目录:
- 概述
- 基本操作
- 查询
- 添加
- 删除
- 修改属性
- 验证密码
[一]、概述
jldap 官网:http://www.openldap.org/jldap/
可以从官网下载源编译生成jar包,如果项目是用maven构建的,在pom.xml中增加如下内容即可:
|
1 2 3 4 5 6 7 |
<dependency> <groupId>com.novell.ldap</groupId> <artifactId>jldap</artifactId> <version>4.3</version> <type>jar</type> <scope>compile</scope> </dependency> |
[二]、基本操作
为了演示基本的操作,需要搭建个LDAP服务,有关openLDAP在windows上的安装配置可参见:http://www.micmiu.com/enterprise-app/sso/openldap-windows-config/ ,我配置好演示用的LDAP基本信息可见客户端截图:
1.查询
java代码:LDAPSearchDemo.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
package com.micmiu.ldap; import java.io.UnsupportedEncodingException; import java.util.Enumeration; import java.util.Iterator; import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPAttributeSet; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPSearchResults; import com.novell.ldap.util.Base64; /** * 查询条目示例 blog http://www.micmiu.com * * @author Michael * */ public class LDAPSearchDemo { /** * * @param args */ public static void main(String[] args) { String ldapHost = "localhost"; String loginDN = "cn=Manager,dc=micmiu,dc=com"; String password = "secret"; String searchBase = "dc=micmiu,dc=com"; String searchFilter = "objectClass=*"; int ldapPort = LDAPConnection.DEFAULT_PORT; // 查询范围 // SCOPE_BASE、SCOPE_ONE、SCOPE_SUB、SCOPE_SUBORDINATESUBTREE int searchScope = LDAPConnection.SCOPE_SUB; LDAPConnection lc = new LDAPConnection(); try { lc.connect(ldapHost, ldapPort); lc.bind(LDAPConnection.LDAP_V3, loginDN, password.getBytes("UTF8")); LDAPSearchResults searchResults = lc.search(searchBase, searchScope, searchFilter, null, false); while (searchResults.hasMore()) { LDAPEntry nextEntry = null; try { nextEntry = searchResults.next(); } catch (LDAPException e) { System.out.println("Error: " + e.toString()); if (e.getResultCode() == LDAPException.LDAP_TIMEOUT || e.getResultCode() == LDAPException.CONNECT_ERROR) { break; } else { continue; } } System.out.println("DN =: " + nextEntry.getDN()); System.out.println("|---- Attributes list: "); LDAPAttributeSet attributeSet = nextEntry.getAttributeSet(); Iterator<LDAPAttribute> allAttributes = attributeSet.iterator(); while (allAttributes.hasNext()) { LDAPAttribute attribute = allAttributes.next(); String attributeName = attribute.getName(); Enumeration<String> allValues = attribute.getStringValues(); if (null == allValues) { continue; } while (allValues.hasMoreElements()) { String value = allValues.nextElement(); if (!Base64.isLDIFSafe(value)) { // base64 encode and then print out value = Base64.encode(value.getBytes()); } System.out.println("|---- ---- " + attributeName + " = " + value); } } } } catch (LDAPException e) { System.out.println("Error: " + e.toString()); } catch (UnsupportedEncodingException e) { System.out.println("Error: " + e.toString()); } finally { try { if (lc.isConnected()) { lc.disconnect(); } } catch (Exception e) { e.printStackTrace(); } } } } |
运行结果:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
