java 在 Active Directory LDAP 中添加具有密码的用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4322243/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Adding a user with a password in Active Directory LDAP
提问by
this is my first time on StackOverflow, I hope I will get some responses here. I am using Windows Active Directory 2008 to store new user from java using the spring-ldap api
这是我第一次在 StackOverflow 上,我希望我能在这里得到一些回应。我正在使用 Windows Active Directory 2008 使用 spring-ldap api 从 java 存储新用户
My problem is that I am unable to add user with password. I read somewhere that in AD to set a password, I should use the unicodePwdattribute. Source:
http://geekswithblogs.net/lance/archive/2005/08/19/LdapAuthenticationASP.aspx
我的问题是我无法使用密码添加用户。我在 AD 中的某处读到设置密码,我应该使用该unicodePwd属性。来源:http:
//geekswithblogs.net/lance/archive/2005/08/19/LdapAuthenticationASP.aspx
public void insertContact(ContactDTO contactDTO) {
try{
Attributes personAttributes = new BasicAttributes();
BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
personBasicAttribute.add("person");
personBasicAttribute.add("user");
personAttributes.put(personBasicAttribute);
personAttributes.put("givenName", contactDTO.getCommonName());
personAttributes.put("cn", contactDTO.getCommonName());
personAttributes.put("sn", contactDTO.getLastName());
personAttributes.put("description", contactDTO.getDescription());
personAttributes.put("unicodePwd",
this.createUnicodePassword(contactDTO.getPassword()) );
personAttributes.put("userPrincipalName", contactDTO.getUserLoginName());
personAttributes.put("sAMAccountName", contactDTO.getsAMAccountName());
personAttributes.put("displayname", contactDTO.getDisplayname());
// personAttributes.put( "pwdLastSet", "0" );
// personAttributes.put( "LockOutTime", "0" );
personAttributes.put("userAccountControl", "544");
BasicAttribute roomAttribute = new BasicAttribute("roomNumber");
for(String r : contactDTO.getRoomNumber())
{
roomAttribute.add(r);
}
personAttributes.put(roomAttribute);
DistinguishedName newContactDN = new DistinguishedName();
newContactDN.add("cn", contactDTO.getCommonName());
ldapTemplate.bind(newContactDN, null, personAttributes);
}
public byte[] createUnicodePassword(String password){
return toUnicodeBytes(doubleQuoteString(password));
}
private byte[] toUnicodeBytes(String str){
byte[] unicodeBytes = null;
try{
byte[] unicodeBytesWithQuotes = str.getBytes("Unicode");
unicodeBytes = new byte[unicodeBytesWithQuotes.length - 2];
System.arraycopy(unicodeBytesWithQuotes, 2, unicodeBytes, 0,
unicodeBytesWithQuotes.length - 2);
} catch(UnsupportedEncodingException e){
// This should never happen.
e.printStackTrace();
}
return unicodeBytes;
}
private String doubleQuoteString(String str){
StringBuffer sb = new StringBuffer();
sb.append("\"");
sb.append(str);
sb.append("\"");
return sb.toString();
}
but it given me error code 53
但它给了我错误代码 53
enter code here: org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0
i not know how i set user password in AD. i also read some where to set unicodePwd we need SSL if this required than how i can do it. is there any alternative to solve this issue please help me
我不知道如何在 AD 中设置用户密码。我还阅读了一些设置 unicodePwd 的地方,如果需要,我们需要 SSL,而不是我如何做到这一点。有没有其他方法可以解决这个问题,请帮助我
回答by David Gelhar
Yes, the WILL_NOT_PERFORM error is AD telling you that you need to use an SSL connection to set the password.
是的,WILL_NOT_PERFORM 错误是 AD 告诉您需要使用 SSL 连接来设置密码。
To make an SSL connection, you need to use a URL that looks like: ldaps://your.ldap.server:636(note the "ldaps"). If you get a certificate validation error, you'll need to use "keytool" to import the AD server's certificate into your Java keystore, so your Java application recognizes the certificate as valid.
要建立 SSL 连接,您需要使用如下所示的 URL:(ldaps://your.ldap.server:636注意“ldaps”)。如果您收到证书验证错误,您需要使用“keytool”将 AD 服务器的证书导入您的 Java 密钥库,以便您的 Java 应用程序将证书识别为有效。
