1. 搭建了ldap伺服器
- 下載下傳openldap伺服器軟體(見附件):openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
- 安裝openldap,一路next就可以了。 預設安裝位置:C:\Program Files\OpenLDAP
- 修改C:\Program Files\OpenLDAP\slapd.conf裡的内容
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
改成
suffix "dc=it,dc=com"
rootdn "cn=Manager,dc=it,dc=com"
- 密碼修改
修改C:\Program Files\OpenLDAP\slapd.conf裡的内容: rootpw secret
(可用簡單模式,即明文密碼如附件,也可用MD5方式加密)
MD5加密方式:
C:\Program Files\OpenLDAP>slappasswd -h {MD5} -s secret
{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
将加密結果{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==替換原有的簡單密碼,替換後slapd.conf檔案為:
rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
- 修改C:\Program Files\OpenLDAP\slapd.conf檔案
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=it, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
配置參考附件中的ldap.conf和slapd.conf
- 啟動openldap服務
C:\Program Files\OpenLDAP>slapd -d 1
2. 手動錄入資料
第一步是要建立DN
# ldapadd -x -D 'cn=root,dc=it,dc=com' -W
dn: dc=it,dc=com
objectClass: dcObject
objectClass: organization
dc: it
o: Corporation
description: d Corporation
第二步是建立RDN:
# ldapadd -x -D 'cn=root,dc=it,dc=com' -W
dn: uid=qq,dc=it,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail:[email protected]
3. 資料錄入--導入ldif檔案
C:\Program Files\OpenLDAP>ldapadd -x -D "cn=root,dc=it,dc=com" -W -f test.ldif
test.ldif必須在LDAP安裝目錄下,即C:\Program Files\OpenLDAP
4. Java JNDI操作LDAP
- 建立連接配接
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.LdapName;
public class LdapTest {
public LdapTest() {
}
public static void main(String[] args) {
String root = "dc=it,dc=com"; // root
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost/" + root);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=it,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "secret");
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
System.out.println("認證成功");
} catch (javax.naming.AuthenticationException e) {
e.printStackTrace();
System.out.println("認證失敗");
} catch (Exception e) {
System.out.println("認證出錯:");
e.printStackTrace();
}
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
// ignore
}
}
System.exit(0);
}
}
- 添加記錄
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class JNDIAdd {
public static void main(String args[]) {
try {
String root = "dc=it,dc=com"; // root
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost/" + root);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=it,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "secret");
// 添加方式1 直接綁定對象
DirContext ctx = new InitialDirContext(env);
Person p = new Person("mewilcox", "Mark");
ctx.bind("cn=mnewilcox1", p);
// end 添加方式1
// 添加方式 2 綁定屬性
BasicAttributes attrs = new BasicAttributes();
BasicAttribute objclassSet = new BasicAttribute("objectClass");
// objclassSet.add("person");//可以省略
// objclassSet.add("organizationalPerson");//可以省略
objclassSet.add("inetOrgPerson");// 不可省略
attrs.put(objclassSet);
attrs.put("uid", "admin5");
attrs.put("cn", "admin5");
attrs.put("sn", "admin5");
// 添加一個節點,createSubcontext方法的第一個屬性的值是要修改的節點的不包含rootDN的DN
ctx.createSubcontext("uid=admin5", attrs);
// end 添加方式 2
ctx.close();
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
}
Person.java
import java.io.Serializable;
import java.rmi.Remote;
import java.util.Date;
//在RMI中綁JNDI的限制是,綁定的對象必須是Remote類型
class Person implements Remote, Serializable {
private static final long serialVersionUID = -8592182872966400365L;
private String name;
private String pass;
public Person() {
}
public Person(String name, String pass) {
this.name = name;
this.pass = pass;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPass() {
return pass;
}
public void setPass(String pass) {
this.pass = pass;
}
public String toString() {
return "name=" + this.getName() + "&pass=" + this.getPass();
}
}
// 在RMI中綁JNDI的限制是,綁定的對象必須是Remote類型
// 外部擴充,可以内部擴充也可以外部擴充
class RemoteDate extends Date implements Remote {
};
- 查詢記錄
import java.util.Enumeration;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class JNDISearch {
// Initial context implementation
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
public static String MY_HOST = "ldap://localhost:389";
public static String MY_SEARCHBASE = "dc=it,dc=com";
public static String MY_FILTER = "(cn=*)";
public static void main(String args[]) {
try {
Hashtable env = new Hashtable();
// Specify which class to use for our JNDI provider
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
// Specify host and port to use for directory service
env.put(Context.PROVIDER_URL, MY_HOST);
// Get a reference to a directory context
DirContext ctx = new InitialDirContext(env);
// Specify the scope of the search
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Perform the actual search
// We give it a searchbase, a filter and a the constraints
// containing the scope of the search
NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER,
constraints);
// Now step through the search results
while (results != null && results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
String dn = sr.getName();
System.out.println("Distinguished Name is " + dn);
Attributes attrs = sr.getAttributes();
for (NamingEnumeration ne = attrs.getAll(); ne
.hasMoreElements();) {
Attribute attr = (Attribute) ne.next();
String attrID = attr.getID();
System.out.println(attrID + ": ");
for (Enumeration vals = attr.getAll(); vals
.hasMoreElements();) {
System.out.println("\t " + vals.nextElement());
}
}
System.out.println("\n ");
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
}
- 删除記錄
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class JNDIDel {
// initial context implementation
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
public static String MY_HOST = "ldap://localhost:389/";
public static String MGR_DN = "uid=Manager,dc=it,dc=com";
public static String MGR_PW = "677992";
public static String MY_SEARCHBASE = "dc=it,dc=com";
public static String MY_ENTRY = "uid=qq1,dc=it,dc=com";
public static void main(String args[]) {
try {
String root = "dc=it,dc=com"; // root
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=it,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "secret");
// Get a reference to a directory context
DirContext ctx = new InitialDirContext(env);
ctx.destroySubcontext(MY_ENTRY);
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
}