使用Java從LDAP檢索sidHistory

Question

我可以檢索objectSID和許多其他屬性而沒有錯誤，但不是sidHistory（我需要sidHistory來查看域A中的哪個帳戶對應於域B中的帳戶）。

這裏，對於大多數屬性，包括作品的objectSID代碼：「？」

void dumpCSV(Attributes attrs, String[] displayList, Logger lg) { 
    // Assume we're only dealing with single valued attributes (for now) 
    StringBuilder sb = new StringBuilder(); 
    for (String attName : displayList) { 
     String name = attName.trim().toLowerCase(); 
     Attribute att = attrs.get(name); 
     if (sb.length() > 0) 
      sb.append(","); 
     if (att != null) { 
      String v = "?"; 
      try { 
       if ((name.equals("objectsid")) || (name.equals("sidhistory"))) 
        v = binString(att); 
       else { 
        v = (String) att.get(); 
        if (name.equals("pwdlastset") || name.equals("lastlogontimestamp") || name.equals("lastlogon") || name.equals("accountexpires")) 
         v = TickConverter.tickDate(v); 
       } 
       sb.append(Logger.tidyString(v)); 
      } catch (NamingException e) { 
       System.err.println("NamingException, " + e); 
       return; 
      } 
     } 
    } 
     lg.logln(sb.toString()); 
    } 
} 

static String binString(Attribute att) { 
    try { 
     byte bin[] = (byte[]) att.get(); 
     return decodeSID(bin); 
    } catch (NamingException e) { 
     System.err.println("NamingException, " + e); 
     return "?"; 
    } 
} 

// taken from http://www.adamretter.org.uk/blog/entries/LDAPTest.java, in turn borrowed from Oracle docs 
public static String decodeSID(byte[] sid) { 
    final StringBuilder strSid = new StringBuilder("S-"); 

    // get version 
    final int revision = sid[0]; 
    strSid.append(Integer.toString(revision)); 

    //next byte is the count of sub-authorities 
    final int countSubAuths = sid[1] & 0xFF; 

    //get the authority 
    long authority = 0; 
    //String rid = ""; 
    for(int i = 2; i <= 7; i++) { 
     authority |= ((long)sid[i]) << (8 * (5 - (i - 2))); 
    } 
    strSid.append("-"); 
    strSid.append(Long.toHexString(authority)); 

    //iterate all the sub-auths 
    int offset = 8; 
    int size = 4; //4 bytes for each sub auth 
    for(int j = 0; j < countSubAuths; j++) { 
     long subAuthority = 0; 
     for(int k = 0; k < size; k++) { 
      subAuthority |= (long)(sid[offset + k] & 0xFF) << (8 * k); 
     } 

     strSid.append("-"); 
     strSid.append(subAuthority); 

     offset += size; 
    } 

    return strSid.toString();  
} 

如果我嘗試使用這個，tyhe值我得到的是檢索SID歷史。

即使我用NamingEnumeration中，我想我也許應該，我碰到一個「在線程異常‘的AWT - EventQueue的 - 0’java.util.NoSuchElementException：矢量枚舉」，可能是因爲我想將它保存到錯誤的類型（我試過幾種不同的類型）。

片段是：

String v; 
NamingEnumeration nenum = att.getAll(); 
while (nenum.hasMore()) { 
    v = ""; 
    if (name.equals("objectsid")) { 
     v = binString(att); 
     nenum.next(); 
    } else if (name.equals("sidhistory")) { 
     nenum.next(); 
     String[] vv = ((String[]) nenum.next()); 
     v = vv[0]; 
    } else 
    v = (String) nenum.next(); 
    if (name.equals("pwdlastset") || name.equals("lastlogontimestamp") || name.equals("lastlogon") || name.equals("accountexpires")) 
     v = TickConverter.tickDate(v); 
    lg.logln(name + "=" + Logger.tidyString(v)); 
} 

Answer 1

我們使用了一些類似的代碼： 我們注意到，我們看到它在http://book2s.com/java/src/package/net/sf/michaelo/tomcat/realm/activedirectoryrealm.html

... 
Attribute sidHistory = roleAttributes.get("sIDHistory;binary"); 
List<String> sidHistoryStrings = new LinkedList<String>(); 
if (sidHistory != null) 
{ 
    NamingEnumeration<?> sidHistoryEnum = sidHistory.getAll(); 
    while (sidHistoryEnum.hasMore()) 
    { 
    byte[] sidHistoryBytes = (byte[]) sidHistoryEnum.next(); 
    sidHistoryStrings.add(new Sid(sidHistoryBytes).toString()); 
    } 
... 
} 

sidHistory是多值和二進制（octetString）是什麼原因最人們頭痛。

希望這會有所幫助。