Java代码写了AD账户的创建,但是出现了LDAP异常,比如LDAP安全上下文错误,有时还出现LdapErr。DSID-0C0910B5,注释。在属性转换操作中发生了豁免错误。
然后它连接到我的域: successStatus : falsejavax.naming.directory.NoSuchAttributeException: LDAP:错误代码16 - 00000057:LdapErr: DSID-0C0910B5,注释。在属性转换操作中出错,数据0,v4563。
请你帮我纠正一下这个问题。下面列出我写的类
package com.mycom.mysys.ActiveDirectory;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class NewUser_Test {
private static final String DOMAIN_ROOT = "OU=Mycomname Bank,DC=TESTAD,DC=LOCAL";
private String userName, firstName, lastName, password, organisationUnit;
private LdapContext context;
private Hashtable hashtable;
public static void main(String[] args) {
try {
NewUser_Test tst = new NewUser_Test("ACMYCOM1494", "Athuru", "Liyanage", "peLa071it", "OU=Information Technology,OU=HO,OU=Users");
boolean b = tst.addUser();
System.out.println("Status : " + b);
} catch (Exception e) {
e.printStackTrace();
}
}
public NewUser_Test(String userName, String firstName, String lastName, String password, String organisationUnit) {
this.userName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.password = password;
this.organisationUnit = organisationUnit;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, "mysys" + "@TESTAD.LOCAL");
env.put(Context.SECURITY_CREDENTIALS, "FCMycom1982@it");
env.put(Context.PROVIDER_URL, "ldap://10.0.8.1:389");
try {
this.context = new InitialLdapContext(env, null);
System.out.println("connect to my domain: success");
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addUser() throws NamingException {
// Create a container set of attributes
Attributes container = new BasicAttributes();
// Create the objectclass to add
Attribute objClasses = new BasicAttribute("user");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
// Assign the username, first name, and last name
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName + "@TESTAD.LOCAL");
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
Attribute displayName = new BasicAttribute("displayName", "Athuru Liyanage");
//User Account Options lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
int UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000;
Attribute accountOption = new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION));
// Add password
Attribute userPassword = new BasicAttribute("userpassword", password);
Attribute email = new BasicAttribute("mail", "[email protected]");
Attribute designation = new BasicAttribute("title", "Junior Executive - Marketing / Credit");
// Add these to the container
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
container.put(accountOption);
container.put(userPassword);
container.put(displayName);
container.put(email);
container.put(designation);
// Create the entry
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
private static String getUserDN(String aUsername, String aOU) {
return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
}
}
我看到有两个危险信号。首先,我看到了两个红旗。
Attribute accountOption = new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION));
第一: userAccountControl 属性是一个数字,但你给它分配了一个字符串。你不需要使用 Integer.toString 这里。你也在分配 UF_PASSWD_NOTREQD 来告诉它这个账户不需要密码,但你却要分配一个密码?
这就涉及到密码的问题了。
Attribute userPassword = new BasicAttribute("userpassword", password);
在AD中,设置密码是一件很奇怪的事情。严格来说,设置 userPassword 属性可以工作,如果你的域名被设置为允许它。如果是这样的话,这段代码应该可以用。如果不行,那么你就必须使用实际的密码属性。unicodePwd这一点比较难设置,因为它需要一个非常特殊的格式:它必须用引号括起来,并以UTF-16编码。有一个例子 此处 的方法。比如说。
String quotedPassword = "\"" + password + "\"";
char unicodePwd[] = quotedPassword.toCharArray();
byte pwdArray[] = new byte[unicodePwd.length * 2];
for (int i = 0; i < unicodePwd.length; i++)
{
pwdArray[i * 2 + 1] = (byte) (unicodePwd[i] >>> 8);
pwdArray[i * 2 + 0] = (byte) (unicodePwd[i] & 0xff);
}
那么你可以设置 unicodePwd 到 pwdArray:
Attribute userPassword = new BasicAttribute("unicodePwd", pwdArray);