公司業務需求,java實現對AD域賬號得管理。
1.創建賬號(不帶密碼,userAccountControl 爲544(512+32))參考https://support.microsoft.com/zh-cn/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties
2.創建賬號帶密碼,userAccountControl爲512 要ldaps協議通訊,具體如何操作下面詳解。
3.創建賬號,獲取AD域賬號,刪除AD域賬號 參考 https://www.jianshu.com/p/316fbb6bfd81
4.修改AD域賬號 參考https://blog.csdn.net/ki_boy/article/details/38731593
5.創建組織,修改組織,組織添加,刪除人員 參考 https://blog.csdn.net/qq_22798455/article/details/81087275
6.ldaps詳解,創建密碼字段,修改密碼,控制權限 參考https://blog.csdn.net/tiantiandjava/article/details/91944135
7.java證書安裝 https://blog.csdn.net/hc1017/article/details/81293323
8.驗證登陸 https://blog.csdn.net/garyond/article/details/80224221
https://blog.csdn.net/garyond/article/details/80224221
https://bbs.csdn.net/topics/391829578
9.配置多個ldap,ldaps連接,不同用戶訪問不同得ldap,ldaps
思路:
順便說下ldaps連接 類似spring ldap 只要把url ldap 變成ldaps 端口389 改成636
10 partialresultexception報錯解決方案
11
javax.naming.CommunicationException: simple bind failed: misguided.com.au:343 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
12 單純得simple bind failed connect resued 是你ldaps訪問不到 需要步驟7 創建 AD CS