我无法找到有关如何使用JNDI在Active Directory中启用或禁用用户的信息。这是LDAP上下文创建者,并启用/禁用我到目前为止组合的用户方法......
namespace XmlAbstractSerialisationTest
{
using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Xml.Serialization;
class Program
{
static void Main(string[] args)
{
// Write
List<Foo> data = new List<Foo>{
new Foo{
ParentData = "a",
Child = new Bar1{
Id = 0,
Name = "hello",
Extra1 = "boo",
Extra2 = "good"
}
},
new Foo{
ParentData = "b",
Child = new Bar2{
Id = 0,
Name = "hello",
Extra1 = "boo",
Extra2 = 123
}
}
};
XmlSerializer xs = new XmlSerializer(typeof(List<Foo>));
using (FileStream fs = new FileStream("test.xml", FileMode.Create, FileAccess.Write))
{
xs.Serialize(fs, data);
}
// Read
List<Foo> newData;
using (FileStream fs = new FileStream("test.xml", FileMode.Open, FileAccess.Read))
{
newData = xs.Deserialize(fs) as List<Foo>;
}
}
}
public class Foo : IXmlSerializable
{
public string ParentData { get; set; }
public BaseBar Child { get; set; }
public System.Xml.Schema.XmlSchema GetSchema()
{
throw new System.NotImplementedException();
}
public void ReadXml(System.Xml.XmlReader reader)
{
reader.Read();
reader.Read();
ParentData = reader.Value;
reader.Read();
reader.Read();
Assembly ass = Assembly.LoadFile(@"[Full path to assembly]");
Child = ass.CreateInstance(reader.Name) as BaseBar;
reader.Read();
XmlSerializer xs = new XmlSerializer(Child.GetType());
Child = xs.Deserialize(reader) as BaseBar;
reader.Read();
reader.Read();
}
public void WriteXml(System.Xml.XmlWriter writer)
{
writer.WriteElementString("ParentData", ParentData);
writer.WriteStartElement(Child.GetType().FullName);
XmlSerializer xs = new XmlSerializer(Child.GetType());
xs.Serialize(writer, Child);
writer.WriteEndElement();
}
}
[Serializable]
public abstract class BaseBar
{
[XmlElement]
public int Id { get; set; }
[XmlElement]
public string Name { get; set; }
}
[Serializable]
public class Bar1 : BaseBar
{
[XmlElement]
public string Extra1 { get; set; }
[XmlElement]
public string Extra2 { get; set; }
}
[Serializable]
public class Bar2 : BaseBar
{
[XmlElement]
public string Extra1 { get; set; }
[XmlElement]
public int Extra2 { get; set; }
}
}
但我不确定我计算private static final String USER_ACCOUNT_CONTROL_ATTRIBUTE = "userAccountControl";
private static final int UF_ACCOUNTDISABLE = 0x2;
public static LdapContext getLdapContext(String host, int port, String username, String password) throws NamingException {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.REFERRAL, "ignore");
env.put("com.sun.jndi.ldap.connect.pool", "false");
env.put("com.sun.jndi.ldap.connect.timeout", "60000"); // Wait up to 1 minute for pooled connection before timing out
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put("java.naming.ldap.attributes.binary", "tokenGroups");
env.put("java.naming.ldap.attributes.binary", "objectSID");
LdapContext ctx = new InitialLdapContext(env, null);
return ctx;
}
public static void enableUser(LdapContext ctx, String dn) throws NamingException {
int userAccountControlOrig = (int) ctx.getAttributes(dn).get(USER_ACCOUNT_CONTROL_ATTRIBUTE).get();
int userAccountControlValue = userAccountControlOrig & ~UF_ACCOUNTDISABLE;
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(USER_ACCOUNT_CONTROL_ATTRIBUTE,""+userAccountControlValue));
ctx.modifyAttributes(dn, mods);
}
public static void disableUser(LdapContext ctx, String dn) throws NamingException {
int userAccountControlOrig = (int) ctx.getAttributes(dn).get(USER_ACCOUNT_CONTROL_ATTRIBUTE).get();
int userAccountControlValue = userAccountControlOrig | UF_ACCOUNTDISABLE;
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(USER_ACCOUNT_CONTROL_ATTRIBUTE,""+userAccountControlValue));
ctx.modifyAttributes(dn, mods);
}
属性的新值的逻辑是否正确。我认为推导出这种方法的正确方法是从LDAP Context对象中获取它,将其转换为userAccountControl
,然后使用int
UF_FLAG代码对其进行逻辑OR运算(在禁用的情况下)或者使用UF_ACCOUNTDISABLE
UF_FLAG的反转对其进行逻辑与运算(在启用的情况下)。我的逻辑中是否需要进行任何更正,或者有更好的方法来实现此目的?不幸的是,关于这个主题here的另一篇文章没有透露任何编码逻辑细节。