Spring Security。如何獲得LDAP用戶屬性？

Question

認證工作正常。 我嘗試使用LdapTemplate的「搜索」方法獲取LDAP用戶屬性。 我的彈簧security.xml文件：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
... 
    <ldap-server url="ldap://ldap.andri.com:389/dc=andri,dc=com" /> 

    <authentication-manager> 
     <authentication-provider ref='jtwAuthProvider' /> 
     <ldap-authentication-provider 
      group-search-filter="member={0}" user-search-base="ou=Addressbook" 
      user-search-filter="uid={0}" /> 
    </authentication-manager> 

    <beans:bean id="jtwAuthProvider" 
     class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> 
     <beans:constructor-arg> 
      <beans:bean 
       class="org.springframework.security.ldap.authentication.BindAuthenticator"> 
       <beans:constructor-arg ref="contextSource" /> 
       <beans:property name="userSearch"> 
        <beans:bean id="userSearch" 
         class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> 
         <beans:constructor-arg index="0" 
          value="ou=Addressbook,dc=ldap,dc=andri,dc=com" /> 
         <beans:constructor-arg index="1" 
          value="userPrincipalName={0}" /> 
         <beans:constructor-arg index="2" 
          ref="contextSource" /> 
        </beans:bean> 
       </beans:property> 
      </beans:bean> 
     </beans:constructor-arg> 
    </beans:bean> 

    <beans:bean id="contextSource" 
     class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> 
     <beans:constructor-arg value="ldap://ldap.andri.com:389" /> 
     <beans:property name="userDn" 
      value="cn=LDAPaccess,ou=Special,dc=ldap,dc=andri,dc=com" /> 
     <beans:property name="password" value="GfGTgFD" /> 
    </beans:bean> 

</beans:beans> 

登錄控制器：

... 
LdapTemplate template; 

@Autowired 
public void setTemplate(LdapContextSource contextSource) { 
    template = new LdapTemplate(contextSource); 
} 
... 
@SuppressWarnings("unchecked") 
@RequestMapping(value = "/books", method = RequestMethod.GET) 
public String books(ModelMap model, Principal principal) 
     throws BookServiceException { 

    class UserAttributesMapper implements AttributesMapper { 

     @Override 
     public Object mapFromAttributes(Attributes attributes) 
       throws NamingException { 
      Map<String, String> map = new HashMap<String, String>(); 
      String fullname = (String) attributes.get("displayName").get(); 
      String email = (String) attributes.get("mail").get(); 
      String title = (String) attributes.get("title").get(); 

      map.put("fullname", fullname); 
      map.put("email", email); 
      map.put("title", title); 
      return map; 
     } 
    } 

    Map<String, String> results = new HashMap<String, String>(); 
    String objectClass = "samAccountName=" + principal.getName(); 

    LinkedList<Map<String, String>> list = (LinkedList<Map<String, String>>) template 
      .search("ou=Addressbook,dc=andri,dc=com", objectClass, 
        new UserAttributesMapper()); 
    results = list.get(0); 
    model.addAttribute("userinfo", results.toString()); 
    return "books"; 
} 

不過，我不斷收到一個錯誤： org.springframework.ldap.InvalidNameException：LDAP：錯誤代碼34 - 無效DN]

我嘗試使用不同的DN： 「OU =地址簿，DC =安德里，DC = COM」 「CN = aartemenko，OU =通訊錄，DC =安德里，DC = COM」 「DC =安德里，DC = COM」 「」 「CN = aartemenko，OU =特殊，DC =安德里，DC = COM」 等

但結果是一樣的。 我在做什麼錯？

Answer 1

對不起，它真的很愚蠢。這在LDAPaccess cn中是錯誤的。