Cordys 对 LDAP的 操作 【增加、删除、修改】

import java.security.Security;import com.cordys.cpc.bsf.busobject.BSF;import com.novell.ldap.LDAPConnection;import com.novell.ldap.LDAPJSSESecureSocketFactory;import com.novell.ldap.LDAPSocketFactory;public class LDAPConfig {static String LDAP_TO_SERVER = "192.168.100.108";      static String LDAP_TO_PORT = "6366";      static String LDAP_TO_USER = "cn=Directory Manager,o=mydomain.com";      static String LDAP_TO_PWD = "cordys";      public static String authenticatedUsersDn = "cn=authenticated users,cn=cordys,cn=defaultInst,o=mydomain.com";      public static String ownerOrgDn = "o=system,cn=cordys,cn=defaultInst,o=mydomain.com";     public static String orgUserDn = "cn=organizational users,o=system,cn=cordys,cn=defaultInst,o=mydomain.com";      public static String certifiName = "C:/Program Files/OpenText/OpenText Cordys/defaultInst/certificates/truststore/CordysTrustStore.jks";  public final static String SSL_TRUST_STORE = "C:\\Works\\Java\\jdk1.7.0_45\\jre\\lib\\security\\cacerts"; //通过keytool导入JRE库证书//执行脚本 [keytool -import -trustcacerts -alias laiyifen_dev -keystore "D:\Work\Tool\Java\jdk1.6.0_30\jre\lib\security\cacerts" -file "D:\Work\Workspaces\CordysTest\test\216-dev-cert.cer" -storepass changeit]    private static LDAPConnection connection;      //Cordys调用外部，或者其他LDAP    public static LDAPConnection getOutGatewayLDAPConnection() {                        if(connection != null && connection.isConnected()){              return connection;          }else{              connection = null;          }          try {             Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());              System.setProperty("javax.net.ssl.trustStore", certifiName);             //System.setProperty("javax.net.ssl.trustStore", SSL_TRUST_STORE);             LDAPSocketFactory ssf = new LDAPJSSESecureSocketFactory();              LDAPConnection.setSocketFactory(ssf);              connection = new LDAPConnection();                    connection.connect(LDAP_TO_SERVER, Integer.parseInt(LDAP_TO_PORT) );                          connection.bind(LDAPConnection.LDAP_V3, LDAP_TO_USER, LDAP_TO_PWD.getBytes("UTF8"));          } catch (Exception e) {              System.out.println("ldap连接异常");              e.printStackTrace();          }          return connection;      }      //cordys调用自己的 LDAP    public static LDAPConnection getInnerLDAPConnection()      {          return BSF.getLDAPDirectory().getConnection();      }}

import java.util.ArrayList;import java.util.List;import com.cordys.cpc.bsf.busobject.BusObjectConfig;import com.cordys.cpc.bsf.busobject.BusObjectIterator;import com.novell.ldap.LDAPAttribute;import com.novell.ldap.LDAPAttributeSet;import com.novell.ldap.LDAPConnection;import com.novell.ldap.LDAPEntry;import com.novell.ldap.LDAPException;import com.novell.ldap.LDAPModification;import com.novell.ldap.LDAPSearchResults;public class MLDAP extends MLDAPBase{    public MLDAP()    {        this((BusObjectConfig)null);    }    public MLDAP(BusObjectConfig config)    {        super(config);    }    public static void Test() throws LDAPException    {        getLDAPEntries() ;    deleteLDAPEntry();    modifyLDAPEntry();    }        public static void addLDAPEntry() throws LDAPException    {    String UName="cyt005";    LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();        LDAPAttributeSet authUsersAttributeSetUser = new LDAPAttributeSet();          authUsersAttributeSetUser.add( new LDAPAttribute("objectclass", new String[]{"top","busauthenticationuser"}));                    authUsersAttributeSetUser.add( new LDAPAttribute("cn", UName));          authUsersAttributeSetUser.add( new LDAPAttribute("osidentity", UName));          authUsersAttributeSetUser.add( new LDAPAttribute("description", "It's test"));          authUsersAttributeSetUser.add( new LDAPAttribute("userPassword",UName));          String context =LDAPConfig.ownerOrgDn;          authUsersAttributeSetUser.add( new LDAPAttribute("defaultcontext", context));                 String orgDn = "cn=" + UName + "," +    LDAPConfig.orgUserDn;         String authenticatedDn = "cn=" + UName + "," +    LDAPConfig.authenticatedUsersDn;         LDAPEntry orgEntry = new LDAPEntry(orgDn, authUsersAttributeSetUser);          LDAPEntry authenticatedEntry = new LDAPEntry(authenticatedDn, authUsersAttributeSetUser);                    connection.add(orgEntry);          connection.add(authenticatedEntry);      }        public static void deleteLDAPEntry() throws LDAPException    {    LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();    String cn="cn=cyt003,"+LDAPConfig.authenticatedUsersDn;    connection.delete(cn);    }        public static void modifyLDAPEntry() throws LDAPException    {    LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();    String cn="cn=cyt002,"+LDAPConfig.authenticatedUsersDn;    connection.modify(cn, new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("userPassword","cyt_success")));        }        public static void getLDAPEntries() throws LDAPException    {    List<LDAPEntry> list=new ArrayList();    LDAPConnection connection=LDAPConfig.getOutGatewayLDAPConnection();    LDAPSearchResults results=connection.search(LDAPConfig.authenticatedUsersDn, LDAPConnection.SCOPE_ONE, "cn=Think",null, false);    while(results.hasMore())    {    LDAPEntry entry=results.next();        LDAPAttribute DSAttribute=entry.getAttribute("description");    String DSValue=DSAttribute.getStringValue();    //...    list.add(entry);        }        }}

