一、LDAP概念
LDAP的全称为Lightweight Directory Access Protocol(轻量级目录访问协议), 基于X.500标准, 支持 TCP/IP。
LDAP目录为数据库,通过LDAP服务器(相当于DBMS)处理查询和更新, 以树状的层次结构来存储数据,相对关系型数据库, LDAP主要是优化数据读取的性能,适用于比较少改变、跨平台的信息。
二、Softerra LDAP Administrator
下载安装软件,并配置LDAP
DN:Distinguished Name 唯一标识一条记录的路径,Base DN为基准DN,指定LDAP search的起始DN,即从哪个DN下开始搜索,RDN为叶子结点本身的名字。
DC:Domain Component 一条记录所属区域
OU:Organization Unit 组织单元
CN/UID:一条记录的名字/ID
三、在JAVA中应用LDAP
1、spring配置文件
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="ldapcontextSource" />
</bean>
<bean id="ldapcontextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="${LdapConnHost}" /> <!—例: LdapConnHost=ldap://10.190.123.123 -->
<property name="userDn" value="${LdapConnUser}" /><!—例: LdapConnUser=cn=root -->
<property name="password" value="${LdapConnPwd}" /><!—例: LdapConnPwd=111111 -->
<property name="base" value="${LdapBaseDn}" /> <!—Base DN 例: LdapBaseDn=DC=FJTIC -->
<property name="pooled" value="false" />
</bean>
2、JAVA代码
package com.test.dao; import java.beans.PropertyDescriptor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import org.apache.commons.beanutils.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.OrFilter;
import org.springframework.stereotype.Component;
import com.surekam.model.Person;
import com.surekam.utils.DateCl;
import com.surekam.utils.StringUtil; @Component
public class UserDAOL {
@Autowired
private LdapTemplate ldapTemplate; /**
*
* @Description: 添加
*
*/
public boolean addPerson(Person person) {
boolean flag = false;
Name dn = buildUDn(person.getUid());
Attributes buildAddAttributes = buildAddAttributes(person);
ldapTemplate.bind(dn, null, buildAddAttributes);
flag = true;
return flag;
} /**
*
* @Description: 修改
*
*/
public boolean updatePerson(Person person) {
boolean flag = false;
Name dn = buildUDn(person.getUid());
ModificationItem[] modificationItem = buildModifyAttributes(person);
ldapTemplate.modifyAttributes(dn, modificationItem);
flag = true;
return flag;
} /**
*
* 多条件获取用户
*
*/
public List<Person> getPersonByOu(String ou, String level) {
AndFilter filter = new AndFilter();
OrFilter orFilter1 = new OrFilter();
if ("处级*".equals(level)) {
orFilter1.or(new EqualsFilter("cuadministrativelevels", "aa"));
orFilter1.or(new EqualsFilter("cuadministrativelevels", "bb"));
orFilter1.or(new EqualsFilter("cuadministrativelevels", "cc"));
orFilter1.or(new EqualsFilter("cuadministrativelevels", "dd"));
}
if ("普通员工".equals(level)) {
orFilter1.or(new EqualsFilter("cuadministrativelevels", "ee"));
orFilter1.or(new EqualsFilter("cuadministrativelevels", "ff"));
orFilter1.or(new EqualsFilter("cuadministrativelevels", "gg"));
}
OrFilter orFilter2 = new OrFilter();
orFilter2.or(new EqualsFilter("departmentnumber", ou));
orFilter2.or(new EqualsFilter("cutransferdnumber", ou));
filter.and(orFilter2);
filter.and(orFilter1);
System.out.println(filter.toString());
List<Person> list = ldapTemplate.search("cn=users,dc=hq", filter
.encode(), new PersonContextMapper());
return list;
} /**
*
* 生成用户DN
*
* @return uid=123455,cn=users,dc=hq
*/
private Name buildUDn(String urdn) {
DistinguishedName dn = new DistinguishedName("");
dn.add("dc", "hq");
dn.add("cn", "users");
dn.add("uid", urdn);
return dn;
} /**
*
* 组织查询结果
*
*/
public static class PersonContextMapper implements ContextMapper {
public Object mapFromContext(Object ctx) {
if (ctx == null)
return new Person();
DirContextAdapter context = (DirContextAdapter) ctx;
Person per = new Person();
Attributes attrs = context.getAttributes();
NamingEnumeration results = attrs.getAll();
Class c = per.getClass();
while (results.hasMoreElements()) {
try {
Attribute attr = (Attribute) results.next();
String value = attr.get().toString();
if (StringUtil.isNotEmpty(value)) {
String fieldName = attr.getID();
if ("objectclass".equals(fieldName.toLowerCase())) {
continue;
}
Field field = c.getDeclaredField(fieldName
.toLowerCase());
Class fieldClazz = field.getType();
/*
* 如果属性条数大于1,那就是多值属性 attr.getAttributeDefinition()
