使用JNDI启用/禁用Active Directory用户

时间:2015-06-03 13:44:24

标签: java active-directory ldap jndi

我无法找到有关如何使用JNDI在Active Directory中启用或禁用用户的信息。这是LDAP上下文创建者,并启用/禁用我到目前为止组合的用户方法......

  namespace XmlAbstractSerialisationTest
  {
   using System;
   using System.Collections.Generic;
   using System.IO;
   using System.Reflection;
   using System.Xml.Serialization;

   class Program
   {
       static void Main(string[] args)
       {
           // Write
           List<Foo> data = new List<Foo>{
               new Foo{
                   ParentData = "a",
                   Child = new Bar1{
                       Id = 0,
                       Name = "hello",
                       Extra1 = "boo",
                       Extra2 = "good"
                   }
               },
               new Foo{
                   ParentData = "b",
                   Child = new Bar2{
                       Id = 0,
                       Name = "hello",
                       Extra1 = "boo",
                       Extra2 = 123
                   }
               }
           };

           XmlSerializer xs = new XmlSerializer(typeof(List<Foo>));
           using (FileStream fs = new FileStream("test.xml", FileMode.Create, FileAccess.Write))
           {
               xs.Serialize(fs, data);
           }

           // Read
           List<Foo> newData;
           using (FileStream fs = new FileStream("test.xml", FileMode.Open, FileAccess.Read))
           {
               newData = xs.Deserialize(fs) as List<Foo>;
           }
       }
   }

   public class Foo : IXmlSerializable
   {
       public string ParentData { get; set; }

       public BaseBar Child { get; set; }

       public System.Xml.Schema.XmlSchema GetSchema()
       {
           throw new System.NotImplementedException();
       }

       public void ReadXml(System.Xml.XmlReader reader)
       {
           reader.Read();
           reader.Read();
           ParentData = reader.Value;
           reader.Read();
           reader.Read();

           Assembly ass = Assembly.LoadFile(@"[Full path to assembly]");
           Child = ass.CreateInstance(reader.Name) as BaseBar;
           reader.Read();
           XmlSerializer xs = new XmlSerializer(Child.GetType());
           Child = xs.Deserialize(reader) as BaseBar;
           reader.Read();
           reader.Read();
       }

       public void WriteXml(System.Xml.XmlWriter writer)
       {
           writer.WriteElementString("ParentData", ParentData);

           writer.WriteStartElement(Child.GetType().FullName);

           XmlSerializer xs = new XmlSerializer(Child.GetType());
           xs.Serialize(writer, Child);

           writer.WriteEndElement();
       }
   }

   [Serializable]
   public abstract class BaseBar
   {
       [XmlElement]
       public int Id { get; set; }

       [XmlElement]
       public string Name { get; set; }
   }

   [Serializable]
   public class Bar1 : BaseBar
   {
       [XmlElement]
       public string Extra1 { get; set; }

       [XmlElement]
       public string Extra2 { get; set; }
   }

   [Serializable]
   public class Bar2 : BaseBar
   {
       [XmlElement]
       public string Extra1 { get; set; }

       [XmlElement]
       public int Extra2 { get; set; }
   }

  }

但我不确定我计算private static final String USER_ACCOUNT_CONTROL_ATTRIBUTE = "userAccountControl"; private static final int UF_ACCOUNTDISABLE = 0x2; public static LdapContext getLdapContext(String host, int port, String username, String password) throws NamingException { Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.REFERRAL, "ignore"); env.put("com.sun.jndi.ldap.connect.pool", "false"); env.put("com.sun.jndi.ldap.connect.timeout", "60000"); // Wait up to 1 minute for pooled connection before timing out env.put(Context.SECURITY_PRINCIPAL, username); env.put(Context.SECURITY_CREDENTIALS, password); env.put("java.naming.ldap.attributes.binary", "tokenGroups"); env.put("java.naming.ldap.attributes.binary", "objectSID"); LdapContext ctx = new InitialLdapContext(env, null); return ctx; } public static void enableUser(LdapContext ctx, String dn) throws NamingException { int userAccountControlOrig = (int) ctx.getAttributes(dn).get(USER_ACCOUNT_CONTROL_ATTRIBUTE).get(); int userAccountControlValue = userAccountControlOrig & ~UF_ACCOUNTDISABLE; ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(USER_ACCOUNT_CONTROL_ATTRIBUTE,""+userAccountControlValue)); ctx.modifyAttributes(dn, mods); } public static void disableUser(LdapContext ctx, String dn) throws NamingException { int userAccountControlOrig = (int) ctx.getAttributes(dn).get(USER_ACCOUNT_CONTROL_ATTRIBUTE).get(); int userAccountControlValue = userAccountControlOrig | UF_ACCOUNTDISABLE; ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(USER_ACCOUNT_CONTROL_ATTRIBUTE,""+userAccountControlValue)); ctx.modifyAttributes(dn, mods); } 属性的新值的逻辑是否正确。我认为推导出这种方法的正确方法是从LDAP Context对象中获取它,将其转换为userAccountControl,然后使用int UF_FLAG代码对其进行逻辑OR运算(在禁用的情况下)或者使用UF_ACCOUNTDISABLE UF_FLAG的反转对其进行逻辑与运算(在启用的情况下)。我的逻辑中是否需要进行任何更正,或者有更好的方法来实现此目的?不幸的是,关于这个主题here的另一篇文章没有透露任何编码逻辑细节。

0 个答案:

没有答案