在servlet JAVA中进行LDAP绑定/搜索

时间:2012-09-11 14:55:11

标签: java ldap

我已经构建了一个侦听端口的Java服务器(6666)。现在,我需要使用LDAP浏览器连接到此服务器(我使用Softerra)。连接已完成,但我必须知道何时存在LDAP绑定/搜索,并且我不知道如何执行此操作。

这是我的服务器的代码(随时告诉我它是不是很清楚/好,我对Java Prog很新。):

package net.nantes.littleldap;
import java.net.*;
import java.io.*;

public class Serverside {

    public static void main(String[] args) {
        ServerSocket socketserver  ;
        Socket socket ;
        BufferedReader in;
        PrintWriter out;

        try {
            Authenticate auth = new Authenticate();
            socketserver = new ServerSocket(6666);
            System.out.println("Le serveur est à l'écoute du port "+socketserver.getLocalPort());
            auth.connect();
            socket = socketserver.accept(); 
            String inputLine = new String();
            in = new BufferedReader(
                        new InputStreamReader(
                        socket.getInputStream()));
                System.out.println("Connecté au serveur");
                while ((inputLine = in.readLine()) != null){
                    System.out.println(inputLine);
                out = new PrintWriter(socket.getOutputStream());
                out.println("Connection réussie");
                out.flush();
                }
                socket.close();
                socketserver.close();

        }catch (IOException e) {
            e.printStackTrace();
        }
    }
}

对不起,邮件是法语,但并不重要。我想也许我可以用InputLine做一些事情(当我打印它时,它返回一些相对于LDAP的String,但我很难解析)。

那么,任何想法?非常感谢!

3 个答案:

答案 0 :(得分:1)

我强烈建议您使用JNDI或其中一个可用的LDAP SDK。 我们喜欢:https://www.unboundid.com/products/ldap-sdk/ -Jim

答案 1 :(得分:0)

查看UnboundID LDAP SDK和一些sample code

编辑:

我不建议使用JNDI:

  • JNDI使用不推荐的配置
  • JNDI有软件缺陷
  • JNDI不完全支持LDAP标准

另见

答案 2 :(得分:0)

除了监听端口外,您的服务器还必须“理解”LDAP协议。 我使用OpenDS LDAP SDK(http://www.middleware.vt.edu/pubs/opends-sdk-0.9.0/)。

代码就像这样

public class MyLdapServer 
implements ServerConnectionFactory<LDAPClientContext, Integer> {

private LDAPListener listener;

public void init() {
    try {
        listener = new LDAPListener(1389, this);
    } catch (IOException e) {
        logger.error("error opening LDAP listener", e);
    }
}

public void destroy() {
   listener.close();
}

@Override
public ServerConnection<Integer> handleAccept(LDAPClientContext context)
        throws ErrorResultException {
    if (logger.isDebugEnabled())
        logger.debug("ldap connection from: " + context.getPeerAddress());

    IncomingLdapConnection ilc = new IncomingLdapConnection(context);
    return ilc;
}

private static Logger logger = LoggerFactory.getLogger(MyLdapServer.class);

}

IncomingLdapConnection允许您处理LDAP操作:

public class IncomingLdapConnection 
implements ServerConnection<Integer> {

    public void handleBind(Integer ctx, int version, BindRequest request,
        ResultHandler<? super BindResult> resultHandler,
        IntermediateResponseHandler intermediateResponseHandler)
throws UnsupportedOperationException {
    if (request.getAuthenticationType() != -128) {
        logger.warn("LDAP BIND: unsupported authentication type: " + request.getAuthenticationType());
        resultHandler.handleResult(Responses.newBindResult(ResultCode.AUTH_METHOD_NOT_SUPPORTED));
        return;
    }

    String bindName = request.getName();
    if (bindName.length() > 0) {
        if (request instanceof GenericBindRequest) {
            GenericBindRequest bindRequest = (GenericBindRequest)request;

            String userName = parseUidDn(bindName);
            if (userName == null) {
                // manche LDAP-Clients senden keine DN, sondern direkt den Namen
                userName = bindName;
            }

            String password = bindRequest.getAuthenticationValue().toString();

            logger.debug("LDAP BIND: non-anonymous bind, user = " + userName);
            anonymous = false;
        } else {
            logger.warn("LDAP BIND: non-anonymous bind, but unsupported request");
            resultHandler.handleResult(Responses.newBindResult(ResultCode.AUTH_METHOD_NOT_SUPPORTED));
            return;
        }
    } else {
        logger.debug("LDAP BIND: anonymous bind");
        anonymous = true;
    }

    boolean success = anonymous;
    if (!anonymous) {
        // authenticate user, set "success"
    }

    if (success)
        resultHandler.handleResult(Responses.newBindResult(ResultCode.SUCCESS));
    else
        resultHandler.handleResult(Responses.newBindResult(ResultCode.INVALID_CREDENTIALS));

    authenticated = success;
}

修改: 用于回答LDAP搜索请求的OpenDS代码

public void handleSearch(Integer ctx, SearchRequest request,
        SearchResultHandler responseHandler, IntermediateResponseHandler intermediateResponseHandler)
    throws UnsupportedOperationException {
    if (request.getScope() == SearchScope.BASE_OBJECT && request.getName().isRootDN()) {
        logger.debug("LDAP Search: BASE_OBJECT");
        responseHandler.handleEntry(Responses.newSearchResultEntry(rootEntry));
    } else {
        // do the search
        // parameters: request.getName(), request.getScope(), request.getFilter()
    }

    responseHandler.handleResult(Responses.newResult(ResultCode.SUCCESS));
}