我正在尝试使用创建的服务帐户从LDAP验证用户身份。我在 ctx = new InitialDirContext(env);
上面得到以下错误[LDAP:错误代码49 - 8009030C:LdapErr:DSID-0C0903A8,评论:AcceptSecurityContext错误,数据2030,v1db1
有人可以帮助我了解我哪里出错吗?
这是我的java文件
/**
*
*/
package com.dei;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class LdapConnector {
private static final String LDAP_SERVER_PORT = "389";
private static final String LDAP_SERVER = "server";
private static final String LDAP_BASE_DN = "OU=role,OU=roles,OU=de,OU=apps,DC=meta,DC=company,DC=com";
private static final String LDAP_BIND_DN = "cn=service_account";//service account userid provided by LDAP team
private static final String LDAP_BIND_PASSWORD = "password";///service account pwd provided by LDAP team
public Boolean validateLogin(String userName, String userPassword) {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);
// To get rid of the PartialResultException when using Active Directory
env.put(Context.REFERRAL, "follow");
// Needed for the Bind (User Authorized to Query the LDAP server)
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);
env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException e) {
throw new RuntimeException(e);
}
NamingEnumeration<SearchResult> results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree
controls.setCountLimit(1); //Sets the maximum number of entries to be returned as a result of the search
controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds
String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";
results = ctx.search("", searchString, controls);
if (results.hasMore()) {
SearchResult result = (SearchResult) results.next();
Attributes attrs = result.getAttributes();
Attribute dnAttr = attrs.get("distinguishedName");
String dn = (String) dnAttr.get();
// User Exists, Validate the Password
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, userPassword);
new InitialDirContext(env); // Exception will be thrown on Invalid case
System.out.println("Login successful");
return true;
}
else
return false;
} catch (AuthenticationException e) { // Invalid Login
System.out.println("Login failed" +e.getMessage());
return false;
} catch (NameNotFoundException e) { // The base context was not found.
System.out.println("Login failed" +e.getMessage());
return false;
} catch (SizeLimitExceededException e) {
throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);
} catch (NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try { results.close(); } catch (Exception e) { /* Do Nothing */ }
}
if (ctx != null) {
try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }
}
}
}
}
答案 0 :(得分:4)
错误49代表无效凭证,但诊断字符串“AcceptSecurityContext error,data 2030”表示“无此对象”,即在目录中找不到LDAP_BIND_DN“cn = service_account”。 我的猜测是“cn = service_account”不是帐户的完整DN。
答案 1 :(得分:2)
绑定操作失败,通常是由于帐户出现问题。
确保用于连接LDAP服务器的绑定帐户的凭据正确。错误代码数据2030表示用户的DN无效。