InitialDirContext是 Java JNDI (Java Naming and Directory Interface) API 的核心类,用于访问目录服务(如 LDAP)。下面是详细的使用说明:
一、基本使用步骤
1.导入必要的包
import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.directory.*; import java.util.Hashtable; import java.util.Properties;2.创建环境配置
// 方式1:使用 Hashtable Hashtable<String, String> env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://localhost:389"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=example,dc=com"); // 管理员DN env.put(Context.SECURITY_CREDENTIALS, "password"); // 方式2:使用 Properties Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389");二、常用操作示例
1.创建连接
public DirContext createConnection() throws NamingException { Hashtable<String, String> env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "uid=user1,ou=people,dc=example,dc=com"); env.put(Context.SECURITY_CREDENTIALS, "password"); return new InitialDirContext(env); }2.搜索操作
public void searchLDAP(DirContext ctx) throws NamingException { // 设置搜索参数 String searchBase = "dc=example,dc=com"; String filter = "(&(objectClass=person)(uid=user1))"; SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); controls.setReturningAttributes(new String[]{"cn", "mail", "telephoneNumber"}); // 执行搜索 NamingEnumeration<SearchResult> results = ctx.search(searchBase, filter, controls); while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); System.out.println("DN: " + result.getNameInNamespace()); System.out.println("CN: " + attrs.get("cn").get()); System.out.println("Mail: " + attrs.get("mail").get()); } }3.添加条目
public void addEntry(DirContext ctx) throws NamingException { Attributes attrs = new BasicAttributes(); // 创建对象类 BasicAttribute objectClass = new BasicAttribute("objectClass"); objectClass.add("top"); objectClass.add("person"); objectClass.add("organizationalPerson"); objectClass.add("inetOrgPerson"); attrs.put(objectClass); // 添加属性 attrs.put("cn", "张三"); attrs.put("sn", "张"); attrs.put("uid", "zhangsan"); attrs.put("userPassword", "password123"); attrs.put("mail", "zhangsan@example.com"); // 创建条目 String dn = "uid=zhangsan,ou=people,dc=example,dc=com"; ctx.createSubcontext(dn, attrs); }4.修改属性
public void modifyAttributes(DirContext ctx) throws NamingException { String dn = "uid=zhangsan,ou=people,dc=example,dc=com"; // 修改操作列表 ModificationItem[] mods = new ModificationItem[2]; // 替换属性 Attribute mod0 = new BasicAttribute("telephoneNumber", "1234567890"); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0); // 添加属性 Attribute mod1 = new BasicAttribute("description", "新员工"); mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1); ctx.modifyAttributes(dn, mods); }5.删除条目
public void deleteEntry(DirContext ctx) throws NamingException { String dn = "uid=zhangsan,ou=people,dc=example,dc=com"; ctx.destroySubcontext(dn); }三、完整示例
public class LDAPExample { public static void main(String[] args) { DirContext ctx = null; try { // 1. 创建连接 Hashtable<String, String> env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://localhost:389"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=example,dc=com"); env.put(Context.SECURITY_CREDENTIALS, "admin123"); ctx = new InitialDirContext(env); System.out.println("连接LDAP服务器成功!"); // 2. 搜索用户 searchUsers(ctx); // 3. 添加用户 addUser(ctx, "lisi", "李四", "lisi@example.com"); } catch (NamingException e) { e.printStackTrace(); } finally { // 4. 关闭连接 if (ctx != null) { try { ctx.close(); } catch (NamingException e) { e.printStackTrace(); } } } } private static void searchUsers(DirContext ctx) throws NamingException { String searchBase = "dc=example,dc=com"; String filter = "(objectClass=person)"; SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration<SearchResult> results = ctx.search(searchBase, filter, controls); while (results.hasMore()) { SearchResult result = results.next(); System.out.println("找到用户: " + result.getName()); } } private static void addUser(DirContext ctx, String uid, String cn, String mail) throws NamingException { Attributes attrs = new BasicAttributes(); BasicAttribute objectClass = new BasicAttribute("objectClass"); objectClass.add("inetOrgPerson"); attrs.put(objectClass); attrs.put("uid", uid); attrs.put("cn", cn); attrs.put("sn", cn.substring(0, 1)); // 假设姓是第一个字符 attrs.put("mail", mail); String dn = "uid=" + uid + ",ou=people,dc=example,dc=com"; ctx.createSubcontext(dn, attrs); System.out.println("添加用户成功: " + cn); } }四、常见配置参数
参数 | 说明 | 示例值 |
|---|---|---|
| 上下文工厂类 |
|
| LDAP服务器地址 |
|
| 认证方式 |
|
| 认证用户DN |
|
| 认证密码 |
|
| 是否跟踪引用 |
|
五、最佳实践
资源管理:确保在finally块中关闭连接
连接池:生产环境建议使用连接池
错误处理:适当处理
NamingExceptionSSL/TLS:生产环境使用LDAPS
超时设置:设置合理的连接和读取超时
六、Maven依赖
<dependency> <groupId>com.sun</groupId> <artifactId>tools</artifactId> <version>1.8</version> <scope>system</scope> <systemPath>${java.home}/../lib/tools.jar</systemPath> </dependency>注意:InitialDirContext不仅用于LDAP,还可以用于其他目录服务,但LDAP是最常见的用例。实际使用时需要根据具体的LDAP服务器配置调整参数。
)
)
)
