gpt4 book ai didi

为创建 AD 帐户编写了 Java 代码,但发生 LDAP 异常

转载 作者:行者123 更新时间:2023-12-01 16:44:00 26 4
gpt4 key购买 nike

为创建 AD 帐户而编写的 Java 代码,但发生 LDAP 异常,例如 LDAP 安全上下文错误,有时 LdapErr: DSID-0C0910B5,注释:发生属性转换操作豁免错误。

然后它连接到我的域:成功状态:假javax.naming.directory.NoSuchAttributeException: [LDAP: 错误代码 16 - 00000057: LdapErr: DSID-0C0910B5,注释:属性转换操作中出错,数据 0,v4563

您能帮我解决这个问题吗?下面列出了我写的类

package com.mycom.mysys.ActiveDirectory;

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class NewUser_Test {

private static final String DOMAIN_ROOT = "OU=Mycomname Bank,DC=TESTAD,DC=LOCAL";

private String userName, firstName, lastName, password, organisationUnit;
private LdapContext context;
private Hashtable hashtable;

public static void main(String[] args) {
try {

NewUser_Test tst = new NewUser_Test("ACMYCOM1494", "Athuru", "Liyanage", "peLa071it", "OU=Information Technology,OU=HO,OU=Users");
boolean b = tst.addUser();
System.out.println("Status : " + b);

} catch (Exception e) {
e.printStackTrace();
}
}

public NewUser_Test(String userName, String firstName, String lastName, String password, String organisationUnit) {

this.userName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.password = password;
this.organisationUnit = organisationUnit;

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, "mysys" + "@TESTAD.LOCAL");
env.put(Context.SECURITY_CREDENTIALS, "FCMycom1982@it");
env.put(Context.PROVIDER_URL, "ldap://10.0.8.1:389");

try {
this.context = new InitialLdapContext(env, null);
System.out.println("connect to my domain: success");
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}

}

public boolean addUser() throws NamingException {

// Create a container set of attributes
Attributes container = new BasicAttributes();

// Create the objectclass to add
Attribute objClasses = new BasicAttribute("user");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");

// Assign the username, first name, and last name
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName + "@TESTAD.LOCAL");
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
Attribute displayName = new BasicAttribute("displayName", "Athuru Liyanage");

//User Account Options lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
int UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000;

Attribute accountOption = new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION));
// Add password
Attribute userPassword = new BasicAttribute("userpassword", password);
Attribute email = new BasicAttribute("mail", "AthuruL@TESTAD.LOCAL");
Attribute designation = new BasicAttribute("title", "Junior Executive - Marketing / Credit");

// Add these to the container
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
container.put(accountOption);
container.put(userPassword);
container.put(displayName);
container.put(email);
container.put(designation);

// Create the entry
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}

private static String getUserDN(String aUsername, String aOU) {
return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
}
}

最佳答案

我看到两个危险信号。第一:

Attribute accountOption = new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION));

userAccountControl 属性是一个数字,但您要为其分配一个字符串。您不需要在此处使用Integer.toString。您还分配 UF_PASSWD_NOTREQD 来告诉它该帐户不需要密码,但随后您要分配密码?

这给我们带来了密码:

Attribute userPassword = new BasicAttribute("userpassword", password);

在AD中设置密码是一件奇怪的事情。技术上设置 userPassword如果您的域设置允许,属性就可以工作。如果是这样,该代码应该可以工作。如果没有,那么您必须使用实际的密码属性 unicodePwd ,设置起来有点困难,因为它需要非常特定的格式:它必须用引号引起来并以 UTF-16 编码。有一个例子here如何做到这一点。例如:

String quotedPassword = "\"" + password + "\"";
char unicodePwd[] = quotedPassword.toCharArray();
byte pwdArray[] = new byte[unicodePwd.length * 2];
for (int i = 0; i < unicodePwd.length; i++)
{
pwdArray[i * 2 + 1] = (byte) (unicodePwd[i] >>> 8);
pwdArray[i * 2 + 0] = (byte) (unicodePwd[i] & 0xff);
}

然后您可以将 unicodePwd 设置为 pwdArray:

Attribute userPassword = new BasicAttribute("unicodePwd", pwdArray);

关于为创建 AD 帐户编写了 Java 代码,但发生 LDAP 异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61811693/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com