1. casa
  2. Domanda e risposta
  3. Come eliminare l'utente in Active Directory utilizzando Java

Come eliminare l'utente in Active Directory utilizzando Java

2013-03-13 11 views
6

Ho implementato le funzionalità per abilitare, creare e disabilitare l'utente in AD. Devo anche assicurarmi di poter cancellare l'utente in AD utilizzando Java. Di seguito sono riportati alcuni codici correlati, qualcuno può farmi sapere come eliminare l'utente in AD? Preferisco usare il codice java originale per implementarlo.Come eliminare l'utente in Active Directory utilizzando Java

import java.io.IOException; 
import java.io.UnsupportedEncodingException; 
import java.util.ArrayList; 
import java.util.Hashtable; 
import java.util.List; 

import javax.naming.Context; 
import javax.naming.NamingEnumeration; 
import javax.naming.NamingException; 
import javax.naming.directory.Attribute; 
import javax.naming.directory.Attributes; 
import javax.naming.directory.BasicAttribute; 
import javax.naming.directory.BasicAttributes; 
import javax.naming.directory.DirContext; 
import javax.naming.directory.ModificationItem; 
import javax.naming.directory.SearchControls; 
import javax.naming.directory.SearchResult; 
import javax.naming.ldap.Control; 
import javax.naming.ldap.InitialLdapContext; 
import javax.naming.ldap.LdapContext; 
import javax.naming.ldap.PagedResultsControl; 
import javax.naming.ldap.PagedResultsResponseControl; 

public class LDAPTool { 

/** 
* 
* @param attrs 
* @param propertyName 
* @return the value of the property. 
*/ 
public static String getString(Attributes attrs, String propertyName) { 
    String value = ""; 

    if (null != attrs) { 
     Attribute attr = attrs.get(propertyName); 
     if (null != attr) { 
      value = String.valueOf(attr); 
      value = value.substring(value.indexOf(": ") + 2).trim(); 
     } 
    } 

    return value; 
} 

/** 
* 
* @param host 
* @param port 
* @param username 
* @param password 
* @return 
* @return true if passed the authenticate, or else false. 
* @throws NamingException 
*/ 
public static void authenticate(String host, int port, String username, String password) 
     throws NamingException { 

    LdapContext ctx = getLdapContext(host, port, username, password); 
    if(null != ctx){ 
     ctx.close(); 
    } 

} 

/** 
* 
* @param host 
*   host name or IP address 
* @param port 
*   port for LDAP protocol 
* @param username 
* @param password 
* @return the LDAP context 
* @throws NamingException 
*/ 
public static LdapContext getLdapContext(String host, int port, String username, String password) 
     throws NamingException { 

    Hashtable<String, String> env = new Hashtable<String, String>(); 

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
    env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port); 
    env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
    env.put(Context.SECURITY_PRINCIPAL, username); 
    env.put(Context.SECURITY_CREDENTIALS, password); 
    env.put("java.naming.ldap.attributes.binary", "tokenGroups"); 
    env.put("java.naming.ldap.attributes.binary", "objectSID"); 

    LdapContext ctx = new InitialLdapContext(env, null); 
    return ctx; 
} 
public static boolean isDisabled(LdapContext ctx, String username, String baseDn) throws NamingException, IOException { 

    boolean disabled = false; 

    String filter = "sAMAccountName=" + username; 
    SearchControls searchCtls = new SearchControls(); 
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); 

    searchCtls.setCountLimit(1); 

    searchCtls.setTimeLimit(0); 

    // We want 500 results per request. 
    ctx.setRequestControls(new Control[] { new PagedResultsControl(1, 
      Control.CRITICAL) }); 

    // We only want to retrieve the "distinguishedName" attribute. 
    // You can specify other attributes/properties if you want here. 
    String returnedAtts[] = { "userAccountControl" }; 
    searchCtls.setReturningAttributes(returnedAtts); 

    NamingEnumeration<SearchResult> answer = ctx.search(baseDn, filter, 
      searchCtls); 

    // Loop through the search results. 
    if (answer.hasMoreElements()) { 
     SearchResult sr = answer.next(); 
     Attributes attr = sr.getAttributes(); 
     long userAccountControl = Long.parseLong(getString(attr, returnedAtts[0])); 
     if(isDisabled(userAccountControl)){ 
      disabled = true; 
     } 
    } 
    return disabled; 

} 

/** 
* Remove the user from group. 
* 
* @param ctx 
* @param userDn 
* @param groupDn 
* @return 
* @throws NamingException 
* @throws Exception 
*/ 
public static void removeFromGroup(LdapContext ctx, String userDn, String groupDn) 
     throws NamingException { 

    ModificationItem[] mods = new ModificationItem[1]; 
    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", userDn)); 
    ctx.modifyAttributes(groupDn, mods); 

} 

/** 
* Disable the account 
* 
* @param ctx 
* @param dn 
* @throws NamingException 
*/ 
public static void disableUser(LdapContext ctx, String dn) 
     throws NamingException { 

    ModificationItem[] mods = new ModificationItem[1]; 
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
      new BasicAttribute(USER_ACCOUNT_CONTROL_ATTR_NAME, 
        ""+USER_CONTROL_VALUE_DISABLED)); 
    ctx.modifyAttributes(dn, mods); 

} 
}

Grazie.

fonte

2013-03-13 53iScott

risposta

5

Per rimuovere l'utente dal contesto è necessario utilizzare le funzionalità javax.naming.Context#unbind.

Quindi il metodo dovrebbe essere simile al seguente:

/** 
* Remove the account 
* 
* @param ctx 
* @param dn 
* @throws NamingException 
*/ 
public static void removeUser(LdapContext ctx, String dn) throws NamingException { 
    ctx.unbind(dn); //that's all 
}

Ecco piccolo esempio: http://www.java2s.com/Code/Java/JNDI-LDAP/howtoremoveabinding.htm

fonte

2013-03-13 08:57:53 n1ckolas

+0

Grazie, funziona ! – 53iScott

2

L'esempio seguente elimina una voce utilizzando i UnboundID LDAP SDK:

try { 
    final LDAPConnection ldapConnection = 
     new LDAPConnection(hostname,port,bindDN,bindPassword); 
    final DeleteRequest deleteRequest = 
     new DeleteRequest("cn=entry to delete,dc=example,dc=com"); 
    try { 
     LDAPResult deleteResult = connection.delete(deleteRequest); 
     System.out.println("The entry was successfully deleted."); 
    } catch (LDAPException le) { 
     // The delete request failed 
    } finally { 
     ldapConnection.close(); 
    } 
} catch(final LDAPException ex) { 
    // failed to connect to to the server 
}

fonte

2013-03-13 09:29:19

+0

Grazie mille! Ho riscontrato un problema con NOT_ALLOWED_ON_NONLEAF. Un registro CNF che non potevo cancellare. tuttavia, ho usato il deleteRequest.addControl (new SubtreeDeleteRequestControl()); e ha funzionato perfettamente Cheers! – Jaimoto

Problemi correlati

 Problemi correlati