4
我有一个带有活动目录的windows server 2008R2。 我想创建一个Java程序,允许08/15用户添加新用户到本AD。用Java创建活动目录用户时遇到麻烦
我发现了一个[示例] [1]在oracle论坛和修改它为我的AD:
package model;
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
public class NewUser2 {
public static void main(String[] args) {
Hashtable<String,String> env = new Hashtable<String, String>();
String adminName = "CN=Administrator,CN=Users,DC=Dom215-01,DC=local";
String adminPassword = "g18";
String userName = "CN=Foo Bar,OU=Schueler,DC=Dom215-01,DC=local";
String groupName = "OU=Schueler,DC=Dom215-01,DC=local";
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
// connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://10.18.215.112");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env, null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "Schueler");
attrs.put("samAccountName", "FooBar");
attrs.put("cn", "Foo Bar");
// These are some optional (but useful) attributes
attrs.put("givenName", "Foo");
attrs.put("sn", "Bar");
attrs.put("displayName", "Foo Bar");
attrs.put("description", "Test Subject");
/*
attrs.put("userPrincipalName", "[email protected]");
attrs.put("mail", "[email protected]");
attrs.put("telephoneNumber", "999 123 4567");
*/
// some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put(
"userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD
+ UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
StartTlsResponse tls = (StartTlsResponse) ctx
.extendedOperation(new StartTlsRequest());
tls.negotiate();
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT
+ UF_PASSWORD_EXPIRED)));
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
try {
ModificationItem member[] = new ModificationItem[1];
member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName, member);
System.out.println("Added user to group: " + groupName);
} catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
}
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
catch (IOException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
}
一切正常,到目前为止,但是,当它试图创建符合结果对象76它崩溃与NoSuchAttributeException
和LDAP错误代码16(没有这样的属性)。 我试过用户名字符串和属性的各种修改,但没有任何帮助。
有没有人有一个想法,为什么会出现此错误?
很高兴你工作。海事组织你的测试输入的选择是真的不专业... –
呃...你是对的。我今天过得不好。我会编辑 – Demnogonis
是的..你可以发布你的解决方案作为答案,不要编辑它的问题。我已经回滚了,所以你可以做到这一点。你可以在这里找到它的历史:http://stackoverflow.com/posts/8176001/revisions – Kev