JAVA_基本LDAP操作实例
程序员文章站
2023-12-18 15:59:22
一、简介
lightweight directory access protocol (ldap),轻型目录访问协议是一个访问在线目录服务的协议。下面的例子中简单介绍在...
一、简介
lightweight directory access protocol (ldap),轻型目录访问协议是一个访问在线目录服务的协议。下面的例子中简单介绍在java中队ldap的增删该查功能。目录结构为:
cd=cas,dc=mydc
--cn=users
----uid=zhangsan
二、示例
1、通过ldapcontext连接ldap
复制代码 代码如下:
/**
* 连接ldap
*/
@suppresswarnings({ "rawtypes", "unchecked" })
public ldapcontext connetldap() throws namingexception {
// 连接ldap需要的信息
string ldapfactory = "com.sun.jndi.ldap.ldapctxfactory";
string ldapurl = "ldap:/ip:port";// url
string ldapaccount = "cn=root"; // 用户名
string ldappwd = "password";//密码
hashtable env = new hashtable();
env.put(context.initial_context_factory, ldapfactory);
// ldap server
env.put(context.provider_url, ldapurl);
env.put(context.security_authentication, "simple");
env.put(context.security_principal, ldapaccount);
env.put(context.security_credentials, ldappwd);
env.put("java.naming.referral", "follow");
ldapcontext ctxtds = new initialldapcontext(env, null);
return ctxtds;
}
2、增加用户zhangsan
复制代码 代码如下:
// 添加
public void testadd() throws exception {
ldapcontext ctx = connetldap();
attributes attrs = new basicattributes(true);
attribute objclass = new basicattribute("objectclass");
// 添加objectclass
string[] attrobjectclassperson = { "inetorgperson", "organizationalperson", "person", "top" };
arrays.sort(attrobjectclassperson);
for (string ocp : attrobjectclassperson) {
objclass.add(ocp);
}
attrs.put(objclass);
string uid = "zhangsan";
string userdn = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc";
// 密码处理
// attrs.put("uid", uid);
attrs.put("cn", uid);
attrs.put("sn", uid);
attrs.put("displayname", "张三");
attrs.put("mail", "abc@163.com");
attrs.put("description", "");
attrs.put("userpassword", "passw0rd".getbytes("utf-8"));
ctx.createsubcontext(userdn, attrs);
}
3、删除用户zhangsan
复制代码 代码如下:
//删除
public void testremove() throws exception {
ldapcontext ctx = connetldap();
string uid = "zhangsan";
string userdn = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc";
ctx.destroysubcontext(userdn);
}
4、修改zhangsan的邮件地址
复制代码 代码如下:
//修改
public boolean testmodify() throws exception {
boolean result = true;
ldapcontext ctx = connetldap();
string uid = "zhangsan";
string userdn = "uid=" + uid + "," + "cn=users,dc=cas,dc=mydc";
attributes attrs = new basicattributes(true);
attrs.put("mail", "zhangsan@163.com");
ctx.modifyattributes(userdn, dircontext.replace_attribute, attrs);
return result;
}
5、查找用户
复制代码 代码如下:
//查询
public void testsearch() throws exception {
ldapcontext ctx = connetldap();
// 设置过滤条件
string uid = "zhangsan";
string filter = "(&(objectclass=top)(objectclass=organizationalperson)(uid=" + uid + "))";
// 限制要查询的字段内容
string[] attrpersonarray = { "uid", "userpassword", "displayname", "cn", "sn", "mail", "description" };
searchcontrols searchcontrols = new searchcontrols();
searchcontrols.setsearchscope(searchcontrols.subtree_scope);
// 设置将被返回的attribute
searchcontrols.setreturningattributes(attrpersonarray);
// 三个参数分别为:
// 上下文;
// 要搜索的属性,如果为空或 null,则返回目标上下文中的所有对象;
// 控制搜索的搜索控件,如果为 null,则使用默认的搜索控件
namingenumeration<searchresult> answer = ctx.search("cn=users,dc=cas,dc=mydc", filter.tostring(), searchcontrols);
// 输出查到的数据
while (answer.hasmore()) {
searchresult result = answer.next();
namingenumeration<? extends attribute> attrs = result.getattributes().getall();
while (attrs.hasmore()) {
attribute attr = attrs.next();
system.out.println(attr.getid() + "=" + attr.get());
}
system.out.println("============");
}
}