如图： LDAPAttribute 的属性 如下图所示：

附加内容： 如果是想修改Cordys的密码，可以调用Cordys自带的WebService 

SetPasswordForUserOperation

This Web service operation enables administrator to change the password of other users.

SOAP Request

<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">    <SOAP:Body>        <SetPasswordForUser xmlns="http://schemas.cordys.com/user/password/1.0">            <Username>PARAMETER</Username>            <NewPassword>PARAMETER</NewPassword>        </SetPasswordForUser>    </SOAP:Body></SOAP:Envelope>

Request Parameters

Parameter

Description

Username

The user for which the new password is set.

NewPasswordThe new password of the user, in plain-text.

==============================================================================================================================

COSUtil.java

package com.synale.cordys.soa.util;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import com.eibus.util.system.Native;import com.synale.cordys.common.util.BaseUtil;/**  * 利用Cordys内部自带的Class操作 SOA 报文 */  public class CSOAUtil extends BaseUtil{private static final String SHA1 = "SHA1";private static final String MD5  = "MD5";private static final String SHA1_prefix = "{"+SHA1+"}";private static final String MD5_prefix  = "{"+MD5+"}";public static String hashNative(String password,String algorithm, String prefixKey, boolean useDefaultEncoding){try{MessageDigest digest = MessageDigest.getInstance(algorithm);if(useDefaultEncoding) {digest.update(password.getBytes());} else {for(char c : password.toCharArray()) {digest.update((byte) (c>>8));digest.update((byte) c);}}byte[] digestedPassword = digest.digest();byte[] encodedDigested = Native.encodeBinBase64(digestedPassword, digestedPassword.length); return prefixKey + new String(encodedDigested);}catch (NoSuchAlgorithmException ne){return password;}}/**  * 利用Cordys LDAP是利用SHA1的加密方式 不可逆的 */ public static String generateSHA1Password(String plainPassword) {return hashNative(plainPassword, SHA1, SHA1_prefix, false);}}

LDAPUtil.java

package com.synale.cordys.soa.util;import java.util.List;import com.cordys.cpc.bsf.busobject.BSF;import com.novell.ldap.LDAPAttribute;import com.novell.ldap.LDAPConnection;import com.novell.ldap.LDAPException;import com.novell.ldap.LDAPModification;public class LDAPUtil  extends CSOAUtil{    /**     * 根据用户dn删除LDAP上的用户     * @param dn     * @throws Exception      * @author cyt     */    public static void deleteLDAPEntry(String dn) throws LDAPException      {          LDAPConnection connection= BSF.getLDAPDirectory().getConnection();        connection.delete(dn);      }     /**     * 根据用户dn更新LDAP上的用户信息     * @param dn     * @param List LDAPAttribute     * @throws Exception      * @author cyt     */    public static void updateLDAPEntry(String dn,List<LDAPAttribute> Attributes ) throws LDAPException      {          LDAPConnection connection=BSF.getLDAPDirectory().getConnection();         for(int i=0;i<Attributes.size();i++)        {        connection.modify(dn, new LDAPModification(LDAPModification.REPLACE,Attributes.get(i)));        }              }          /**     * 根据用户dn更新LDAP上的用户信息     * @param dn     * @param LDAPAttribute       * @throws Exception      * @author cyt     */    public static void updateLDAPEntry(String dn, String newPassWord ) throws LDAPException      {      newPassWord=generateSHA1Password(newPassWord);        LDAPConnection connection=BSF.getLDAPDirectory().getConnection();         connection.modify(dn, new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("userPassword",newPassWord)));              }      /**     * 根据用户dn更新LDAP上的用户信息     * @param dn     * @param LDAPAttribute       * @throws Exception      * @author cyt     */    public static void updateLDAPEntry(String dn, LDAPAttribute Attribute ) throws LDAPException      {          LDAPConnection connection=BSF.getLDAPDirectory().getConnection();         connection.modify(dn, new LDAPModification(LDAPModification.REPLACE,Attribute));              }  }

如果要判断 该 dn在LDAP中是否存在 ，则使用 read 方法

    /**     * 根据用户dn查看 LDAP上是否存在该dn     * @param dn     * @return true or false     * @author cyt     */    public static boolean isExistInLDAP(String dn)      {          LDAPConnection connection=BSF.getLDAPDirectory().getConnection();         try {connection.read(dn);return true;} catch (LDAPException e) {return false;}    }