20 Апрель, 2011

find users in the ldap and add them to a group using java 


package ru.olimpiks

import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;

public class Ldap {

 public static void main(String[] args) {
  String usernameDN = "CN=vasya,DC=acme,DC=com";
  String password = "secret";
  String url = "ldap://acme.com:389";

  // connection properties
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, usernameDN);
  env.put(Context.SECURITY_CREDENTIALS, password);
  env.put(Context.PROVIDER_URL, url);

  // search params
  String groupDN = "CN=jabber,OU=Groups,DC=acme,DC=com";
  String usersSearchFilter = "(objectclass=user)";
  String usersSearchBaseDN = "DC=acme,DC=com";
  String dnKey = "distinguishedName";
  String returnedAtts[] = { dnKey, "cn", "givenName", "mail" };

  DirContext lc = null;
  try {
   // get context
   lc = new InitialLdapContext(env, null);
   // search users
   SearchControls search = new SearchControls();
   search.setReturningAttributes(returnedAtts);
   search.setSearchScope(SearchControls.SUBTREE_SCOPE);
   NamingEnumeration res = lc.search(usersSearchBaseDN,
     usersSearchFilter, search);
   while (res.hasMoreElements()) {
    SearchResult sr = (SearchResult) res.next();
    System.out.println(sr.getName());
    Attributes attrs = sr.getAttributes();
    // if (attrs != null) {
    // for (String a : returnedAtts) {
    // System.out.println(attrs.get(a));
    // }
    // }
    // add the user to a group
    ModificationItem item = new ModificationItem(
      DirContext.ADD_ATTRIBUTE, new BasicAttribute("member",
        attrs.get(dnKey).get()));
    ModificationItem[] items = new ModificationItem[] { item };
    lc.modifyAttributes(groupDN, items);
   }
  } catch (NamingException e) {
   e.printStackTrace();
  } finally {
   if (lc != null) {
    try {
     lc.close();
    } catch (NamingException e) {
     e.printStackTrace();
    }
   }
  }
 }
}
posted by olimpiks at 19:07:00
tags: ,
Подписаться на: Комментарии к сообщению (Atom)