如何使用Java刪除Active Directory中的用戶

Question

我已經實現了在AD中啓用，創建和禁用用戶的功能。我還需要確保我可以使用Java刪除AD中的用戶。 下面是一些相關的代碼，有人可以讓我知道如何刪除AD中的用戶嗎？ 我更喜歡使用原始的java代碼來實現這一點。

import java.io.IOException; 
import java.io.UnsupportedEncodingException; 
import java.util.ArrayList; 
import java.util.Hashtable; 
import java.util.List; 

import javax.naming.Context; 
import javax.naming.NamingEnumeration; 
import javax.naming.NamingException; 
import javax.naming.directory.Attribute; 
import javax.naming.directory.Attributes; 
import javax.naming.directory.BasicAttribute; 
import javax.naming.directory.BasicAttributes; 
import javax.naming.directory.DirContext; 
import javax.naming.directory.ModificationItem; 
import javax.naming.directory.SearchControls; 
import javax.naming.directory.SearchResult; 
import javax.naming.ldap.Control; 
import javax.naming.ldap.InitialLdapContext; 
import javax.naming.ldap.LdapContext; 
import javax.naming.ldap.PagedResultsControl; 
import javax.naming.ldap.PagedResultsResponseControl; 

public class LDAPTool { 

/** 
* 
* @param attrs 
* @param propertyName 
* @return the value of the property. 
*/ 
public static String getString(Attributes attrs, String propertyName) { 
    String value = ""; 

    if (null != attrs) { 
     Attribute attr = attrs.get(propertyName); 
     if (null != attr) { 
      value = String.valueOf(attr); 
      value = value.substring(value.indexOf(": ") + 2).trim(); 
     } 
    } 

    return value; 
} 

/** 
* 
* @param host 
* @param port 
* @param username 
* @param password 
* @return 
* @return true if passed the authenticate, or else false. 
* @throws NamingException 
*/ 
public static void authenticate(String host, int port, String username, String password) 
     throws NamingException { 

    LdapContext ctx = getLdapContext(host, port, username, password); 
    if(null != ctx){ 
     ctx.close(); 
    } 

} 

/** 
* 
* @param host 
*   host name or IP address 
* @param port 
*   port for LDAP protocol 
* @param username 
* @param password 
* @return the LDAP context 
* @throws NamingException 
*/ 
public static LdapContext getLdapContext(String host, int port, String username, String password) 
     throws NamingException { 

    Hashtable<String, String> env = new Hashtable<String, String>(); 

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
    env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port); 
    env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
    env.put(Context.SECURITY_PRINCIPAL, username); 
    env.put(Context.SECURITY_CREDENTIALS, password); 
    env.put("java.naming.ldap.attributes.binary", "tokenGroups"); 
    env.put("java.naming.ldap.attributes.binary", "objectSID"); 

    LdapContext ctx = new InitialLdapContext(env, null); 
    return ctx; 
} 
public static boolean isDisabled(LdapContext ctx, String username, String baseDn) throws NamingException, IOException { 

    boolean disabled = false; 

    String filter = "sAMAccountName=" + username; 
    SearchControls searchCtls = new SearchControls(); 
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); 

    searchCtls.setCountLimit(1); 

    searchCtls.setTimeLimit(0); 

    // We want 500 results per request. 
    ctx.setRequestControls(new Control[] { new PagedResultsControl(1, 
      Control.CRITICAL) }); 

    // We only want to retrieve the "distinguishedName" attribute. 
    // You can specify other attributes/properties if you want here. 
    String returnedAtts[] = { "userAccountControl" }; 
    searchCtls.setReturningAttributes(returnedAtts); 

    NamingEnumeration<SearchResult> answer = ctx.search(baseDn, filter, 
      searchCtls); 

    // Loop through the search results. 
    if (answer.hasMoreElements()) { 
     SearchResult sr = answer.next(); 
     Attributes attr = sr.getAttributes(); 
     long userAccountControl = Long.parseLong(getString(attr, returnedAtts[0])); 
     if(isDisabled(userAccountControl)){ 
      disabled = true; 
     } 
    } 
    return disabled; 

} 

/** 
* Remove the user from group. 
* 
* @param ctx 
* @param userDn 
* @param groupDn 
* @return 
* @throws NamingException 
* @throws Exception 
*/ 
public static void removeFromGroup(LdapContext ctx, String userDn, String groupDn) 
     throws NamingException { 

    ModificationItem[] mods = new ModificationItem[1]; 
    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", userDn)); 
    ctx.modifyAttributes(groupDn, mods); 

} 

/** 
* Disable the account 
* 
* @param ctx 
* @param dn 
* @throws NamingException 
*/ 
public static void disableUser(LdapContext ctx, String dn) 
     throws NamingException { 

    ModificationItem[] mods = new ModificationItem[1]; 
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
      new BasicAttribute(USER_ACCOUNT_CONTROL_ATTR_NAME, 
        ""+USER_CONTROL_VALUE_DISABLED)); 
    ctx.modifyAttributes(dn, mods); 

} 
} 

謝謝。

Answer 1

對於從上下文中刪除用戶，您基本上需要使用javax.naming.Context#unbind功能。

那麼你的方法應該如下所示：

/** 
* Remove the account 
* 
* @param ctx 
* @param dn 
* @throws NamingException 
*/ 
public static void removeUser(LdapContext ctx, String dn) throws NamingException { 
    ctx.unbind(dn); //that's all 
} 

下面是小例子：http://www.java2s.com/Code/Java/JNDI-LDAP/howtoremoveabinding.htm

Answer 2

下面的示例刪除使用UnboundID LDAP SDK的條目：

try { 
    final LDAPConnection ldapConnection = 
     new LDAPConnection(hostname,port,bindDN,bindPassword); 
    final DeleteRequest deleteRequest = 
     new DeleteRequest("cn=entry to delete,dc=example,dc=com"); 
    try { 
     LDAPResult deleteResult = connection.delete(deleteRequest); 
     System.out.println("The entry was successfully deleted."); 
    } catch (LDAPException le) { 
     // The delete request failed 
    } finally { 
     ldapConnection.close(); 
    } 
} catch(final LDAPException ex) { 
    // failed to connect to to the server 
}