* 获取多值属性的方法没找到
*/
if (fieldClazz.isAssignableFrom(List.class)) { // 属性值数大于1
NamingEnumeration values = attr.getAll(); // 获取所有值
// LDAP中的多值属性只会是String类型
List<String> list = new ArrayList<String>();
while (values.hasMoreElements()) {
list.add(values.next().toString());
}
BeanUtils.setProperty(per, fieldName.toLowerCase(),
list);
} else {
// 普通属性
BeanUtils.setProperty(per, fieldName.toLowerCase(),
value);
}
}
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (InvocationTargetException e) {
e.printStackTrace();
} catch (NamingException e) {
e.printStackTrace();
} catch (SecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchFieldException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
per.setDn(context.getNameInNamespace());
return per;
}
} /**
*
* 组织添加数据数据
*
*/
@SuppressWarnings("unchecked")
private Attributes buildAddAttributes(Person p) {
Attributes attrs = new BasicAttributes();
BasicAttribute ocattr = new BasicAttribute("objectclass");
ocattr.add("top");
ocattr.add("person");
ocattr.add("organizationalPerson");
ocattr.add("inetOrgPerson");
ocattr.add("FJTicPerson");
attrs.put(ocattr);
Class c = p.getClass();
Field[] fields = c.getDeclaredFields();
for (int i = ; i < fields.length; i++) {
try {
Class fieldClazz = fields[i].getType();
String fieldName = fields[i].getName(); // 获得属性名
String fieldVlue = BeanUtils.getProperty(p, fieldName); // 获得属性值
/*
* 判断属性是否要过滤,例如修改时间之类的字段LDAP是没有的 判断属性值是否为空,在这里过滤了所有null和""
* 增加操作中不存在主动设置某个值为空的情况 所以只需要处理有值属性
*/
if (checkfieldName(fieldName) || StringUtil.isEmpty(fieldVlue))
continue;
/*
* 多值属性的处理 如果多值属性为空,那么增加的时候就不会增加值进去
*/
if (fieldClazz.isAssignableFrom(List.class)) { // 集合属性
BasicAttribute ocattr1 = new BasicAttribute(fieldName);
PropertyDescriptor pd = new PropertyDescriptor(fieldName, c);
Method getMethod = pd.getReadMethod();// 获得get方法
List list = (List) getMethod.invoke(p);// 执行get方法返回一个Object
for (Object object : list) {
ocattr1.add(object);
}
attrs.put(ocattr1);
} else {
attrs.put(fieldName, fieldVlue);
}
} catch (Exception e) {
e.printStackTrace();
}
}
return attrs; } /**
*
* 组织修改数据
*
*/
@SuppressWarnings("unchecked")
private ModificationItem[] buildModifyAttributes(Person p) {
ArrayList<ModificationItem> attrs = new ArrayList<ModificationItem>();
Class c = p.getClass();
Field[] fields = c.getDeclaredFields();
for (Field field : fields) {
try {
Class fieldClazz = field.getType();
String fieldName = field.getName(); // 获得属性名
String fieldValue = BeanUtils.getProperty(p, fieldName);
/*
* 判断属性是否要过滤,例如修改时间之类的字段LDAP是没有的 判断属性值是否为空,在这里过滤了所有null和""
* 要置空的属性通过识别特殊属性值:delAtr 在后面做重新置空操作
*/
if (checkfieldName(fieldName) || StringUtil.isEmpty(fieldValue))
continue;
BasicAttribute basicAttr = new BasicAttribute(fieldName);
/*
* 多值属性的处理 如果传递一个空的list,那么修改的时候就会清空多值属性 (new ArrayList<String>())
*/
if (fieldClazz.isAssignableFrom(List.class)) { // 如果是集合属性
PropertyDescriptor pd = new PropertyDescriptor(fieldName, c);
Method getMethod = pd.getReadMethod();// 获得get方法
List list = (List) getMethod.invoke(p);// 执行get方法返回一个Object
for (Object object : list) {
basicAttr.add(object);
}
} else {
/*
* 判断删除标记来对值进行置空 传递过来的对象中有些属性没有做修改就传递了"" 有些是要修改为 ""
* 所以在上面要过滤所有 "" 属性,避免将不修改的参数全都置空了 然后通过识别要修改参数的特有值来判断是否主动置空
* 如果add一个""进去,那么在LDAP中依然会显示
* 如果不给值,由BasicAttribute自动授予空值,那么在LDAP中就不显示了
*/
if ("delAtr".equals(fieldValue)) {
basicAttr.add(""); // 置空属性
} else {
basicAttr.add(fieldValue);// 有值属性
}
}
// 替换条目
attrs.add(new ModificationItem(
DirContextAdapter.REPLACE_ATTRIBUTE, basicAttr));
} catch (Exception e) {
e.printStackTrace();
}
}
return attrs.toArray(new ModificationItem[attrs.size()]);
} /**
*
* 过滤默认值字段
*
*/
private static boolean checkfieldName(String fieldName) {
String[] check = new String[] { "id", "status", "createtime",
"updatetime", "dn" };
for (int i = ; i < check.length; i++) {
if (check[i].equalsIgnoreCase(fieldName))
return true;
}
return false;
}
}
spring版
package com.smnpc.util; import java.util.Hashtable;
