Java AD域插入用户和密码修改

/** * @Title: ladpAdd.java * @Package com.hc.ladp * @Description: TODO * @author * @date 2018年7月28日 下午1:45:36 * @version V1.0 */ package com.hc.ladp; import java.util.Properties; import javax.naming.*; import javax.naming.ldap.*; import javax.naming.directory.*; public class AddAdUser { private static final String SUN_JNDI_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory"; public static void main(String[] args) throws Exception { String keystore = "C:\\Program Files (x86)\\Java\\jdk1.8.0_60\\jre\\lib\\security\\cacerts_citicso2"; System.setProperty("javax.net.ssl.trustStore", keystore); Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, SUN_JNDI_PROVIDER);// java.naming.factory.initial env.put(Context.PROVIDER_URL, "ldaps://192.168.1.109:636");// java.naming.provider.url env.put(Context.SECURITY_AUTHENTICATION, "simple");// java.naming.security.authentication env.put(Context.SECURITY_PRINCIPAL, "cn=Administrator,cn=Users,dc=hfbupt,dc=com");// java.naming.security.principal env.put(Context.SECURITY_CREDENTIALS, "1qaz@wsx");// java.naming.security.credentials env.put(Context.SECURITY_PROTOCOL, "ssl"); String userName = "CN=hanfeng,CN=Users,DC=hfbupt,DC=com"; String userName="CN=hanfeng,OU=OU,DC=citicso,DC=com"; String groupName = "CN=Users,DC=hfbupt,DC=com"; LdapContext ctx = new InitialLdapContext(env, null); // Create attributes to be associated with the new user Attributes attrs = new BasicAttributes(true); // These are the mandatory attributes for a user object // Note that Win2K3 will automagically create a random // samAccountName if it is not present. (Win2K does not) attrs.put("objectClass", "user"); attrs.put("sAMAccountName", "hantest"); attrs.put("cn", "hantest"); // These are some optional (but useful) attributes attrs.put("sn", "hantest"); attrs.put("displayName", "hantest"); attrs.put("description", "00001h"); attrs.put("userPrincipalName", "test@ixmsoft.com"); attrs.put("mail", "test@ixmsoft.com"); attrs.put("telephoneNumber", "1234568999"); // some useful constants from lmaccess.h // int UF_ACCOUNTDISABLE = 0x0002; //禁用账户 int UF_ACCOUNTDISABLE = 66048; int UF_PASSWD_NOTREQD = 0x0020; //用户不能修改密码 int UF_PASSWD_CANT_CHANGE = 0x0040; int UF_NORMAL_ACCOUNT = 0x0200; //正常用户 int UF_DONT_EXPIRE_PASSWD = 0x10000; //密码永不过期 int UF_PASSWORD_EXPIRED = 0x800000; //密码已经过期 // Note that you need to create the user object before you can // set the password. Therefore as the user is created with no // password, user AccountControl must be set to the following // otherwise the Win2K3 password filter will return error 53 // unwilling to perform. attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE)); // Create the context Context result = ctx.createSubcontext(userName, attrs); System.out.println("Created disabled account for: " + userName); ModificationItem[] mods = new ModificationItem[2]; // Replace the "unicdodePwd" attribute with a new value // Password must be both Unicode and a quoted string String newQuotedPassword = "\"Password2000@\""; byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE"); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword)); mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl", Integer .toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED))); // Perform the update ctx.modifyAttributes(userName, mods); System.out.println("Set password & updated userccountControl"); // now add the user to a group. try { ModificationItem member[] = new ModificationItem[1]; member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName)); ctx.modifyAttributes(groupName, member); System.out.println("Added user to group: " + groupName); } catch (NamingException e) { System.err.println("Problem adding user to group: " + e); } // Could have put tls.close() prior to the group modification // but it seems to screw up the connection or context ? ctx.close(); System.out.println("Successfully created User: " + userName); } }