1. 首頁
  2. 問答
  3. 設置LDAP SecurityPrincipal值

設置LDAP SecurityPrincipal值

2012-08-24 53 views
0

我能夠在OpenLDAP的命令行工具成功運行以下搜索查詢:設置LDAP SecurityPrincipal值

ldapsearch -h 1.11.1.1 -b "DC=ff2,DC=in" -s subtree -D "CN=Ldap Bind,OU=Service Accounts,OU=BA,DC=ff2,DC=in" -w G00Pass# sBAAccountName=testAccount

現在我在java類來執行它。我做了以下操作:

Hashtable env = new Hashtable();

env = new Hashtable<String, String>(); 
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
    env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
    env.put(Context.PROVIDER_URL, "ldap://1.11.1.1:389"); 
    env.put(Context.SECURITY_PRINCIPAL, "CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=ff2,DC=in"); 
    env.put(Context.SECURITY_CREDENTIALS, "H00Pass#"); 

    LdapContext context = new InitialLdapContext(env, null); 
    // To get only 1000 results at a time. 
    context.setRequestControls(
     new Control[]{new PagedResultsControl(1000, Control.CRITICAL)}); 

    String[] attrs={"CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=ff2,DC=in"}; 


    String base = "DC=ff2,DC=in"; 
    String filter = "(&(objectClass=user)(sAMAccountName=testAccount))"; 
    SearchControls controls = new SearchControls(); 
    controls.setSearchScope(SearchControls.SUBTREE_SCOPE); 
    controls.setReturningAttributes(attrs); 
    SearchResult searchResults; 
     NamingEnumeration<SearchResult> results = context.search(base, filter, controls); 
     if (results.hasMoreElements()) { 
      SearchResult searchResult = (SearchResult) results.nextElement(); 
      if(results.hasMoreElements()){ 
       System.err.println("Matched multiple groups for the group with SID: "); 
     }else{ 

      System.out.println((String)searchResult.getAttributes().get("sAMAccountName").get()); 
     } 
     }

這給了我空指針例外在searchResult.getAttributes()。在這裏我不確定如何包含sBAAccountName過濾器?

來源

2012-08-24 Himanshu Yadav

回答

1

你必須與標準來搜索如下:

env = new Hashtable<String, String>(); 
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
env.put(Context.PROVIDER_URL, "<LDAP HOST>"); 
env.put(Context.SECURITY_PRINCIPAL, "<LDAP USER LOGIN>"); 
env.put(Context.SECURITY_CREDENTIALS, "<LDAP USER PASSWORD>"); 

LdapContext context = new InitialLdapContext(env); 
// To get only 1000 results at a time. 
context.setRequestControls(
    new Control[]{new PagedResultsControl(1000, Control.CRITICAL))}); 

String attrs = "<List of attrs to be retrieved for each matching LDAP entry>"; 
String base = "<Base of the search tree>"; 
String filter = "<Your filter>"; 
SearchControls controls = new SearchControls(); 
controls.setSearchScope(SearchControls.SUBTREE_SCOPE); 
controls.setReturningAttributes(attrs); 
SearchResults searchResults; 
do { 
    searchResults = ctx.search(base, filter, controls); 
    while (searchResults.hasMoreElements()) { 
     // Process result. 
    } 
    // Process response controls to get the cookie 
    // and keep searching until it is null. 
} 
while (cookie is not null);

來源

2012-08-24 13:25:33 Vikdor

+0

謝謝Vikdor。我是ldap的新手,並更新了我的問題。 –

+0

SECURITY_PRINCIPAL是域名登錄(用戶名)。您在代碼中設置的是搜索基礎。 – Vikdor

+0

我是LDAP新手,所以這可能聽起來很愚蠢。這是否意味着如果我能夠在LDAP Dir中搜索用戶,那麼我能夠驗證他? –

1

你必須在其他地方作爲成員變量聲明searchResult。刪除。然後你會通過編譯錯誤發現你在一個甚至沒有聲明的地方使用它,因此沒有任何價值。也刪除。

來源

2012-08-25 04:14:36 EJP

相關問題

 相關問題