将用户与Active Directory LDAP密码 [英] Adding a user with a password in Active Directory LDAP
问题描述
这是我第一次在StackOverflow的,我希望我会得到一些回应在这里。 我使用Windows Active Directory的2008采用弹簧LDAP API来存储从Java新用户
this is my first time on StackOverflow, I hope I will get some responses here. I am using Windows Active Directory 2008 to store new user from java using the spring-ldap api
我的问题是我无法用密码添加用户。我读的地方,在公元设置密码,我应该使用 UNI codePWD 属性。资源:
http://geekswithblogs.net/lance/archive/2005/08/19 /LdapAuthenticationASP.aspx
My problem is that I am unable to add user with password. I read somewhere that in AD to set a password, I should use the unicodePwd attribute. Source:
http://geekswithblogs.net/lance/archive/2005/08/19/LdapAuthenticationASP.aspx
public void insertContact(ContactDTO contactDTO) {
try{
Attributes personAttributes = new BasicAttributes();
BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
personBasicAttribute.add("person");
personBasicAttribute.add("user");
personAttributes.put(personBasicAttribute);
personAttributes.put("givenName", contactDTO.getCommonName());
personAttributes.put("cn", contactDTO.getCommonName());
personAttributes.put("sn", contactDTO.getLastName());
personAttributes.put("description", contactDTO.getDescription());
personAttributes.put("unicodePwd",
this.createUnicodePassword(contactDTO.getPassword()) );
personAttributes.put("userPrincipalName", contactDTO.getUserLoginName());
personAttributes.put("sAMAccountName", contactDTO.getsAMAccountName());
personAttributes.put("displayname", contactDTO.getDisplayname());
// personAttributes.put( "pwdLastSet", "0" );
// personAttributes.put( "LockOutTime", "0" );
personAttributes.put("userAccountControl", "544");
BasicAttribute roomAttribute = new BasicAttribute("roomNumber");
for(String r : contactDTO.getRoomNumber())
{
roomAttribute.add(r);
}
personAttributes.put(roomAttribute);
DistinguishedName newContactDN = new DistinguishedName();
newContactDN.add("cn", contactDTO.getCommonName());
ldapTemplate.bind(newContactDN, null, personAttributes);
}
public byte[] createUnicodePassword(String password){
return toUnicodeBytes(doubleQuoteString(password));
}
private byte[] toUnicodeBytes(String str){
byte[] unicodeBytes = null;
try{
byte[] unicodeBytesWithQuotes = str.getBytes("Unicode");
unicodeBytes = new byte[unicodeBytesWithQuotes.length - 2];
System.arraycopy(unicodeBytesWithQuotes, 2, unicodeBytes, 0,
unicodeBytesWithQuotes.length - 2);
} catch(UnsupportedEncodingException e){
// This should never happen.
e.printStackTrace();
}
return unicodeBytes;
}
private String doubleQuoteString(String str){
StringBuffer sb = new StringBuffer();
sb.append("\"");
sb.append(str);
sb.append("\"");
return sb.toString();
}
但它给我的错误code 53
but it given me error code 53
enter code here: org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0
我不知道我在AD中设置用户密码。我也看了一些地方,设置单向codePWD我们需要的,如果这个要求比我怎么能做到这一点的SSL。没有任何的替代解决这个问题,请大家帮我
i not know how i set user password in AD. i also read some where to set unicodePwd we need SSL if this required than how i can do it. is there any alternative to solve this issue please help me
推荐答案
是的,WILL_NOT_PERFORM错误是公元告诉你,你需要使用SSL连接来设置密码。
Yes, the WILL_NOT_PERFORM error is AD telling you that you need to use an SSL connection to set the password.
要建立SSL连接时,您需要使用,看起来像一个网址: LDAPS://your.ldap.server:636 (注意LDAPS) 。如果你得到一个证书验证错误,你需要使用密钥工具导入AD服务器的证书到Java密钥库,让您的Java应用程序识别的证书是有效的。
To make an SSL connection, you need to use a URL that looks like: ldaps://your.ldap.server:636 (note the "ldaps"). If you get a certificate validation error, you'll need to use "keytool" to import the AD server's certificate into your Java keystore, so your Java application recognizes the certificate as valid.
这篇关于将用户与Active Directory LDAP密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
