【发布时间】:2017-03-09 05:30:34
【问题描述】:
我在本地机器上有一个基于 SSL 的 LDAP 服务器,并通过我的应用程序从同一台机器连接它。以下是连接LDAP服务器的代码:
// Specify the search scope
final String returnedAtts[] = { ldapSettingModel.getDepartment(),
ldapSettingModel.getEmailId(), ldapSettingModel.getLocation(),
ldapSettingModel.getRole(), ldapSettingModel.getDispName() };
String searchFilter = "(&(objectClass=*)(" + ldapSettingModel.getLoginId() + "=" + user
+ ")" + ldapSettingModel.getFilter() + ")";
String adPrincipal = user;
if (CATAppConstants.ACTIVE_DIRECTORY_WIN_2000_ATTR.equals(ldapSettingModel.getLoginId())) {
// with domain
if (user.indexOf("\\") > 0) {
user = user.substring(user.indexOf("\\") + 1);
searchFilter = "(&(objectClass=*)(" + ldapSettingModel.getLoginId() + "=" + user
+ ")" + ldapSettingModel.getFilter() + ")";
} else {
String[] pDN = ldapSettingModel.getBaseDNName().split(",");
for (String dn : pDN) {
if (dn.indexOf("dc=") == 0) {
adPrincipal = dn.substring(3) + "\\" + adPrincipal;
break;
}
}
}
}
// Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String ldapProtocol = "ldap" + (ldapSettingModel.getSslFlg() == 1 ? "s" : "");
String providerUrl = ldapProtocol + "://" + ldapSettingModel.getHost() + ":"
+ ldapSettingModel.getPortNo();
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, providerUrl);
if (ldapSettingModel.getSslFlg() == 1) {
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.factory.socket",
"com.shift.tcm.serviceCust.authenticationManagement.CustomSSLSocketFactory");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
switch (ldapSettingModel.getLdapType()) {
case CATAppConstants.DIRECTORY_TYPE_IS_ACTIVE_DIRECTORY:
env.put(Context.SECURITY_PRINCIPAL, adPrincipal);
break;
default:
env.put(Context.SECURITY_PRINCIPAL, ldapSettingModel.getLoginId() + "=" + user + ","
+ ldapSettingModel.getBaseDNName());
break;
}
env.put(Context.SECURITY_CREDENTIALS, requestPassword);
env.put("com.sun.jndi.ldap.connect.timeout", CATAppConstants.LDAP_CONNECT_TIMEOUT + "");
LdapContext ctxGC = null;
MstUserModel userDetails = null;
// This is the actual Authentication piece. Will throw
// javax.naming.AuthenticationException
// if the users password is not correct. Other exceptions may
// include IO (server not found) etc.
ctxGC = new InitialLdapContext(env, null);
// Now try a simple search and get some attributes as defined in
// returnedAtts
NamingEnumeration<SearchResult> answer = ctxGC.search(ldapSettingModel.getBaseDNName(),
searchFilter, searchCtls);
userDetails = getUserDetailsFromLDAP(answer, ldapSettingModel, checkDetailsOnly,
currentRoleName);
userDetails.setLoginId(user);
在我尝试使用ldapSettingModel.getFilter() 添加搜索过滤器之前,一切正常。通常没有它,搜索过滤器将包含 (&(objectClass=*)(uid=vaibhav)) 用于以下 LDAP 服务器:
我正在尝试允许用户使用 ldapSettingModel.getFilter() 添加他们的附加搜索过滤器,我尝试使用以下值进行搜索:
- (cn=India): final
searchFilter-> (&(objectClass=*)(uid=vaibhav)(cn=India)) - (objectClass=postalAddress)(cn=印度): final
searchFilter-> (&(objectClass=*)(uid=vaibhav)(objectClass=postalAddress)(cn=印度))
我不确定我是否正确应用了额外的搜索过滤器,但 NamingEnumeration<SearchResult> answer 从我的 getUserDetailsFromLDAP() 方法返回 null。如果我做错了什么,请指导我,因为我对 LDAP 很陌生。
【问题讨论】:
标签: java active-directory ldap