如何获取所有Active Directory组(不仅仅与当前用户相关)?我正在使用spring security ldap。你能提供一些例子吗?
答案 0 :(得分:1)
您可以做的是编写与LdapAuthoritiesPopulator实现匹配的DefaultLdapAuthoritiesPopulator实现,并使用额外的方法来检索所有角色。
public class ExtendedLdapAuthoritiesPopulator
implements LdapAuthoritiesPopulator {
// Copy implementation of DefaultLdapAuthoritiesPopulator (omitted).
private String allAuthorityFilter
= "(&(objectClass=group)(objectCategory=group))";
public void setAllAuthorityFilter(String allAuthorityFilter) {
Assert.notNull(allAuthorityFilter,
"allAuthorityFilter must not be null");
this.allAuthorityFilter = allAuthorityFilter;
}
public final Collection<GrantedAuthority> getAllAuthorities() {
if (groupSearchBase == null) {
return new HashSet<>();
}
Set<GrantedAuthority> authorities = new HashSet<>();
if (logger.isDebugEnabled()) {
logger.debug("Searching for all roles with filter '"
+ allAuthorityFilter + "' in search base '"
+ groupSearchBase + "'");
}
Set<String> roles = ldapTemplate.searchForSingleAttributeValues(
groupSearchBase,
allAuthorityFilter,
new String[0],
groupRoleAttribute);
if (logger.isDebugEnabled()) {
logger.debug("Roles from search: " + roles);
}
for (String role : roles) {
if (convertToUpperCase) {
role = role.toUpperCase();
}
authorities.add(new SimpleGrantedAuthority(rolePrefix + role));
}
return authorities;
}
}
在Spring安全配置中,将DefaultLdapAuthoritiesPopulator更改为新实现。
其他属性可以设置AllAuthorityFilter,以过滤哪些组将被返回。
您可能希望自己的实现仅检索基于String的角色名称,而不是GrantedAuthority个实例。
答案 1 :(得分:1)
Spring Security LDAP很棒,但是如果您只需要查询 LDAP(在这种情况下适用于所有组),那么{{3 }}(不要与Spring Security LDAP混淆)更适合您的目的。
示例:
import static org.springframework.ldap.query.LdapQueryBuilder.query;
LdapTemplate ldapTemplate; // Injected via Spring
// Using Java 8 lambda expressions
ldapTemplate.search(
query().where("objectclass").is("group"),
(AttributesMapper<String>) attributes -> attributes.get("cn").get().toString();
);
答案 2 :(得分:0)
获取所有LDAP组可能需要与获取登录用户的de组不同的身份验证。一个用户可以使用Spring LDAPTemplate。
package de.is2.sign.test.ldap;
import java.util.List;
import javax.naming.directory.SearchControls;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import de.is2.insign.aufruferdemo.ldapservices.Group;
import de.is2.insign.aufruferdemo.ldapservices.GroupAttributesMapper;
public class LDAPListGroups {
public static void main(String[] args) throws Exception {
LdapContextSource ldapContextSource = new LdapContextSource();
//LDAP URL
ldapContextSource.setUrl("ldap://localhost:10389/dc=example,dc=com");
//Authenticate as User that has access to this node in LDAP
ldapContextSource.setUserDn("uid=admin,ou=system");
ldapContextSource.setPassword("secret");
ldapContextSource.afterPropertiesSet();
LdapTemplate ldapTemplate = new LdapTemplate(ldapContextSource);
ldapTemplate.afterPropertiesSet();
GroupAttributesMapper mapper = new GroupAttributesMapper();
SearchControls controls = new SearchControls();
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "groupOfNames"));
List<Group> groups = ldapTemplate.search("ou=groups", filter.encode(), controls, mapper);
for (Group group:groups)
{
System.out.println(group.getLongID());
}
}
}
答案 3 :(得分:-1)
并且此类默认:
它可能会有所帮助