DN =: dc=micmiu,dc=com |---- Attributes list: |---- ---- dc = micmiu |---- ---- o = Michael Blog |---- ---- objectClass = domain |---- ---- objectClass = top DN =: ou=Developer,dc=micmiu,dc=com |---- Attributes list: |---- ---- description = Container for developer entries |---- ---- ou = Developer |---- ---- objectClass = organizationalUnit DN =: ou=Tester,dc=micmiu,dc=com |---- Attributes list: |---- ---- description = Container for test entries |---- ---- ou = Tester |---- ---- objectClass = organizationalUnit DN =: uid=Michael,ou=Developer,dc=micmiu,dc=com |---- Attributes list: |---- ---- userPassword = 111111 |---- ---- labeledURI = http://www.micmiu.com |---- ---- uid = Michael |---- ---- sn = Sun |---- ---- cn = Michael Sun |---- ---- mail = sjsky007@gmail.com |---- ---- objectClass = inetOrgPerson DN =: uid=Miumiu,ou=Tester,dc=micmiu,dc=com |---- Attributes list: |---- ---- userPassword = 111111 |---- ---- labeledURI = http://www.micmiu.com |---- ---- uid = Miumiu |---- ---- sn = Wu |---- ---- cn = Miumiu Wu |---- ---- objectClass = inetOrgPerson DN =: dc=app1,dc=micmiu,dc=com |---- Attributes list: |---- ---- dc = app1 |---- ---- o = Michael Demo |---- ---- objectClass = domain DN =: dc=app2,dc=micmiu,dc=com |---- Attributes list: |---- ---- dc = app2 |---- ---- o = Michael Demo |---- ---- objectClass = domain DN =: ou=Demo,dc=app1,dc=micmiu,dc=com |---- Attributes list: |---- ---- description = Container for Demo entries |---- ---- ou = Developer |---- ---- ou = Demo |---- ---- objectClass = organizationalUnit DN =: ou=Demo,dc=app2,dc=micmiu,dc=com |---- Attributes list: |---- ---- description = Container for Demo entries |---- ---- ou = Developer |---- ---- ou = Demo |---- ---- objectClass = organizationalUnit DN =: uid=michael,ou=Demo,dc=app1,dc=micmiu,dc=com |---- Attributes list: |---- ---- userPassword = 111111 |---- ---- labeledURI = http://www.micmiu.com |---- ---- uid = michael |---- ---- sn = Sun |---- ---- cn = Michael Sun |---- ---- mail = sjsky007@gmail.com |---- ---- objectClass = inetOrgPerson DN =: uid=hazel,ou=Demo,dc=app1,dc=micmiu,dc=com |---- Attributes list: |---- ---- userPassword = 111111 |---- ---- labeledURI = http://www.micmiu.com |---- ---- uid = hazel |---- ---- sn = Wu |---- ---- cn = Hazel Wu |---- ---- objectClass = inetOrgPerson DN =: uid=michael,ou=Demo,dc=app2,dc=micmiu,dc=com |---- Attributes list: |---- ---- userPassword = 111111 |---- ---- labeledURI = http://www.micmiu.com |---- ---- uid = michael |---- ---- sn = Sun |---- ---- cn = Michael Sun |---- ---- mail = sjsky007@gmail.com |---- ---- objectClass = inetOrgPerson DN =: uid=hazel,ou=Demo,dc=app2,dc=micmiu,dc=com |---- Attributes list: |---- ---- userPassword = 111111 |---- ---- labeledURI = http://www.micmiu.com |---- ---- uid = hazel |---- ---- sn = Wu |---- ---- cn = Hazel Wu |---- ---- objectClass = inetOrgPerson |
查询结果和客户端查询出的信息一致。
2.添加
java代码:LDAPAddEntry.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
package com.micmiu.ldap; import java.io.UnsupportedEncodingException; import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPAttributeSet; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; /** * 添加新条目的示例 * blog http://www.micmiu.com * * @author Michael * */ public class LDAPAddEntry { /** * * @param args */ public static void main(String[] args) { String ldapHost = "localhost"; String loginDN = "cn=Manager,dc=micmiu,dc=com"; String password = "secret"; String containerName = "dc=micmiu,dc=com"; int ldapPort = LDAPConnection.DEFAULT_PORT; int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = new LDAPConnection(); LDAPAttributeSet attributeSet = new LDAPAttributeSet(); attributeSet.add(new LDAPAttribute("objectclass", new String( "inetOrgPerson"))); attributeSet.add(new LDAPAttribute("cn", "Wukong Sun")); attributeSet.add(new LDAPAttribute("sn", "Sun")); attributeSet.add(new