java连接ldap服务器_java – LDAP:如何使用连接详细信息验证用...

和谦
2023-12-01

我无法使用LDAP对用户进行身份验证.我有以下细节:

URL=ldap://10.10.10.10:389

LDAP BASE:DC=lab2,DC=ins

LDAP Bind Account: CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=lab2,DC=ins

LDAP Bind Account Pw: secret

我可以使用上面的详细信息搜索sAMAccountName值,但是如何使用用户名和密码验证用户?

如果您按照我之前的问题进行操作,那么您将了解到,我已成功连接到LDAP服务器但无法对其进行身份验证.

用户进行身份验证:

user: someusername

password: somepwd

我无法使用’somepwd’连接到LDAP服务器,我应该如何使用someusername.我能够将给定用户搜索为sAMAccountName.

最佳答案

这是我在各个地方找到的东西的混搭.如果您不想使用UnboundID SDK,它应该让您沿着正确的路径前进.这不是生产质量,如果您的商店支持,您可能希望在此处添加SSL内容.

public static Boolean validateLogin(String userName, String userPassword) {

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);

// To get rid of the PartialResultException when using Active Directory

env.put(Context.REFERRAL, "follow");

// Needed for the Bind (User Authorized to Query the LDAP server)

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);

env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);

DirContext ctx;

try {

ctx = new InitialDirContext(env);

} catch (NamingException e) {

throw new RuntimeException(e);

}

NamingEnumeration results = null;

try {

SearchControls controls = new SearchControls();

controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree

controls.setCountLimit(1); //Sets the maximum number of entries to be returned as a result of the search

controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds

String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";

results = ctx.search("", searchString, controls);

if (results.hasMore()) {

SearchResult result = (SearchResult) results.next();

Attributes attrs = result.getAttributes();

Attribute dnAttr = attrs.get("distinguishedName");

String dn = (String) dnAttr.get();

// User Exists, Validate the Password

env.put(Context.SECURITY_PRINCIPAL, dn);

env.put(Context.SECURITY_CREDENTIALS, userPassword);

new InitialDirContext(env); // Exception will be thrown on Invalid case

return true;

}

else

return false;

} catch (AuthenticationException e) { // Invalid Login

return false;

} catch (NameNotFoundException e) { // The base context was not found.

return false;

} catch (SizeLimitExceededException e) {

throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);

} catch (NamingException e) {

throw new RuntimeException(e);

} finally {

if (results != null) {

try { results.close(); } catch (Exception e) { /* Do Nothing */ }

}

if (ctx != null) {

try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }

}

}

}

 类似资料: