我正在构建一个应用程序,我需要使用UnboundID连接到Active Directory。使用example,我设法将用户与distinguishedName和password相关联。
但是,我想仅使用domain和username对其进行身份验证,类似于在Windows中完成的操作。使用名为JXplorer的工具浏览AD,似乎sAMAccountName可能是我需要的属性。但是,使用sAMAccountName替换distinguishedName会导致AcceptSecurityContext错误。使用示例中显示的"uid=..."语法也产生了相同的错误。
是否可以仅使用域username / sAMAccountName和password进行登录。或者我是否需要搜索AD并查找我要进行身份验证的用户的distinguishedName,然后使用他们的distinguishedName和password绑定连接?
答案 0 :(得分:7)
正如@ioplex在评论中所说,AD使用sAMAccountName中的用户名接受绑定,并附加域名。只需使用它而不是绑定上的DN:
String userId = username + "@" + domain;
SimpleBindRequest adminBindRequest = new SimpleBindRequest(userId, passsword);
最终的userId将类似于'eharris@contoso.local'
答案 1 :(得分:5)
您需要使用具有适当权限的帐户执行搜索samAccountName以找到用户,然后使用专有名称绑定为找到的用户。
您需要确保只从搜索中返回一个条目。
仅用于演示的样本!
参数类似于:
“adldap.example.com”“CN = bob,OU = Users,DC = example,DC = com”“connPwd”“OU = Users,DC = example,DC = com”“samAccountName”“findUserValue”“ userPassword“
/**
* @author jwilleke <br/>
* Use For Demonstration Purposes ONLY!
* @param args
*/
public static void main(String[] args)
{
String connHost = args[0];
String connID = args[1];
String connPwd = args[2];
String searchBase = args[3];
String findUserByAttribute = args[4];
String findUserValue = args[5];
String userPassword = args[6];
int connPort = 389;
// TODO Auto-generated method stub
String actualLDAPServer = null;
RootDSE rootDSE = null;
// If I were doing this for real, I would use a POOL for Connections
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); // Use For Demonstration Purposes ONLY!
SSLSocketFactory sslSocketFactory = null;
try
{
sslSocketFactory = sslUtil.createSSLSocketFactory();
}
catch (GeneralSecurityException e1)
{
// TODO Auto-generated catch block
e1.printStackTrace();
}
SimpleBindRequest adminBindRequest = new SimpleBindRequest(connID, connPwd);
LDAPConnection adminConnection = new LDAPConnection(sslSocketFactory);
try
{
adminConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP adminConnection to:" + connHost + ":" + connPort);
adminConnection.bind(adminBindRequest);
log.debug("Successful Bind as:" + connID);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
LDAPConnection userConnection = new LDAPConnection(sslSocketFactory);
try
{
userConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP userConnection to:" + connHost + ":" + connPort);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
// Construct Filter to find user
Filter findUserfilter = null;
findUserfilter = Filter.createEqualityFilter(findUserByAttribute, findUserValue);
// Create Search Request
SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, findUserfilter);
searchRequest.setSizeLimit(1); // We will error if we get more than one hit
SearchResult searchResult = null;
try
{
searchResult = adminConnection.search(searchRequest);
}
catch (LDAPSearchException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
String userDN = null;
if (searchResult.getEntryCount() > 1)
{
log.error("We got more than one Entry for:" + searchRequest.getFilter());
}
if (searchResult.getEntryCount() == 0)
{
log.error("We got No Entries for:" + searchRequest.getFilter());
}
for (SearchResultEntry entry : searchResult.getSearchEntries())
{
userDN = entry.getDN();
log.debug("Found an Entry: " + userDN);
}
SimpleBindRequest userBindRequest = new SimpleBindRequest(userDN, userPassword);
if (userBindRequest.getBindDN() == null)
{
log.warn("We got a null for the userBindRequest UserDN and therefore the bind is anonymous !");
}
if (userBindRequest.getPassword() == null)
{
log.warn("We got a null for the userBindRequest Password and therefore the bind is anonymous !");
}
try
{
userConnection.bind(userDN, userPassword);
log.debug("Successful userConnection Bind as:" + userDN);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
-Jim