LDAPAttribute("mail", "sjsky007@gmail.com")); attributeSet.add(new LDAPAttribute("labeledURI", "http://www.micmiu.com")); attributeSet.add(new LDAPAttribute("userPassword", "111111")); attributeSet.add(new LDAPAttribute("uid", "addnew")); String dn = "uid=addnew,ou=Developer,"+containerName; LDAPEntry newEntry = new LDAPEntry(dn, attributeSet); try { lc.connect(ldapHost, ldapPort); lc.bind(ldapVersion, loginDN, password.getBytes("UTF8")); System.out.println("login ldap server successfully."); lc.add(newEntry); System.out.println("Added object: " + dn + " successfully."); } catch (LDAPException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { System.out.println("Error: " + e.toString()); } finally { try { if (lc.isConnected()) { lc.disconnect(); } } catch (Exception e) { e.printStackTrace(); } } } } |
运行结果:
|
1 2 |
login ldap server successfully. Added object: uid=addnew,ou=Developer,dc=micmiu,dc=com successfully. |
客户端刷新后的截图:
3.删除
java代码:LDAPDeleteEntry.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
package com.micmiu.ldap; import java.io.UnsupportedEncodingException; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPException; /** * 删除条目的示例 * blog http://www.micmiu.com * * @author Michael * */ public class LDAPDeleteEntry { /** * @param args */ public static void main(String[] args) { String ldapHost = "localhost"; String loginDN = "cn=Manager,dc=micmiu,dc=com"; String password = "secret"; String deleteDN = "uid=addnew,ou=Developer,dc=micmiu,dc=com"; int ldapPort = LDAPConnection.DEFAULT_PORT; int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = new LDAPConnection(); try { lc.connect(ldapHost, ldapPort); lc.bind(ldapVersion, loginDN, password.getBytes("UTF8")); lc.delete(deleteDN); System.out.println(" delete Entry: " + deleteDN + " success."); lc.disconnect(); } catch (LDAPException e) { if (e.getResultCode() == LDAPException.NO_SUCH_OBJECT) { System.err.println("Error: No such object"); } else if (e.getResultCode() == LDAPException.INSUFFICIENT_ACCESS_RIGHTS) { System.err.println("Error: Insufficient rights"); } else { System.err.println("Error: " + e.toString()); } } catch (UnsupportedEncodingException e) { System.out.println("Error: " + e.toString()); } finally { try { if (lc.isConnected()) { lc.disconnect(); } } catch (Exception e) { e.printStackTrace(); } } } } |
运行结果:
|
1 |
delete Entry: uid=addnew,ou=Developer,dc=micmiu,dc=com success. |
在刷新客户端后发现刚新增加的条目:addnew 已经被删除了。
4.修改属性
java代码:LDAPAddEntry.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
package com.micmiu.ldap; import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.Date; import java.util.List; import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPModification; /** * 修改操作示例 * blog http://www.micmiu.com * * @author Michael * */ public class LDAPModifyAttrs { /** * @param args */ public static void main(String[] args) { String ldapHost = "localhost"; String loginDN = "cn=Manager,dc=micmiu,dc=com"; String password = "secret"; String modifyDN = "uid=Michael,ou=Developer,dc=micmiu,dc=com"; int ldapPort = LDAPConnection.DEFAULT_PORT; int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = new LDAPConnection(); List<LDAPModification> modList = new ArrayList<LDAPModification>(); // Add a new value to the description attribute String desc = "This object was modified at " + new Date(); LDAPAttribute attribute = new LDAPAttribute("description", desc); modList.add(new