/**
* @Title: ladpAdd.java
* @Package com.hc.ladp
* @Description: TODO
* @author
* @date 2018年7月28日 下午1:45:36
* @version V1.0
*/
package com.hc.ladp;
import java.util.Properties;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
public class AddAdUser {
private static final String SUN_JNDI_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";
public static void main(String[] args) throws Exception {
String keystore = "C:\\Program Files (x86)\\Java\\jdk1.8.0_60\\jre\\lib\\security\\cacerts_citicso2";
System.setProperty("javax.net.ssl.trustStore", keystore);
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, SUN_JNDI_PROVIDER);// java.naming.factory.initial
env.put(Context.PROVIDER_URL, "ldaps://192.168.1.109:636");// java.naming.provider.url
env.put(Context.SECURITY_AUTHENTICATION, "simple");// java.naming.security.authentication
env.put(Context.SECURITY_PRINCIPAL, "cn=Administrator,cn=Users,dc=hfbupt,dc=com");// java.naming.security.principal
env.put(Context.SECURITY_CREDENTIALS, "1qaz@wsx");// java.naming.security.credentials
env.put(Context.SECURITY_PROTOCOL, "ssl");
String userName = "CN=hanfeng,CN=Users,DC=hfbupt,DC=com";
String userName="CN=hanfeng,OU=OU,DC=citicso,DC=com";
String groupName = "CN=Users,DC=hfbupt,DC=com";
LdapContext ctx = new InitialLdapContext(env, null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
// These are the mandatory attributes for a user object
// Note that Win2K3 will automagically create a random
// samAccountName if it is not present. (Win2K does not)
attrs.put("objectClass", "user");
attrs.put("sAMAccountName", "hantest");
attrs.put("cn", "hantest");
// These are some optional (but useful) attributes
attrs.put("sn", "hantest");
attrs.put("displayName", "hantest");
attrs.put("description", "00001h");
attrs.put("userPrincipalName", "test@ixmsoft.com");
attrs.put("mail", "test@ixmsoft.com");
attrs.put("telephoneNumber", "1234568999");
// some useful constants from lmaccess.h
// int UF_ACCOUNTDISABLE = 0x0002; //禁用账户
int UF_ACCOUNTDISABLE = 66048;
int UF_PASSWD_NOTREQD = 0x0020; //用户不能修改密码
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200; //正常用户
int UF_DONT_EXPIRE_PASSWD = 0x10000; //密码永不过期
int UF_PASSWORD_EXPIRED = 0x800000; //密码已经过期
// Note that you need to create the user object before you can
// set the password. Therefore as the user is created with no
// password, user AccountControl must be set to the following
// otherwise the Win2K3 password filter will return error 53
// unwilling to perform.
attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT
+ UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
ModificationItem[] mods = new ModificationItem[2];
// Replace the "unicdodePwd" attribute with a new value
// Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000@\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("userAccountControl", Integer
.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
// now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName, member);
System.out.println("Added user to group: " + groupName);
} catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
}
// Could have put tls.close() prior to the group modification
// but it seems to screw up the connection or context ?
ctx.close();
System.out.println("Successfully created User: " + userName);
}
}
- 1
- 2
前往页