4
我是一名初学者,尝试在Active Directory中实现Java客户端。到目前为止,我写了下面的代码:如何通过Java客户端在Active Directory中创建新用户并将其添加到Active Directory中
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class NewUser {
public static void main(String[] args) {
NewUser user = new NewUser("aaa", "bbb", "ccc", "orgunit");
try {
System.out.print(user.addUser());
} catch (NamingException e) {
e.printStackTrace();
}
}
private static final String DOMAIN_NAME = "whatever";
private static final String DOMAIN_ROOT = "dc=xyz"; // ?
private static final String ADMIN_NAME = "CN=Administrator,CN=Users,DC=xyz,DC=xyz";
private static final String ADMIN_PASS = "xxxxxxx";
private static final String DOMAIN_URL = "ldap://xxx.xxx.xx.xx:389";
private String userName, firstName, lastName, organisationUnit;
private LdapContext context;
public NewUser(String userName, String firstName, String lastName, String organisationUnit) {
this.userName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.organisationUnit = organisationUnit;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
this.context = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addUser() throws NamingException {
Attributes container = new BasicAttributes();
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName
+ "@" + DOMAIN_NAME);
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
private static String getUserDN(String aUsername, String aOU) {
return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
}
}
所有我需要的是创建和添加一个用户。
我有以下错误:
javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID 031007F3, data 0, 1 access points
ref 1: 'xyz'
]; remaining name 'cn=bbb ccc,ou=orgunit,dc=xyz'
我觉得你的代码的几个问题。您需要在Active Directory中使用“unicodePwd”而非userPassword。在Active Directory中设置密码时,您还必须使用LDAPS。这可能有所帮助:http://ldapwiki.willeke.com/wiki/Set%20Active%20Directory%20Password%20From%20Java – jwilleke 2013-04-30 10:25:14
@jeemster谢谢。那么让我们假设我不需要任何密码。我在我的帖子中编辑了代码。我仍然有同样的问题。这个字符串似乎有问题:'cn = bbb ccc,ou = orgunit,abc.xyz.xyz'。它不应该看起来像'cn = bbb ccc,ou = orgunit,SOMETHING_HERE = abc.xyz.xyz'? – ruhungry 2013-04-30 11:11:46
我也改变了DOMAIN_ROOT,现在我得到了以下错误:'javax.naming.PartialResultException:[LDAP:error code 10 - 0000202B:RefErr:DSID-031007F3,data 0,1 access points \t ref 1:'xyz' ];剩余的名称'cn = bbb ccc,ou = orgunit,dc = xyz'我如何检查服务器,如果我提供的直流电是正确的? – ruhungry 2013-04-30 12:04:56