LDAP如何在Java中搜索/validation此LDAP
我正在玩LDAP和Java搜索。 这是我的LDIF导出与一个简单的组织
version: 1 dn: dc=example,dc=com objectClass: organization objectClass: dcObject objectClass: top dc: example o: MyOrganization description: Test Description dn: ou=people, dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: people description: All users in demo company dn: cn=Johnny Doe,ou=people,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: Johnny Doe sn: Johnny homephone: 123-456-7890 mail: johnny@johnny.com ou: Development uid: jjohnny userpassword:: johnny dn: cn=Samuel Johnson,ou=people,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: Samuel Johnson sn: Samuel homephone: 123-456-7890 mail: sam@ssam.com ou: Accounts uid: ssam userpassword:: sammy 如何运行Java代码段以从LDAP服务器获取所有用户? 我的Apache DS Directory Server上没有身份validation设置。
Hashtable env = new Hashtable(11); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://localhost:10389/dc=example,dc=com"); env.put(Context.SECURITY_AUTHENTICATION, "none"); try { // Create initial context DirContext ctx = new InitialDirContext(env); Object obj = new Object(); // want to print all users from the LDAP server System.out.println(obj.toString()); ctx.close(); }
try { LdapContext ctx = new InitialLdapContext(env, null); ctx.setRequestControls(null); NamingEnumeration namingEnum = ctx.search("ou=people,dc=example,dc=com", "(objectclass=user)", getSimpleSearchControls()); while (namingEnum.hasMore ()) { SearchResult result = (SearchResult) namingEnum.next (); Attributes attrs = result.getAttributes (); System.out.println(attrs.get("cn")); } namingEnum.close(); } catch (Exception e) { e.printStackTrace(); } private SearchControls getSimpleSearchControls() { SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setTimeLimit(30000); //String[] attrIDs = {"objectGUID"}; //searchControls.setReturningAttributes(attrIDs); return searchControls; }
另一种方法是使用UnboundID 。 它的api非常易读且更短
创建Ldap连接
public static LDAPConnection getConnection() throws LDAPException { // host, port, username and password return new LDAPConnection("com.example.local", 389, "Administrator@com.example.local", "admin"); }
获取过滤结果
public static List getResults(LDAPConnection connection, String baseDN, String filter) throws LDAPSearchException { SearchResult searchResult; if (connection.isConnected()) { searchResult = connection.search(baseDN, SearchScope.ONE, filter); return searchResult.getSearchEntries(); } return null; }
获取所有Oragnization单位和容器
String baseDN = "DC=com,DC=example,DC=local"; String filter = "(&(|(objectClass=organizationalUnit)(objectClass=container)))"; LDAPConnection connection = getConnection(); List results = getResults(connection, baseDN, filter);
获得特定的组织单位
String baseDN = "DC=com,DC=example,DC=local"; String dn = "CN=Users,DC=com,DC=example,DC=local"; String filterFormat = "(&(|(objectClass=organizationalUnit)(objectClass=container))(distinguishedName=%s))"; String filter = String.format(filterFormat, dn); LDAPConnection connection = getConnection(); List results = getResults(connection, baseDN, filter);
获取组织单位下的所有用户
String baseDN = "CN=Users,DC=com,DC=example,DC=local"; String filter = "(&(objectClass=user)(!(objectCategory=computer)))"; LDAPConnection connection = getConnection(); List results = getResults(connection, baseDN, filter);
获取组织单位下的特定用户
String baseDN = "CN=Users,DC=com,DC=example,DC=local"; String userDN = "CN=abc,CN=Users,DC=com,DC=example,DC=local"; String filterFormat = "(&(objectClass=user)(distinguishedName=%s))"; String filter = String.format(filterFormat, userDN); LDAPConnection connection = getConnection(); List results = getResults(connection, baseDN, filter);
显示结果
for (SearchResultEntry e : results) { System.out.println("name: " + e.getAttributeValue("name")); }
您还可以使用以下代码:
package com.agileinfotech.bsviewer.ldap; import java.util.Hashtable; import java.util.ResourceBundle; import javax.naming.Context; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; public class LDAPLoginAuthentication { public LDAPLoginAuthentication() { // TODO Auto-generated constructor } ResourceBundle resBundle = ResourceBundle.getBundle("settings"); @SuppressWarnings("unchecked") public String authenticateUser(String username, String password) { String strUrl = "success"; Hashtable env = new Hashtable(11); boolean b = false; String Securityprinciple = "cn=" + username + "," + resBundle.getString("UserSearch"); env.put(Context.INITIAL_CONTEXT_FACTORY, resBundle.getString("InitialContextFactory")); env.put(Context.PROVIDER_URL, resBundle.getString("Provider_url")); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, Securityprinciple); env.put(Context.SECURITY_CREDENTIALS, password); try { // Create initial context DirContext ctx = new InitialDirContext(env); // Close the context when we're done b = true; ctx.close(); } catch (NamingException e) { b = false; } finally { if (b) { strUrl = "success"; } else { strUrl = "failer"; } } return strUrl; } }