使用 objectGUID 查询 - Spring LDAP 模板

Question

我正在尝试获取、存储并反过来使用 objectGUID 来查询 Active Directory。 要获取用户属性，我正在使用以下

public static class MyDnKeyValueAttMapper implements AttributesMapper<Object> {
        @Override
        public List<LdapKeyValueList> mapFromAttributes(Attributes attributes)
                throws NamingException, javax.naming.NamingException {
            List<LdapKeyValueList> attributeKeyValMap = new ArrayList<LdapKeyValueList>();
            NamingEnumeration<String> namingEnumeration = attributes.getIDs();

            while (namingEnumeration.hasMoreElements()) {
                String attributeName = (String) namingEnumeration.nextElement();
                String AttributeValue = attributes.get(attributeName).get().toString();
                attributeKeyValMap.add(new LdapKeyValueList(attributeName, AttributeValue));
            }
            return attributeKeyValMap;
        }
    }

objectGuid 似乎总是以字符串格式返回。 我也试过-

UUID guid = (UUID) attributes.get("objectGUID").get();

这会引发“无法将字符串转换为 uuid”的错误

似乎在我可以做任何事情之前 ldaptemplate 搜索总是以字符串格式返回属性。

如何获取“objectGUID”的格式，以便我可以存储它并在 ldapTemplate 搜索查询中使用。

提前致谢。

Answer 1

对于 Spring，将“java.naming.ldap.attributes.binary”属性注入 ldapTemplate

@Bean
public LdapTemplate ldapTemplate() {
  return new LdapTemplate(contextSource());
}

@Bean
public ContextSource contextSource() {
  final LdapContextSource contextSource = new LdapContextSource();
  contextSource.setUrl(env.getRequiredProperty("ldap.url"));
  contextSource.setBase(env.getRequiredProperty("ldap.base"));
  contextSource.setUserDn(env.getRequiredProperty("ldap.user"));
  contextSource.setPassword(env.getRequiredProperty("ldap.password"));

  // Important!!! Tell ldapTemplate to retrieve AD field
  // "objectGUID" as binary. Otherwise it will be
  // retrieved as a String, thus, modifying the byte[] array
  final Map<String, Object> envProps = new HashMap<>();
  envProps.put("java.naming.ldap.attributes.binary","objectGUID");
  contextSource.setBaseEnvironmentProperties(envProps);

  return contextSource;
}

...

// Will not complain about the String to byte[] conversion and
// Has to be 16 in length. If not, you did something 
// wrong. For example ldapTemplate still retrieves objectGUID
// as String, modifying the value
byte[] guidBytes = (byte[]) attributes.get("objectGUID").get();
if (guidBytes.length == 16) {
  // Convert encoded AD objectGUID to UUID
  // objectGUID is not storing bits sequentially, so do the dance
  UUID uuid = UUID.fromString(
    String.format("%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", 
    guidBytes[3] & 255, 
    guidBytes[2] & 255, 
    guidBytes[1] & 255, 
    guidBytes[0] & 255, 
    guidBytes[5] & 255, 
    guidBytes[4] & 255, 
    guidBytes[7] & 255, 
    guidBytes[6] & 255, 
    guidBytes[8] & 255, 
    guidBytes[9] & 255, 
    guidBytes[10] & 255, 
    guidBytes[11] & 255, 
    guidBytes[12] & 255, 
    guidBytes[13] & 255, 
    guidBytes[14] & 255, 
    guidBytes[15] & 255));
}

Answer 2

如果您不希望将二进制属性（objectGUID 具有 Octet String 语法）作为字符串检索，则必须这样说。使用 Spring，您必须将 <entry key="java.naming.ldap.attributes.binary" value="objectGUID"/> 添加到您的上下文环境中。

稍后byte[] guid = (byte[]) namingEnumeration.getAttributes().get("objectGUID").get(); 应该会返回您要查找的内容。

只是输入，未测试。