问题描述
|
这是我目前的代码。我正在编写一个Java代码程序,该程序可以查找Active Directory以确定用户/计算机已应用了哪些策略。当前正在按以下方式工作。接下来,我将添加功能以向用户添加策略。但是,当检查以下策略时,如果用户不存在并且用户没有策略,则不会产生任何结果。我想不通的是如何确定该用户是否不存在?任何帮助,将不胜感激。
public class memberOf {
ArrayList results;
memberOf(String computerName){
Hashtable env = new Hashtable();
//String adminName = \"CN=Administrator,CN=Users,DC=ANTIpodeS,DC=COM\";
//String adminPassword = \"XXXXXXX\";
String ldapURL = \"n\";
env.put(Context.INITIAL_CONTEXT_FACTORY,\"com.sun.jndi.ldap.LdapCtxFactory\");
//set security credentials,note using simple cleartext authentication
env.put(Context.Security_AUTHENTICATION,\"simple\");
env.put(Context.Security_PRINCIPAL,\"u\");
System.out.println(\"Enter password\");
Scanner in = new Scanner(system.in);
String password = in.nextLine();
env.put(Context.Security_CREDENTIALS,password);
//env.put(Context.Security_PROTOCOL,\"ssl\");
//connect toSdomain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_ScopE);
//specify the LDAP search filter
String searchFilter= \"CN=\"+computerName;
//Specify the Base for the search
String searchBase = \"DC=n,DC=o\";
//initialize counter to total the groups
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={\"memberOf\"};
searchCtls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
results = new ArrayList();
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) {
String tempStr = (String)(e.next());
int start = tempStr.indexOf(\"_\");
int end = tempStr.indexOf(\",\");
tempStr=tempStr.substring(start,end);
results.add(totalResults,tempStr);
}
}
}
catch(Exception e){
e.printstacktrace();
}
}
ctx.close();
}
catch (NamingException e) {
e.printstacktrace();
}
}
public ArrayList getResults(){
System.out.println(results.size());
if(results.size()==0){
results.add(0,\"No Groups\");
}
return(results);
}
}
解决方法
您找不到那样的方式。您需要知道一个要在用户中搜索的属性(upn,samAccountName等),以这种方式找到它们,然后在用户对象中使用反向链接的属性来查找其策略。
看来您在做相反的事情-查看该策略并询问“谁是该策略的成员”。效果很好-但显然无法区分
用户存在但不是成员
用户根本不存在。