如何在主域中获取属于组成员的子域用户

时间:2015-04-21 09:08:10

标签: java recursion active-directory jndi active-directory-group

我的目标是递归获取域和子域中的所有组成员仅使用与主dc的连接。 我的Active Directory林包含domain.comsub.domain.com。 我的MainGroup'位于domain.com,其中包含domain.comsub.domain.com.

中的成员/群组

我使用'member'MainGroup建立ldapContext字段字符串dc.domain.com。这是它:

cn=userA,ou=Users,dc=domain,dc=com
cn=userB,ou=Users,dc=sub,dc=domain,dc=com
cn=groupB,ou=Users,dc=sub,dc=domain,dc=com

我是否可以使用当前ObjectClass获取子域的用户/组数据(我需要ldapConext进行递归迭代)?

private LdapContext createLdapContext() {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, ldapHost);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "user@" + domain);
    env.put(Context.SECURITY_CREDENTIALS, "******");
    try {
        ldapContext = new InitialLdapContext(env, null);
    } catch (NamingException e) {
        e.printStackTrace();
    }
    return ldapContext;
}

public List getGroupMembers(String groupName) {
    List resultList = new ArrayList<String>();
    int Start = 0;
    int Finish = 1499;
    int Step = 1500;
    boolean Finished = false;
    String Range;

    try {
        while (!Finished) {
            Range = Start + "-" + Finish;
            String[] returningAttrs = {"member;range=" + Range};
            String searchFilter = "(&(objectClass=group)(sAMAccountName=" + groupName + "))";
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(returningAttrs);
            searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchControls);

            while (answer.hasMoreElements()) {
                SearchResult sr = (SearchResult) answer.next();

                Attributes attrs = sr.getAttributes();
                if (attrs != null) {
                    for (NamingEnumeration ae = attrs.getAll(); ae.hasMoreElements(); ) {
                        Attribute attr = (Attribute) ae.next();
                        if (attr.getID().endsWith("*")) {
                            Finished = true;
                        }
                        for (NamingEnumeration e = attr.getAll(); e.hasMoreElements(); ) {
                            resultList.add(e.next().toString());
                        }
                    }
                }
            }
            Start = Start + Step;
            Finish = Finish + Step;
        }
        ldapContext.close();
    } catch (NamingException e) {
        e.printStackTrace();
    } finally {
        return resultList;
    }
}

编辑。找到了另一种解决方案:

  1. 无论如何,我们应该查询每个域名。
  2. 我们可以进行递归的一次拍摄查询&#39;使用过滤器(memberof:1.2.840.113556.1.4.1941:=cn=Group1,OU=groupsOU,DC=x)

    3. Related c# question

    msdn Search Filter Syntax

0 个答案:

没有答案
相关问题
最新问题