自从我开始使用带有Tomcat服务器的Active Directory LDAP以来,这已经过去了一天。
我还没有看到使用Active Directory LDAP和Tomcat的简单明了的例子(比如登录模块),而且我从管理员那里得到了我访问的LDAP服务器的以下详细信息。
以下代码看起来很简单,但我坚持以下异常。
我传递了从请求对象中挑选的用户名和密码。
这是我使用的主要代码,我从here
得到了这个例子<%
String user = request.getParameter("user");
String password = request.getParameter("password");
String filter = "(|(uid=" + user + ")" + "(mail=" + user + "@*))";
String cliEquiv = "<tt>ldapsearch -h " + server + " -p " +
port + " -b " + basedn + " \"" + filter + "\"</tt></p>";
%>
<p>Equivalent command line:<br /><%= cliEquiv%><hr />
<%
// Connect to the LDAP server.
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + server + ":" + port + "/");
// Search and retrieve DN.
try {
LdapContext ldap = new InitialLdapContext(env, null);
NamingEnumeration results = ldap.search(basedn, filter, null);
String binddn = "None";
while (results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
binddn = sr.getName() + "," + basedn;
}
%>
<p>Bind DN found: <%= binddn%><hr /></p>
<%
ldap.close();
// Authenticate
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, binddn);
env.put(Context.SECURITY_CREDENTIALS, password);
ldap = new InitialLdapContext(env, null);
%>
<p>Successful authentication for <%= user%>.</p>
这是我的LDAP服务器详细信息
我得到以下异常,我真的不明白,我已经尝试了很多建议,但没有任何成果。任何人都可以帮我解决这个问题,这将有助于我继续构建基于此的应用程序。还请提供有关使用Tomcat中的Active Directory LDAP进行身份验证的建议。
2013年9月17日下午1:40:32 org.apache.catalina.realm.JNDIRealm authenticate 严重:执行身份验证的异常 javax.naming.NamingException: [LDAP:错误代码1 - 000004DC:LdapErr:DSID-0C09062B,注释:为了执行此操作,必须在连接上完成成功绑定。 , 数据0,va28
答案 0 :(得分:0)
注意:在AD
中不支持此属性时使用UID的过滤器第二次检查下面的代码,以便能够以正确的方式连接
package lib;
/**
* @author sghaida
*
*/
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.security.cert.CertificateException;
import ccc.gr.moa.server.FTPMIServiceImpl;
import com.extjs.gxt.ui.client.data.BaseModel;
public class ADConnector {
/**
* @param args
*/
@SuppressWarnings("unchecked")
static Hashtable<String, String> envGC = new Hashtable();
static String adminName;
static String adminPassword;
static String urlGC;
static String searchBase;
static LdapContext ctxGC;
public ADConnector() throws NamingException
{
//get AD properties
urlGC = "ldap://" + FTPMIServiceImpl.ADProperties.get("ADHostname")+ ":3268";
adminName = FTPMIServiceImpl.ADProperties.get("bindDN");
adminPassword = FTPMIServiceImpl.ADProperties.get("bindPassword");
searchBase = FTPMIServiceImpl.ADProperties.get("searchBase");
envGC.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//envDC.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
envGC.put(Context.SECURITY_AUTHENTICATION,"simple");
envGC.put("java.naming.ldap.attributes.binary","userCertificate");
envGC.put(Context.SECURITY_PRINCIPAL,adminName);
envGC.put(Context.SECURITY_CREDENTIALS,adminPassword);
//envDC.put(Context.SECURITY_AUTHENTICATION,"simple");
//envDC.put(Context.SECURITY_PRINCIPAL,adminName);
//envDC.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to both a GC and DC
envGC.put(Context.PROVIDER_URL,urlGC);
//envDC.put(Context.PROVIDER_URL,urlDC);
//Create the initial directory context for both DC and GC
ctxGC = new InitialLdapContext(envGC,null);
//ctxDC = new InitialLdapContext(envDC,null);
}
/**
* @param name
* @return
* @throws NamingException
*/
/**
* @param name
* @return
* @throws NamingException
*/
public List<BaseModel> searchResults(String searchFilter ) throws NamingException
{
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
//String returnedAtts[]={"sn","givenName","mail","userCertificate"};
String returnedAtts[]={"cn","sn","givenName","sAMAccountName","mail","distinguishedName"};
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Specify the Base for the search
//String searchBase = "dc=ccg,dc=local";
//initialize counter to total the results
int totalResults = 0;
//Search for objects in the GC using the filter
NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
List<BaseModel> results = new ArrayList<BaseModel>();
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
totalResults++;
// Print out some of the attributes, catch the exception if the attributes have no values
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" cn(GC): " + attrs.get("cn").get());
System.out.println(" sn(GC): " + attrs.get("sn").get());
System.out.println(" givenName(GC): " + attrs.get("givenName").get());
System.out.println(" mail(GC): " + attrs.get("mail").get());
System.out.println(" sAMAccountName(GC): " + attrs.get("sAMAccountName").get());
System.out.println(" distinguishedName(GC): " + attrs.get("distinguishedName").get());
BaseModel bm = new BaseModel();
bm.set("full_name", attrs.get("cn").get());
bm.set("last_name", attrs.get("sn").get());
bm.set("first_name", attrs.get("givenName").get());
bm.set("email",attrs.get("mail").get());
bm.set("account_name", attrs.get("sAMAccountName").get());
results.add(bm);
}
catch (NullPointerException e) {
System.err.println("Problem listing attributes from Global Catalog: " + e);
e.printStackTrace();
}
}
}
ctxGC.close();
return results;
}
public static void main(String[] args) throws CertificateException, NamingException {
ADConnector connector = new ADConnector();
//specify the LDAP search filter
String searchFilter = "(sAMAccountName=sghaida)";
List<BaseModel> results = connector.searchResults(searchFilter);
}
}