我正在开发使用LDAP进行身份验证的应用程序。我使用spring LDAP模板进行身份验证,但得到了以下响应
{
"message": "[LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:\n\t''\n\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:\n\t''\n\u0000]; remaining name '/'"
}
下面是spring的配置
<beans:bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<beans:property name="base" value="" />
<beans:property name="url" value="<LDAP-URL>" />
<beans:property name="userDn" value="<USER-DN>" />
<beans:property name="password" value="<PASSWORD>" />
</beans:bean>
<beans:bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<beans:constructor-arg ref="contextSource" />
</beans:bean>
Java代码:
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("sAMAccountName", username));
boolean result = ldapTemplate.authenticate(LdapUtils.emptyLdapName(), filter.toString(), password);
我是LDAP新手,任何帮助或示例都非常棒。
答案 0 :(得分:2)
当您已设置基数时,无需在进一步操作中指定完整的dn。您确定服务器的规格正确吗?错误32通常会搞砸前缀或目录配置!
答案 1 :(得分:0)
根据先前的正确答案,searchBase必须为空。我正确的过滤器是:
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", "(&(CN={0})(memberOf=cn=Group-BioBank,OU=HyperV,OU=Services,DC=bob,DC=uk))", contextSource);
此过滤器的作用就像一个吊饰。 (Spring4.x)
过滤器说明: https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html