0
我試圖用jsp/jndi添加ldap條目。代碼非常粗糙,我正在學習,所以如果你有任何建議,請告訴我。 SEARCH部分正常工作。 ADDENTRY部分沒有。它告訴我:使用JSP/JNDI搜索並添加ldap條目
" An exception occurred: [LDAP: error code 50 - The entry cn=m,o=Rubrica,dc=example,dc=com cannot be added due to insufficient access rights] "
這是我的代碼:
<%@page import="javax.naming.NamingEnumeration"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<%@page import="java.util.*" %>
<%@page import="javax.naming.ldap.*" %>
<%@page import="javax.naming.directory.*"%>
<%@page import="javax.naming.directory.InitialDirContext"%>
<%@page import="javax.naming.directory.DirContext"%>
<%@page import="javax.naming.Context" %>
<%@page import="javax.naming.InitialContext" %>
<%@page import="javax.naming.NamingException" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h2>Rubrica</h2>
<!-- SEARCH ENTRY -->
<br>
<h3>Search:</h3>
<form action="" method="post">
Search Entry: <input type="text" name="search""><br>
<input type="submit" value="search">
</form>
<br><br>
<%
//CREATING AN INITIAL CONTEXT for search function:
//context = objects whose state is a set of bindings (=ldap entries), that have distinct atomic names.
//The Hashtable class represents the environments properties parameters
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:1389/o=Rubrica,dc=example,dc=com");
DirContext ctx = new InitialDirContext(env);
env.put(Context.SECURITY_PRINCIPAL,"cn=Directory Manager,dc=example,dc=com");
env.put(Context.SECURITY_CREDENTIALS,"secret");
String searchName = (String)request.getParameter("search");
try{
request.getParameter("search");
Attributes attrs = ctx.getAttributes("cn = " + searchName);
out.println(attrs.get("cn").get()+": ");
out.println(attrs.get("telephonenumber").get());
}
catch (Exception e){
out.println("An exception occurred: " + e.getMessage());
}
%>
<br><br>------------------------------------</br><br>
<!-- ADD ENTRY -->
<br>
<h3>Add Entry:</h3>
<form action="" method="post">
Add Entry:<br><br>
Full Name: <input type="text" name="addcn"><br>
Surname: <input type="text" name="surname"><br>
PhoneNumber: <input type="text" name="pn"><br>
<input type="submit" value="addEntry">
</form>
<br><br>
<%
String addcn = (String)request.getParameter("addcn");
String surname = (String)request.getParameter("surname");
String pn = (String)request.getParameter("pn");
try{
//Create new set of attributes
BasicAttributes attrs1 = new BasicAttributes();
//(The item is a person)
Attribute classes = new BasicAttribute("objectClass");
classes.add("top");
classes.add("person");
// classes.add("organizationalPerson");
// Add the objectClass attribute to the attribute set
attrs1.put(classes);
// Store the other attributes in the attribute set
attrs1.put("sn", surname);
attrs1.put("telephonenumber", pn);
// Add the new entry to the directory server
ctx.createSubcontext("ldap://localhost:1389/cn="+addcn+",o=Rubrica,dc=example,dc=com", attrs1);
}
catch (Exception e){
out.println("An exception occurred: " + e.getMessage());
}
%>
</body>
我添加了 「刪除條目」 部分:
<h3>Remove Entry:</h3>
<form method="post">
Insert Entry To Remove: <input type="text" name="delUser""><br>
<input type="submit" value="Remove">
</form><br><br>
<%
String delUser = (String)request.getParameter("delUser");
try
{
ctx.destroySubcontext("cn="+delUser);
}
catch (Exception e){
out.println("An exception occurred: " + e.getMessage());
}
%>
和頁面給我相同授權錯誤。 ps。我在我的機器上使用ldap + SASL。也許這可能是問題所在。
[解決] 的問題是,指令的有關創建的上下文的順序不正確。在上面的代碼中,我做了匿名認證。 遵循正確的操作流程:
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:1389/o=Rubrica,dc=example,dc=com");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"cn=Directory Manager");
env.put(Context.SECURITY_CREDENTIALS,"secret");
DirContext ctx = new InitialDirContext(env);
謝謝; admin用戶是我將添加具有opendj項相同,證書相匹配。我控制了層次結構,這看起來也是正確的。關於第3屆..我如何擁有使用者的權利? – MdC
我認爲用戶羣存在問題。查看SECURITY_PRINCIPAL和PROVIDER_URL的層次結構。你可以減少任何一個或兩個層次結構爲「dc = com」? –
若要解決此問題,行「DirContext ctx = new InitialDirContext(env);」在SECURITY_PRINCIPAL和PWD之後,但它仍然導致異常。 – MdC