java - 为创建 AD 帐户编写的 Java 代码但发生 LDAP 异常
问题描述
为 AD 帐户创建编写的 Java 代码,但发生了 LDAP 异常,例如 LDAP 安全上下文错误,有时 LdapErr:DSID-0C0910B5,注释:发生属性转换操作豁免错误。
然后它连接到我的域:成功状态:false javax.naming.directory.NoSuchAttributeException:[LDAP:错误代码 16 - 00000057:LdapErr:DSID-0C0910B5,注释:属性转换操作出错,数据 0,v4563
你能帮我纠正这个问题吗?以下列出了我写的课程
package com.mycom.mysys.ActiveDirectory;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class NewUser_Test {
private static final String DOMAIN_ROOT = "OU=Mycomname Bank,DC=TESTAD,DC=LOCAL";
private String userName, firstName, lastName, password, organisationUnit;
private LdapContext context;
private Hashtable hashtable;
public static void main(String[] args) {
try {
NewUser_Test tst = new NewUser_Test("ACMYCOM1494", "Athuru", "Liyanage", "peLa071it", "OU=Information Technology,OU=HO,OU=Users");
boolean b = tst.addUser();
System.out.println("Status : " + b);
} catch (Exception e) {
e.printStackTrace();
}
}
public NewUser_Test(String userName, String firstName, String lastName, String password, String organisationUnit) {
this.userName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.password = password;
this.organisationUnit = organisationUnit;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, "mysys" + "@TESTAD.LOCAL");
env.put(Context.SECURITY_CREDENTIALS, "FCMycom1982@it");
env.put(Context.PROVIDER_URL, "ldap://10.0.8.1:389");
try {
this.context = new InitialLdapContext(env, null);
System.out.println("connect to my domain: success");
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addUser() throws NamingException {
// Create a container set of attributes
Attributes container = new BasicAttributes();
// Create the objectclass to add
Attribute objClasses = new BasicAttribute("user");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
// Assign the username, first name, and last name
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName + "@TESTAD.LOCAL");
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
Attribute displayName = new BasicAttribute("displayName", "Athuru Liyanage");
//User Account Options lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
int UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000;
Attribute accountOption = new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION));
// Add password
Attribute userPassword = new BasicAttribute("userpassword", password);
Attribute email = new BasicAttribute("mail", "AthuruL@TESTAD.LOCAL");
Attribute designation = new BasicAttribute("title", "Junior Executive - Marketing / Credit");
// Add these to the container
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
container.put(accountOption);
container.put(userPassword);
container.put(displayName);
container.put(email);
container.put(designation);
// Create the entry
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
private static String getUserDN(String aUsername, String aOU) {
return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
}
}
解决方案
我看到了两个危险信号。第一的:
Attribute accountOption = new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION));
该userAccountControl属性是一个数字,但您正在为其分配一个字符串。你不需要在Integer.toString这里使用。您还指定UF_PASSWD_NOTREQD告诉它该帐户不需要密码,但是您正在分配密码?
这给我们带来了密码:
Attribute userPassword = new BasicAttribute("userpassword", password);
在 AD 中设置密码是一件很奇怪的事情。如果您的域设置为允许,则从技术上讲,设置userPassword属性可以工作。如果是这样,该代码应该可以工作。如果不是,那么您将不得不使用实际的密码属性 ,unicodePwd这有点难以设置,因为它需要一种非常特殊的格式:它必须用引号括起来并以 UTF-16 编码。这里有一个如何做到这一点的例子。例如:
String quotedPassword = "\"" + password + "\"";
char unicodePwd[] = quotedPassword.toCharArray();
byte pwdArray[] = new byte[unicodePwd.length * 2];
for (int i = 0; i < unicodePwd.length; i++)
{
pwdArray[i * 2 + 1] = (byte) (unicodePwd[i] >>> 8);
pwdArray[i * 2 + 0] = (byte) (unicodePwd[i] & 0xff);
}
然后你可以设置unicodePwd为pwdArray:
Attribute userPassword = new BasicAttribute("unicodePwd", pwdArray);
推荐阅读
- php - 教义 flush() 导致“意外的 EOF”
- loadrunner - 如何在 LoadRunner 中进行关联
- python - 根据 Python 中变量的内容选择文件
- angular - 如何在@ngrx/data 中对 EntityCollectionServiceBase 进行单元测试?如何测试@ngrx/data 服务?
- css - css Flex 流体宽度
- python - 如何在 django web 应用程序上制作 Adsense
- java - 在 apache poi 中使用条件格式锁定/解锁单元格
- domain-driven-design - 我可以在子实体中引用另一个聚合根吗?
- android - flutter stream_chat 版本解决失败
- node.js - 无法将打字稿添加到反应项目