当前位置: 代码迷 >> 综合 >> JNDI 连接Windows Active Directory 教程
  详细解决方案

JNDI 连接Windows Active Directory 教程

热度:18   发布时间:2023-12-17 13:43:24.0
导读:
  這編主要是描述 Java JNDI 連 Windows Active Directory 的教程.
  包括認證, 新增用戶, 修改密碼 及 取得用戶資料.
  作者原文:http://blog.matrix.org.cn/joeyta/entry/20070302
   開始教程:
  1. 建立 IIS SSL
  2. 將 CA Certificate 加入至 jre keystore 裡
  3. JNDI 連 AD
   1. 建立 IIS SSL:
  Install Windows 2003 Server:
  Install AD:
  Start -> Run -> dcpromote
  domain name : joeyta-DOT-local
  NT domain name : joeytaserver
  即 Fully Qualified Domain Name (FQDN) 為 joeytaserver.joeyta-DOT-local
  先安裝 IIS , 再安裝 CA.
  Install IIS:
  Start -> Programs -> Administrative Tools -> Configure Your Server Wizard
  ->> Next -> Next -> Application server (IIS, ASP.NET) -> Next
  進入 http://joeyserver.joeyta.local/postinfo.html 表示安裝成功.
  Install CA:
  Start -> Settings -> Control Panel -> Add or Remove Programs
  ->> Add/Remove Windows Components
  選擇 Certificate Services -> Next
  選擇 Enterprise root CA -> Next
  [bitsCN_com]
  Common name for this CA: testca -> Next
  進入 http://joeyserver.joeyta.local/CertSrv 表示安裝成功.
  Generating a Certificate Signing Request:
  Start -> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager
  ->> Internet Information Services -> (local computer) -> Web Sites
  -> >右鍵點選 Default Web Site -> Properties
  選擇 "Directory Security" -> Server Certificate
  ->> Create a new certificate -> Prepare the request now, but send it later
  一直按 Next , 需要注意的是 Common name 必須為 joeyserver.joeyta.local, 這是給使用者連 ssl 的 website.
  最後產生 certificate request file , 預設為 c:/certreq.txt
  Request a certificate on CA:
  進入 http://joeyserver.joeyta.local/CertSrv
  按 Request a certificate -> advanced certificate request
  -> Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file
  使用 notepad 打開 c:/certreq.txt , copy c:/certreq.txt 內容貼至 Saved Request:
  [bitsCN.Com]
  Certificate Template 選擇 Web Server, 按 Submit
  然後點選 Download certificate , 將 certnew.cer 儲存至 c:/certnew.cer
  Installing a Certificate:
  Start -> Programs -> Administrative Tools -> Internet Information Services (IIS) Manager
  ->> Internet Information Services -> (local computer) -> Web Sites
  -> >右鍵點選 Default Web Site -> Properties
  選擇 "Directory Security" -> Server Certificate
  ->> Process the pending request and install the certificate -> Next
  Path and file name: c:/certnew.cer -> Next
  SSL port this web site should use: 443 -> Next -> Next -> Finish
   2. 將 CA Certificate 加入至 jre keystore 裡:
  進入 http://joeyserver.joeyta.local/CertSrv
  點選 Download a CA certificate, certificate chain, or CRL
  點選 Download CA certificate , 然後下載並改名為 c:/testca_cert.cer
  然後執行 command:
  c:/temp>keytool -import -alias testca_cert -file "/testca_cert.cer" -keystore "/jdk1.5.0_09/jre/lib/security/cacerts" -storepass "changeit" DL@bitsCN_com网管软件下载
  出現 Trusted this certificate? 按 "y" 即新增成功.

本文转自
http://www.bitscn.com/java/advanceprogram/200709/110389.html
  相关解决方案

代码迷 - 您身边的软件异常,代码异常,编程异常助手(发现,解决,分享)
Copyright © 2009-2013 DAIMAMI.COM. All rights reserved.