import java.util.Vector; import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext; /**
* Java通过Ldap操作AD的增删该查询
*
* @author guob
*/ public class LdapbyUser {
DirContext dc = null;
String root = "dc=example,dc=com"; // LDAP的根节点的DC /**
*
* @param dn类似于"CN=RyanHanson,dc=example,dc=com"
* @param employeeID是Ad的一个员工号属性
*/
public LdapbyUser(String dn, String employeeID) {
init();
// add();//添加节点
// delete("ou=hi,dc=example,dc=com");//删除"ou=hi,dc=example,dc=com"节点
// renameEntry("ou=new,o=neworganization,dc=example,dc=com","ou=neworganizationalUnit,o=neworganization,dc=example,dc=com");//重命名节点"ou=new,o=neworganization,dc=example,dc=com"
// searchInformation("dc=example,dc=com", "",
// "sAMAccountName=guob");//遍历所有根节点
modifyInformation(dn, employeeID);// 修改
// Ldapbyuserinfo("guob");//遍历指定节点的分节点
close();
} /**
*
* Ldap连接
*
* @return LdapContext
*/
public void init() {
Hashtable env = new Hashtable();
String LDAP_URL = "ldap://xxxx:389"; // LDAP访问地址
String adminName = "example\\user"; // 注意用户名的写法:domain\User或
String adminPassword = "userpassword"; // 密码
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, LDAP_URL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
try {
dc = new InitialDirContext(env);// 初始化上下文
System.out.println("认证成功");// 这里可以改成异常抛出。
} catch (javax.naming.AuthenticationException e) {
System.out.println("认证失败");
} catch (Exception e) {
System.out.println("认证出错:" + e);
}
} /**
* 添加
*/
public void add(String newUserName) {
try {
BasicAttributes attrs = new BasicAttributes();
BasicAttribute objclassSet = new BasicAttribute("objectClass");
objclassSet.add("sAMAccountName");
objclassSet.add("employeeID");
attrs.put(objclassSet);
attrs.put("ou", newUserName);
dc.createSubcontext("ou=" + newUserName + "," + root, attrs);
} catch (Exception e) {
e.printStackTrace();
System.out.println("Exception in add():" + e);
}
} /**
* 删除
*
* @param dn
*/
public void delete(String dn) {
try {
dc.destroySubcontext(dn);
} catch (Exception e) {
e.printStackTrace();
System.out.println("Exception in delete():" + e);
}
} /**
* 重命名节点
*
* @param oldDN
* @param newDN
* @return
*/
public boolean renameEntry(String oldDN, String newDN) {
try {
dc.rename(oldDN, newDN);
return true;
} catch (NamingException ne) {
System.err.println("Error: " + ne.getMessage());
return false;
}
} /**
* 修改
*
* @return
*/
public boolean modifyInformation(String dn, String employeeID) {
try {
System.out.println("updating...\n");
ModificationItem[] mods = new ModificationItem[];
/* 修改属性 */
// Attribute attr0 = new BasicAttribute("employeeID", "W20110972");
// mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
// attr0);
/* 删除属性 */
// Attribute attr0 = new BasicAttribute("description",
// "陈轶");
// mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
// attr0);
/* 添加属性 */
Attribute attr0 = new BasicAttribute("employeeID", employeeID);
mods[] = new ModificationItem(DirContext.ADD_ATTRIBUTE, attr0);
/* 修改属性 */
dc.modifyAttributes(dn + ",dc=example,dc=com", mods);
return true;
} catch (NamingException e) {
e.printStackTrace();
System.err.println("Error: " + e.getMessage());
return false;
}
} /**
* 关闭Ldap连接
*/
public void close() {
if (dc != null) {
try {
dc.close();
} catch (NamingException e) {
System.out.println("NamingException in close():" + e);
}
}
} /**
* @param base
* :根节点(在这里是"dc=example,dc=com")
* @param scope
* :搜索范围,分为"base"(本节点),"one"(单层),""(遍历)
* @param filter
* :指定子节点(格式为"(objectclass=*)",*是指全部,你也可以指定某一特定类型的树节点)
*/
public void searchInformation(String base, String scope, String filter) {
SearchControls sc = new SearchControls();
if (scope.equals("base")) {
sc.setSearchScope(SearchControls.OBJECT_SCOPE);
} else if (scope.equals("one")) {
sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);
} else {
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
}
NamingEnumeration ne = null;
try {
ne = dc.search(base, filter, sc);
// Use the NamingEnumeration object to cycle through
// the result set.
