Question

我在验证用户时遇到异常：

如果我在applicationContext中使用这样的值：

<property name="url" value="ldap://10.10.10.10:389/DC=lab2,DC=ins" />
<property name="base" value="DC=lab2,DC=ins" />
<property name="userDn" value="CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=lab2,DC=ins" />

例外情况将是：

Exception in thread "main" org.springframework.ldap.InvalidNameException: /: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of:
    'DC=lab2,DC=ins/dc=lab2,dc=ins'

否则如果应用程序上下文如下：

<property name="url" value="ldap://10.10.10.10:389" />
<property name="base" value="DC=lab2,DC=ins" />
<property name="userDn" value="CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=lab2,DC=ins" />

例外情况将是：

Exception in thread "main" org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: lab2.ins:389 [Root exception is java.net.UnknownHostException: lab2.ins]]
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:205)

验证方法：

public boolean authenticate(String userName, String password) {
    AndFilter filter = new AndFilter();
    filter.and(new EqualsFilter("objectclass", "person")).and(
                new EqualsFilter("sAMAccountName", userName));
    return ldapTemplate.authenticate(DistinguishedName.EMPTY_PATH, filter
                .toString(), password);
}

的applicationContext.xml

<bean id="contextSource"
        class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://10.10.10.10:389" />
    <property name="base" value="DC=lab2,DC=ins" />
    <property name="userDn" value="CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=lab2,DC=ins" />
    <property name="password" value="secret" />
    <property name="baseEnvironmentProperties">
        <map>
            <entry key="java.naming.referral">
                <value>follow</value>
            </entry>
        </map>
    </property>
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>
<bean id="ldapContact"
        class="ldap.ContactLDAP ">
    <property name="ldapTemplate" ref="ldapTemplate" />
</bean>

识别TestClass：

Resource r = new ClassPathResource("applicationContext.xml");
BeanFactory factory = new XmlBeanFactory(r);
ContactLDAP contact = (ContactLDAP) factory.getBean("ldapContact"); 

System.out.println(contact.authenticate("username", "secret"));

我在这里缺少什么？

Answer 1

您不需要

<property name="base" value="DC=lab2,DC=ins" />

与UserDn一样，您已经填写了完整的DN。

    <bean id="contextSource"
            class="org.springframework.ldap.core.support.LdapContextSource">
            <property name="url" value="ldap://10.10.10.10:389" />
            <property name="userDn" value="CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=lab2,DC=ins" />
            <property name="password" value="secret" />

...

这应该有效。（但我会避免DN中的空格）

Answer 2

专有名称中有斜杠/字符。虽然这是DN中的合法字符，但也许应该是逗号,。另请参阅Distinguished Names

Spring LDAP：InvalidNameException：/：[LDAP：错误代码34

2 个答案: