1. 首頁
  2. 問答
  3. ApacheDS - 如何使用Java JNDI創建新用戶並設置密碼?

ApacheDS - 如何使用Java JNDI創建新用戶並設置密碼?

2012-02-04 15 views
3

我有以下JNDI代碼來生成一個新的用戶密碼進入Apache的DS:ApacheDS - 如何使用Java JNDI創建新用戶並設置密碼?

private String digest(String algorithm,String password) throws NoSuchAlgorithmException { 
     String r = null; 
     byte [] b = null; 
     MessageDigest md = MessageDigest.getInstance(algorithm); 
     BASE64Encoder encoder; 

     md.update(password.getBytes()); 
     b = md.digest(); 

     encoder = new BASE64Encoder(); 

     System.out.println(encoder.encode(b)); 

     r = encoder.encode(b); 

     return r; 
    }

該代碼添加新用戶:

public User create(User t) throws PersistenceException { 
    NamingEnumeration answer = null; 
    Attributes matchAttrs = null; 
    Attribute objectClass = new BasicAttribute("objectClass"); 

    try { 
     matchAttrs = new BasicAttributes(true); // ignore attribute name case 
     matchAttrs.put(new BasicAttribute("uid",t.getCommonId())); 

     answer = getConnection().search(userContext, matchAttrs); 

     if(! answer.hasMore()) 
     { 
      matchAttrs = new BasicAttributes(true); 
      objectClass.add("inetOrgPerson"); 
      objectClass.add("organizationalPerson"); 
      objectClass.add("person"); 
      objectClass.add("top"); 
      matchAttrs.put(objectClass); 
      matchAttrs.put(new BasicAttribute("cn", t.getFirstName())); 
      matchAttrs.put(new BasicAttribute("sn", t.getLastName())); 
      matchAttrs.put(new BasicAttribute("givenName", t.getFirstName())); 
      matchAttrs.put(new BasicAttribute("mail", t.getCommonId())); 
      matchAttrs.put(new BasicAttribute("userPassword", diggest("MD5",t.getPassword())));     
       getConnection().createSubcontext("uid="+t.getCommonId()+","+userContext,matchAttrs); 
     } 
     else 
      throw new PersistenceException("This user already exists."); 

    } catch (NoSuchAlgorithmException ex) { 
     throw new PersistenceException("LDAP exception creating user - Hash algorithm not found."); 
    } catch (NamingException ex) { 
     ex.printStackTrace(); 
     throw new PersistenceException("LDAP exception creating user."); 
    } 
    return t; 
}

當我把這個代碼,它生成一個散列MD5(我將「MD5」作爲算法傳遞),然後在Base64中進行編碼,並返回要用於LDAP(apacheds)服務器的新用戶的密碼。

但是,服務器始終創建用戶並將「SSHA」作爲創建用戶的算法。我該如何解決這個問題?我嘗試了很多選擇沒有成功,現在我決定問。有沒有辦法對LDAP服務器說密碼是用特定的散列編碼的?

來源

2012-02-04 rod.poli.diniz

+0

您可能想要添加一個代碼片段,顯示如何將用戶對象存儲到Ap中疼痛DS。 – Perception 2012-02-04 14:07:54

回答

1

嘗試使用此方法添加用戶...

import java.util.Hashtable; 
import java.util.Properties; 
import java.util.jar.Attributes; 

import javax.naming.Context; 
import javax.naming.NamingException; 
import javax.naming.directory.Attribute; 
import javax.naming.directory.BasicAttribute; 
import javax.naming.directory.BasicAttributes; 
import javax.naming.directory.DirContext; 
import javax.naming.directory.InitialDirContext; 

    public class LdapProgram { 


      public static void main(String[] args) { 

       Hashtable env = new Hashtable(); 
       env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
       env.put(Context.PROVIDER_URL, "ldap://localhost:10389"); 
       env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
       env.put(Context.SECURITY_PRINCIPAL,"uid=admin,ou=system"); // specify the username 
       env.put(Context.SECURITY_CREDENTIALS,"secret");// specify the password 
       // TODO code application logic here 

          // entry's DN 
      String entryDN = "uid=user1,ou=system"; 

      // entry's attributes 

      Attribute cn = new BasicAttribute("cn", "Test User2"); 
      Attribute sn = new BasicAttribute("sn", "Test2"); 
      Attribute mail = new BasicAttribute("mail", "[email protected]"); 
      Attribute phone = new BasicAttribute("telephoneNumber", "+1 222 3334444"); 
       Attribute oc = new BasicAttribute("objectClass"); 
      oc.add("top"); 
      oc.add("person"); 
      oc.add("organizationalPerson"); 
      oc.add("inetOrgPerson"); 
      DirContext ctx = null; 

      try { 
       // get a handle to an Initial DirContext 
       ctx = new InitialDirContext(env); 

       // build the entry 
       BasicAttributes entry = new BasicAttributes(); 
       entry.put(cn); 
       entry.put(sn); 
       entry.put(mail); 
       entry.put(phone); 

       entry.put(oc); 

       // Add the entry 

       ctx.createSubcontext(entryDN, entry); 
     //   System.out.println("AddUser: added entry " + entryDN + "."); 

      } catch (NamingException e) { 
       System.err.println("AddUser: error adding entry." + e); 
      } 
     } 
    }

來源

2012-03-15 12:13:14 dip89

+1

這不會創建具有密碼的用戶。 – Ken 2013-11-26 12:21:32

+0

@Ken:你不能複製和粘貼。嘗試添加userPassword屬性。但我建議您不要使用userPassword並使用Kerberos對用戶進行身份驗證。 – Xdg 2016-01-03 10:11:22

0

當LDAP存儲加密的密碼,它存儲形式:

{MD5}<md5hashInBase64>

嘗試顯式"{MD5}"添加喜歡這裏:http://andrew-stephanie.ca/ldap-md5-java

matchAttrs.put(new BasicAttribute("userPassword", "{MD5}" + digest("MD5",t.getPassword())));

來源

2014-05-13 08:40:58 mirelon

相關問題

 相關問題