next());
}
System.err.println("Problem listing membership: " + e);
}
System.out.println("Total attrs: " + totalResults);
catch (NamingException e) {
}
public boolean adminChangePassword(String sUserName, String sNewPassword){
//set password is a ldap modfy operation
//Replace the "unicdodePwd" attribute with a new value
String newQuotedPassword = """" + sNewPassword + """";
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes(sUserName, mods);
return true;
catch (NamingException e) {
}
System.out.println("Problem encoding password: " + e);
return false;
public boolean userChangePassword(String sUserName, String sOldPassword, String sNewPassword){
//StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
//change password is a single ldap modify operation
ModificationItem mods = new ModificationItem;
//Then add the new password,Passwords must be both Unicode and a quoted string
te oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
te newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes(sUserName, mods);
//tls.close();
}
System.err.println("Problem changing password: " + e);
catch (UnsupportedEncodingException e) {
} catch ( Exception e){
}
}
try {
Attributes attrs = new BasicAttributes(true);
//Note that Win2K3 will automagically create a random
attrs.put("objectClass","user");
attrs.put("cn","Alan Tang");
attrs.put("givenName","Alan");
attrs.put("displayName","Alan Tang");
attrs.put("userPrincipalName","alan-AT-joeyta.local");
attrs.put("telephoneNumber","123 456 789");
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
//Note that you need to create the user object before you can
//password, user AccountControl must be set to the following
//unwilling to perform.
// Create the context
System.out.println("Created disabled account for: " + sUserName);
//password and change the userAccountControl
//lets use StartTLS
//tls.negotiate();
//and we'll update the userAccountControl
//the first time they login
//Replace the "unicdodePwd" attribute with a new value
String newQuotedPassword = """P-AT-ssw0rd""";
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
// Perform the update
System.out.println("Set password & updated userccountControl");
try
ModificationItem member = new ModificationItem[1];
ctx.modifyAttributes(sGroupName,member);
}
System.err.println("Problem adding user to group: " + e);
//Could have put tls.close() prior to the group modification
//tls.close();
return true;
catch (NamingException e) {
}
System.err.println("Problem creating object: " + e);
return false;
public boolean addUserToGroup(LdapContext ctx, String userDN, String groupDN) {
ModificationItem mods = new ModificationItem[1];
System.out.println("Added user " + userDN + " to group " + groupDN);
} catch (NamingException ne){
}
public boolean removeUserFromGroup(LdapContext ctx, String userDN, String groupDN) {
ModificationItem mods = new ModificationItem[1];
System.out.println("Remove user " + userDN + " from group " + groupDN);
} catch (NamingException ne){
}
}
/***************************** LDAPClient.java *****************/package test.ldap;class LDAPClient {
// Could also use ldaps over port 636 to protect the communication to
// env.put(Context.SECURITY_PROTOCOL,"ssl") to the "server" code
String ldapurl = ldap://joeyserver.joeyta.local:636;
String sAdminUserName = "CN=Administrator,CN=Users,DC=joeyta,DC=local";
// String sUserName = "CN=peter lee,CN=Users,DC=joeyta,DC=local";
// String sUserName = peter@joeyta.local;
String sNewPassword = P@$$w0rd;
String sNewGroupName = "CN=test,CN=Users,DC=joeyta,DC=local";
// boolean IsAuthenticated = ctx.Authenticate(sUserName, sOldPassword); ctx.printUserAccountControl();
//boolean IsAdminSuccessChangePWD = ctx.adminChangePassword(sUserName,sNewPassword);
ctx.finito();
编辑推荐:
温馨提示:因考试政策、内容不断变化与调整,长理培训网站提供的以上信息仅供参考,如有异议,请考生以权威部门公布的内容为准! (责任编辑:长理培训)
点击加载更多评论>>