while (ne.hasMore()) {
System.out.println();
SearchResult sr = (SearchResult) ne.next();
String name = sr.getName();
if (base != null && !base.equals("")) {
System.out.println("entry: " + name + "," + base);
} else {
System.out.println("entry: " + name);
} Attributes at = sr.getAttributes();
NamingEnumeration ane = at.getAll();
while (ane.hasMore()) {
Attribute attr = (Attribute) ane.next();
String attrType = attr.getID();
NamingEnumeration values = attr.getAll();
Vector vals = new Vector();
// Another NamingEnumeration object, this time
// to iterate through attribute values.
while (values.hasMore()) {
Object oneVal = values.nextElement();
if (oneVal instanceof String) {
System.out.println(attrType + ": "
+ (String) oneVal);
} else {
System.out.println(attrType + ": "
+ new String((byte[]) oneVal));
}
}
}
}
} catch (Exception nex) {
System.err.println("Error: " + nex.getMessage());
nex.printStackTrace();
}
} /**
* 查询
*
* @throws NamingException
*/
public void Ldapbyuserinfo(String userName) {
// Create the search controls
SearchControls searchCtls = new SearchControls();
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = "sAMAccountName=" + userName;
// Specify the Base for the search 搜索域节点
String searchBase = "DC=example,DC=COM";
int totalResults = ;
String returnedAtts[] = { "url", "whenChanged", "employeeID", "name",
"userPrincipalName", "physicalDeliveryOfficeName",
"departmentNumber", "telephoneNumber", "homePhone", "mobile",
"department", "sAMAccountName", "whenChanged", "mail" }; // 定制返回属性 searchCtls.setReturningAttributes(returnedAtts); // 设置返回属性集 // searchCtls.setReturningAttributes(null); // 不定制属性,将返回所有的属性集 try {
NamingEnumeration answer = dc.search(searchBase, searchFilter,
searchCtls);
if (answer == null || answer.equals(null)) {
System.out.println("answer is null");
} else {
System.out.println("answer not null");
}
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
System.out
.println("************************************************");
System.out.println("getname=" + sr.getName());
Attributes Attrs = sr.getAttributes();
if (Attrs != null) {
try { for (NamingEnumeration ne = Attrs.getAll(); ne
.hasMore();) {
Attribute Attr = (Attribute) ne.next();
System.out.println("AttributeID="
+ Attr.getID().toString());
// 读取属性值
for (NamingEnumeration e = Attr.getAll(); e
.hasMore(); totalResults++) {
String user = e.next().toString(); // 接受循环遍历读取的userPrincipalName用户属性
System.out.println(user);
}
// System.out.println(" ---------------");
// // 读取属性值
// Enumeration values = Attr.getAll();
// if (values != null) { // 迭代
// while (values.hasMoreElements()) {
// System.out.println(" 2AttributeValues="
// + values.nextElement());
// }
// }
// System.out.println(" ---------------");
}
} catch (NamingException e) {
System.err.println("Throw Exception : " + e);
}
}
}
System.out.println("Number: " + totalResults);
} catch (Exception e) {
e.printStackTrace();
System.err.println("Throw Exception : " + e);
}
} /**
* 主函数用于测试
*
* @param args
*/
public static void main(String[] args) {
new LdapbyUser("CN=RyanHanson", "bbs.it-home.org");
}
}
普通实现(转载)