LDAPModification(LDAPModification.ADD, attribute)); attribute = new LDAPAttribute("telephoneNumber", "180-8888-xxxx"); modList.add(new LDAPModification(LDAPModification.ADD, attribute)); // Replace the labeledURI address with a new value attribute = new LDAPAttribute("labeledURI", "www.micmiu.com"); modList.add(new LDAPModification(LDAPModification.REPLACE, attribute)); // delete the email attribute attribute = new LDAPAttribute("mail"); modList.add(new LDAPModification(LDAPModification.DELETE, attribute)); LDAPModification[] mods = new LDAPModification[modList.size()]; mods = (LDAPModification[]) modList.toArray(mods); try { lc.connect(ldapHost, ldapPort); lc.bind(ldapVersion, loginDN, password.getBytes("UTF8")); lc.modify(modifyDN, mods); System.out .println("LDAPAttribute add、replace、delete all successful."); } catch (LDAPException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { System.out.println("Error: " + e.toString()); } finally { try { if (lc.isConnected()) { lc.disconnect(); } } catch (Exception e) { e.printStackTrace(); } } } } |
修改后客户端查询到的信息截图如下:
5.验证密码
java代码:LDAPVerifyPassword.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
package com.micmiu.ldap; import java.io.UnsupportedEncodingException; import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPException; /** * 验证密码的示例 * blog http://www.micmiu.com * * @author Michael * */ public class LDAPVerifyPassword { /** * @param args */ public static void main(String[] args) { String ldapHost = "localhost"; String loginDN = "cn=Manager,dc=micmiu,dc=com"; String password = "secret"; String verifyDN = "uid=Michael,ou=Developer,dc=micmiu,dc=com"; String verifyPassword = "111111"; int ldapPort = LDAPConnection.DEFAULT_PORT; int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = new LDAPConnection(); try { lc.connect(ldapHost, ldapPort); lc.bind(ldapVersion, loginDN, password.getBytes("UTF8")); LDAPAttribute attr = new LDAPAttribute("userPassword", verifyPassword); boolean correct = lc.compare(verifyDN, attr); System.out.println(correct ? "The password is correct.^_^" : "The password is incorrect.!!!"); } catch (LDAPException e) { e.printStackTrace(); if (e.getResultCode() == LDAPException.NO_SUCH_OBJECT) { System.err.println("Error: No such entry"); } else if (e.getResultCode() == LDAPException.NO_SUCH_ATTRIBUTE) { System.err.println("Error: No such attribute"); } else { System.err.println("Error: " + e.toString()); } } catch (UnsupportedEncodingException e) { System.err.println("Error: " + e.toString()); } finally { try { if (lc.isConnected()) { lc.disconnect(); } } catch (Exception e) { e.printStackTrace(); } } } } |
运行结果:
|
1 |
The password is correct.^_^ |
验证密码成功。
—-
原创文章,转载请注明: 转载自micmiu – 软件开发+生活点滴[ http://www.micmiu.com/ ]
你好。这边OU下的人员有移动方法吗?比如uid=s从OU=Ser下移动到OU=red下
你好,按照你这个安装openldap成功了呢,非常感谢。想请问一下,知道怎么将openldap数据的变化同步到mysql吗,或者怎么去实时检测openldap数据的变化呢
请问下jldap是否能将密码加密后存储呢?按照作者的方法存储的userPassword是明文
看到LZ这篇文真的太感动了,最近正在做LDAP的项目,但是我实在是有点水,不知道要怎么从官网下载源编译生成jar包?还希望LZ能解答下。
密码比较用 compare不合适,密码如果加过密了你这就没用了。
你应该把加密之后的结果做compare,这个和加不加密么有直接关系
请问如果该属性存在了,若用LDAPModification.ADD,会出异常还是直接覆盖?
应该是覆盖,这个你实际测试下就值得结果了
请问ldaps怎么访问?
我不同理解你的问题,你是指有什么工具么?
刚学LDAP,看了LZ的这几篇文章,很是受用。网上找了一圈,没有找到这个JLDAP是怎么对查询数据分页的,LZ是否可指点一二,不胜感激。
不好意思 这个我真没有实现的,不过之前看到有文章介绍分页查询和排序的,你可以搜索下
哥们,ldap分页查询实现了么,悬赏回复
楼主,如果一台电台启动了ldap的服务器,局域网里的另一台电脑想对服务器进行操作,有没有什么好的建议啊
如果不自己编码,可以有很多客户端工具啊 比如我的 图文介绍openLDAP在windows上的安装配置
中有介绍了个java编写的客户端工具