获取和验证Windows AD域的用户信息

1、获取windows AD域用户信息，首先需要有一个ad域管理员权限的账号，用这个账号连接ad域，获取所有域用户信息

用LdapContext，它继承自DirContext

public Object getAllAdUserNames() {
        List<String> list = new ArrayList<>();
        String username = "[email protected]";
        String password = "[email protected]";

        String url = "ldap://192.168.44.40:389"; //使用ldap协议连接windows ad域，缺省端口是389
        Hashtable env = new Hashtable();

        env.put(Context.SECURITY_AUTHENTICATION, "simple");//"none","simple","strong"
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, url);
        env.put(Context.SECURITY_PRINCIPAL, username);
        env.put(Context.SECURITY_CREDENTIALS, password);
        NamingEnumeration results = null;
        try {
            LdapContext ctx = new InitialLdapContext(env,null);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);


            String searchFilter = "(&(objectCategory=person)(objectClass=user)(name=*))";
            String searchBase = "DC=ad,DC=com";
            String returnedAtts[] = {"memberOf"};
            searchControls.setReturningAttributes(returnedAtts);

            NamingEnumeration<SearchResult> result = ctx.search(searchBase,searchFilter,searchControls);
            while (result.hasMoreElements()) {
                SearchResult searchResult = (SearchResult) result.next();
                list.add(searchResult.getName());
                System.out.println("[" + searchResult.getName() + "]");
            }
            ctx.close();
        } catch (AuthenticationException e) {
            e.printStackTrace();
            return e.toString();
        } catch (NameNotFoundException e) {
            e.printStackTrace();
            return e.toString();
        } catch (NamingException e) {
            e.printStackTrace();
            return e.toString();
        } finally {
            if (results != null) {
                try {
                    results.close();
                } catch (Exception e) {
                }
            }
        }
        return list;
    }

2、用DirContext，与上边略有区别

  public List<String> getAllPersonNames() {
        String username = "[email protected]";
        String password = "[email protected]";

        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://192.168.44.40:389/dc=ad,dc=com");
        env.put(Context.SECURITY_PRINCIPAL, username);
        env.put(Context.SECURITY_CREDENTIALS, password);

        DirContext ctx;
        try {
            ctx = new InitialDirContext(env);
        } catch (NamingException e) {
            throw new RuntimeException(e);
        }

        List<String> list = new ArrayList<>();
        NamingEnumeration<SearchResult> results = null;
        try {
            SearchControls controls = new SearchControls();
            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            String searchFilter = "(&(objectCategory=person)(objectClass=user)(name=*))";
            results = ctx.search("", searchFilter, controls);

            while (results.hasMoreElements()) {
                SearchResult searchResult = results.next();
                Attributes attributes = searchResult.getAttributes();
                Attribute attr = attributes.get("cn");
                String cn = attr.get().toString();
                list.add(cn);
            }
        } catch (NameNotFoundException e) {
            e.printStackTrace();
        } catch (NamingException e) {
            e.printStackTrace();
        } finally {
            if (results != null) {
                try {
                    results.close();
                } catch (Exception e) {
                    // Never mind this.
                }
            }
            if (ctx != null) {
                try {
                    ctx.close();
                } catch (Exception e) {
                    // Never mind this.
                }
            }
        }
        return list;
    }

3、用Spring集成ldap

依赖

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-ldap</artifactId>
        </dependency>

application.yml的配置，一种方式自定义ldap，一种是直接采用spring data集成

3.1自定义，重载LdapTemplate

application.yml

#自定义的ldap config
ldap:
  base: OU=开发部,DC=ad,DC=com
  url: "ldap://192.168.44.40:389"
  username: [email protected]
  password: "[email protected]"
  referral: follow

LdapConfig，referral参数具体含义不明确，可以注销了

@Configuration
public class LdapConfig {

    @Value("${ldap.url}")
    private String ldapUrl;

    @Value("${ldap.base}")
    private String ldapBase;

    @Value("${ldap.username}")
    private String ldapUserDn;

    @Value("${ldap.password}")
    private String ldapUserPwd;

    @Value("${ldap.referral}")
    private String ldapReferral;


    @Bean
    public LdapTemplate ldapTemplate() {
        return new LdapTemplate(contextSourceTarget());
    }

    @Bean
    public LdapContextSource contextSourceTarget() {
        LdapContextSource ldapContextSource = new LdapContextSource();

        ldapContextSource.setUrl(ldapUrl);
        ldapContextSource.setBase(ldapBase);
        ldapContextSource.setUserDn(ldapUserDn);
        ldapContextSource.setPassword(ldapUserPwd);
//        ldapContextSource.setReferral(ldapReferral);
        ldapContextSource.setPooled(false);
        ldapContextSource.afterPropertiesSet();
        return ldapContextSource;
    }
}

@Service
public class LdapServiceImpl implements LdapService {

    @Resource
    LdapTemplate ldapTemplate;

    @Override
    public Iterable<User> getUserList(String cn) {
        LdapQuery query = LdapQueryBuilder.query().attributes("cn").where("objectclass")
                .is("user").and("cn").is(cn);
        return ldapTemplate.find(query,User.class);
    }

    @Override
    public User create(User user) {
        ldapTemplate.create(user);
        return user;
    }

    @Override
    public void delete(User user) {
        ldapTemplate.delete(user);
    }

    }

    @Override
    public Iterable<User> findAll() {
        return ldapTemplate.findAll(User.class);
    }
}

实体：

@Entry(base = "dc=ad,dc=com", objectClasses = {"top","person"})
public class User implements Serializable {

    @Id
    @JsonIgnore
    private Name dn;

//    @DnAttribute(value = "distiguishedName")
//    private String distinguishedName;

    @Attribute(name = "cn")
//    @DnAttribute(value="cn", index=1)
    private String commonName;

    @Attribute(name = "sn")
    private String suerName;

    @Attribute(name="userPassword")
    private String userPassword;

//    @DnAttribute(value="ou", index=0)
    @Attribute(name="ou")
    private String organizaitonUnit;

    @Attribute(name="displayName")
    private String displayName;


    public User() {
    }

    public User(String commonName, String organizaitonUnit) {
        Name dn = LdapNameBuilder.newInstance()
                .add("ou",organizaitonUnit)
                .add("cn",commonName)
                .build();
        this.dn = dn;
        this.commonName = commonName;
        this.organizaitonUnit = organizaitonUnit;
    }


。。。 。。。略

}

3.2 Spring data集成方式

application.yml

#spring data方式
spring:
  ldap:
    base: OU=开发部,DC=ad,DC=com
    urls: "ldap://192.168.44.40:389"
    username: [email protected]
    password: "[email protected]"

public interface UserRepository extends LdapRepository<User> {
}

@Service
public class LdapServiceImpl implements LdapService {

    @Resource
    UserRepository userRepository;

    @Override
    public User findOne(String cn) {
        LdapQuery query = LdapQueryBuilder.query().attributes("cn").where("objectclass")
                .is("person").and("cn").is(cn);
        return userRepository.findOne(query).orElse(null);
    }

}