使用 Java 创建活动目录用户时遇到问题答案

【问题标题】：Trouble creating active directory users with Java使用 Java 创建活动目录用户时遇到问题
【发布时间】：2011-11-17 23:45:21
【问题描述】：

我有一个带有活动目录的 Windows Server 2008R2。我想创建一个 Java 程序，它允许 08/15 用户向此 AD 添加新用户。

我在 oracle 论坛中找到了一个 [example][1] 并为我的 AD 修改了它。：

package model;

import java.io.IOException;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;

public class NewUser2 {
public static void main(String[] args) {

    Hashtable<String,String> env = new Hashtable<String, String>();
    String adminName = "CN=Administrator,CN=Users,DC=Dom215-01,DC=local";
    String adminPassword = "g18";
    String userName = "CN=Foo Bar,OU=Schueler,DC=Dom215-01,DC=local";
    String groupName = "OU=Schueler,DC=Dom215-01,DC=local";

    env.put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");

    // set security credentials, note using simple cleartext authentication
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, adminName);
    env.put(Context.SECURITY_CREDENTIALS, adminPassword);

    // connect to my domain controller
    env.put(Context.PROVIDER_URL, "ldap://10.18.215.112");

    try {

        // Create the initial directory context
        LdapContext ctx = new InitialLdapContext(env, null);

        // Create attributes to be associated with the new user
        Attributes attrs = new BasicAttributes(true);

        attrs.put("objectClass", "Schueler");
        attrs.put("samAccountName", "FooBar");
        attrs.put("cn", "Foo Bar");

        // These are some optional (but useful) attributes
        attrs.put("givenName", "Foo");
        attrs.put("sn", "Bar");
        attrs.put("displayName", "Foo Bar");
        attrs.put("description", "Test Subject");

    /*  
        attrs.put("userPrincipalName", "asdf@asdf.com");
        attrs.put("mail", "sdaf@sdaf.com");
        attrs.put("telephoneNumber", "999 123 4567");
    */

        // some useful constants from lmaccess.h
        int UF_ACCOUNTDISABLE = 0x0002;
        int UF_PASSWD_NOTREQD = 0x0020;
        int UF_PASSWD_CANT_CHANGE = 0x0040;
        int UF_NORMAL_ACCOUNT = 0x0200;
        int UF_DONT_EXPIRE_PASSWD = 0x10000;
        int UF_PASSWORD_EXPIRED = 0x800000;

        attrs.put(
                "userAccountControl",
                Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD
                        + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));

        // Create the context
        Context result = ctx.createSubcontext(userName, attrs);
        System.out.println("Created disabled account for: " + userName);

        StartTlsResponse tls = (StartTlsResponse) ctx
                .extendedOperation(new StartTlsRequest());
        tls.negotiate();

        ModificationItem[] mods = new ModificationItem[2];

        String newQuotedPassword = "\"Password2000\"";
        byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

        mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
                new BasicAttribute("unicodePwd", newUnicodePassword));
        mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
                new BasicAttribute("userAccountControl",
                        Integer.toString(UF_NORMAL_ACCOUNT
                                + UF_PASSWORD_EXPIRED)));

        ctx.modifyAttributes(userName, mods);
        System.out.println("Set password & updated userccountControl");

        try {
            ModificationItem member[] = new ModificationItem[1];
            member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
                    new BasicAttribute("member", userName));

            ctx.modifyAttributes(groupName, member);
            System.out.println("Added user to group: " + groupName);

        } catch (NamingException e) {
            System.err.println("Problem adding user to group: " + e);
        }

        tls.close();
        ctx.close();

        System.out.println("Successfully created User: " + userName);

    } catch (NamingException e) {
        System.err.println("Problem creating object: ");
        e.printStackTrace();
    }

    catch (IOException e) {
        System.err.println("Problem creating object: ");
        e.printStackTrace();
    }
  }
}

到目前为止，一切看起来都还不错，但是当它尝试在第 76 行创建结果对象时，它会崩溃并出现 NoSuchAttributeException 和 LDAP 错误代码 16（没有此类属性）。我尝试了对用户名字符串和属性的各种修改，但没有任何帮助。

有人知道为什么会出现这个错误吗？

【问题讨论】：

很高兴你能正常工作。 IMO 你选择的测试输入真的很不专业......
嗯...你是对的。我今天过得不好。我会编辑那个
是的..您可以将您的解决方案作为答案发布，不要将其编辑到问题中。我已将其回滚，因此您可以执行此操作。您可以在此处的历史记录中找到它：stackoverflow.com/posts/8176001/revisions

标签： java active-directory windows-server-2008-r2

【解决方案1】：

好的。对不起，我是这个论坛的新手。无论如何...这里再次解决方案：

package model;

import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class NewUser {

    private static final String DOMAIN_NAME = "Dom215-01";
    private static final String DOMAIN_ROOT = "DC=Dom215-01,DC=local";
    private static final String DOMAIN_URL = "ldap://10.18.215.112:389";
    private static final String ADMIN_NAME = "CN=Administrator,CN=Users,DC=Dom215-01,DC=local";
    private static final String ADMIN_PASS = "g18";

    private String userName, firstName, lastName, password, organisationUnit;
    private LdapContext context;

    public NewUser(String userName, String firstName, String lastName,
                    String password, String organisationUnit) {

        this.userName = userName;
        this.firstName = firstName;
        this.lastName = lastName;
        this.password = password;
        this.organisationUnit = organisationUnit;

        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

        // set security credentials, note using simple cleartext authentication
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
        env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);

        // connect to my domain controller
        env.put(Context.PROVIDER_URL, DOMAIN_URL);

        try {
            this.context = new InitialLdapContext(env, null);
        } catch (NamingException e) {
            System.err.println("Problem creating object: ");
            e.printStackTrace();
        }

    }

    public boolean addUser() throws NamingException {

        // Create a container set of attributes
        Attributes container = new BasicAttributes();

        // Create the objectclass to add
        Attribute objClasses = new BasicAttribute("objectClass");
        objClasses.add("top");
        objClasses.add("person");
        objClasses.add("organizationalPerson");
        objClasses.add("user");

        // Assign the username, first name, and last name
        String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
        Attribute cn = new BasicAttribute("cn", cnValue);
        Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
        Attribute principalName = new BasicAttribute("userPrincipalName", userName
                + "@" + DOMAIN_NAME);
        Attribute givenName = new BasicAttribute("givenName", firstName);
        Attribute sn = new BasicAttribute("sn", lastName);
        Attribute uid = new BasicAttribute("uid", userName);

        // Add password
        Attribute userPassword = new BasicAttribute("userpassword", password);

        // Add these to the container
        container.put(objClasses);
        container.put(sAMAccountName);
        container.put(principalName);
        container.put(cn);
        container.put(sn);
        container.put(givenName);
        container.put(uid);
        container.put(userPassword);

        // Create the entry
        try {
            context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private static String getUserDN(String aUsername, String aOU) {
        return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
    }
}

【讨论】：