And*_*ers 4 java ldap active-directory unboundid-ldap-sdk
我正在构建一个应用程序,我需要使用它连接到Active Directory UnboundID.使用一个例子,我设法将用户与他们distinguishedName和password.
但是,我想仅使用domain和username它进行身份验证,类似于在Windows中完成的操作.使用名为JXplorer它的工具浏览AD 似乎sAMAccountName可能是我需要的属性.但是,distinguishedName使用sAMAccountName 替换会导致AcceptSecurityContext错误.使用"uid=..."示例中显示的语法也产生了相同的错误.
有没有办法只使用域登录,username/ sAMAccountName和password.或者我是否需要通过AD搜索并找到distinguishedName我想要进行身份验证的用户,然后使用他们distinguishedName和password?绑定连接?
小智 8
正如@ioplex在他的评论中所说,AD使用sAMAccountName中的用户名接受绑定,并附加了域名.只需使用它而不是绑定上的DN:
String userId = username + "@" + domain;
SimpleBindRequest adminBindRequest = new SimpleBindRequest(userId, passsword);
最终的userId将类似'eharris@contoso.local'
您需要使用具有适当权限的帐户执行搜索samAccountName以查找用户,然后使用专有名称绑定为找到的用户.
您需要确保只从搜索中返回一个条目.
仅用于演示目的的示例!
参数将类似于:
"adldap.example.com""CN = bob,OU = Users,DC = example,DC = com""connPwd""OU = Users,DC = example,DC = com""samAccountName""findUserValue""userPassword"
/**
* @author jwilleke <br/>
* Use For Demonstration Purposes ONLY!
* @param args
*/
public static void main(String[] args)
{
String connHost = args[0];
String connID = args[1];
String connPwd = args[2];
String searchBase = args[3];
String findUserByAttribute = args[4];
String findUserValue = args[5];
String userPassword = args[6];
int connPort = 389;
// TODO Auto-generated method stub
String actualLDAPServer = null;
RootDSE rootDSE = null;
// If I were doing this for real, I would use a POOL for Connections
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); // Use For Demonstration Purposes ONLY!
SSLSocketFactory sslSocketFactory = null;
try
{
sslSocketFactory = sslUtil.createSSLSocketFactory();
}
catch (GeneralSecurityException e1)
{
// TODO Auto-generated catch block
e1.printStackTrace();
}
SimpleBindRequest adminBindRequest = new SimpleBindRequest(connID, connPwd);
LDAPConnection adminConnection = new LDAPConnection(sslSocketFactory);
try
{
adminConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP adminConnection to:" + connHost + ":" + connPort);
adminConnection.bind(adminBindRequest);
log.debug("Successful Bind as:" + connID);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
LDAPConnection userConnection = new LDAPConnection(sslSocketFactory);
try
{
userConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP userConnection to:" + connHost + ":" + connPort);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
// Construct Filter to find user
Filter findUserfilter = null;
findUserfilter = Filter.createEqualityFilter(findUserByAttribute, findUserValue);
// Create Search Request
SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, findUserfilter);
searchRequest.setSizeLimit(1); // We will error if we get more than one hit
SearchResult searchResult = null;
try
{
searchResult = adminConnection.search(searchRequest);
}
catch (LDAPSearchException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
String userDN = null;
if (searchResult.getEntryCount() > 1)
{
log.error("We got more than one Entry for:" + searchRequest.getFilter());
}
if (searchResult.getEntryCount() == 0)
{
log.error("We got No Entries for:" + searchRequest.getFilter());
}
for (SearchResultEntry entry : searchResult.getSearchEntries())
{
userDN = entry.getDN();
log.debug("Found an Entry: " + userDN);
}
SimpleBindRequest userBindRequest = new SimpleBindRequest(userDN, userPassword);
if (userBindRequest.getBindDN() == null)
{
log.warn("We got a null for the userBindRequest UserDN and therefore the bind is anonymous !");
}
if (userBindRequest.getPassword() == null)
{
log.warn("We got a null for the userBindRequest Password and therefore the bind is anonymous !");
}
try
{
userConnection.bind(userDN, userPassword);
log.debug("Successful userConnection Bind as:" + userDN);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
-Jim