Spring LDAP搜索子组导致CommunicationException [根本原因:UnknownHostException]

时间:2017-01-23 10:01:38

标签: ldap spring-ldap ldap-query

我们有一个普通的java命令行软件,它使用Spring LDAP执行递归LDAP搜索,从指定的组开始并搜索指定组和子组中的所有用户。

Ldap搜索配置如下:

    LdapContextSource ctxSrc = buildLdapContextSource();
    PoolingContextSource poolingContextSource = buildPoolingContextSource(ctxSrc);
    LdapTemplate ldapTemplate = new LdapTemplate(poolingContextSource);

    private LdapContextSource buildLdapContextSource() {
        LdapContextSource ctxSrc = new LdapContextSource();
        ctxSrc.setUrl(config.getProperty(Config.LDAP_URL));
        ctxSrc.setUserDn(config.getProperty(Config.LDAP_LOGIN_USERNAME));
        ctxSrc.setPassword(config.getProperty(Config.LDAP_LOGIN_PASSWORD));
        ctxSrc.setReferral("follow");
        Map<String, Object> baseEnvironmentProperties = new HashMap<>();
        baseEnvironmentProperties.put("java.naming.ldap.attributes.binary", "objectGUID");
        ctxSrc.setBaseEnvironmentProperties(baseEnvironmentProperties);
        ctxSrc.afterPropertiesSet();
        return ctxSrc;
    }

private PoolingContextSource buildPoolingContextSource(LdapContextSource ctxSrc) {
            PoolingContextSource poolingContextSource = new MutablePoolingContextSource();
            poolingContextSource.setContextSource(ctxSrc);
            poolingContextSource.setDirContextValidator(new DefaultDirContextValidator());
            poolingContextSource.setTestOnBorrow(true);
            poolingContextSource.setTestWhileIdle(true);
            return poolingContextSource;
        }

软件执行空搜索(在拒绝连接或连接超时的情况下),然后开始递归到两个不同的组。该软件使用以下行搜索可能的子组:

AndFilter filter = new AndFilter().and(new EqualsFilter("objectclass", "group")).and(new EqualsFilter("memberof", groupName));
List<String> subgroups = ldapTemplate.search(base, filter.encode(), SearchControls.SUBTREE_SCOPE, new GroupNameMapper());

GroupNameMapper将组的可分辨名称映射到String。到目前为止,该工具已经与少数客户合作得很好,但现在我们遇到了一个新问题。

该工具进行两次不同的搜索。管理员和普通用户。客户提供了以下组DN:

CN=SyncAdminsGroup,OU=Services,DC=example,DC=org
CN=SyncNormalGroup,OU=Services,DC=example,DC=org

两组的基础和组织单位相同。第一次搜索admin组工作正常。没有进行递归搜索,因此管理员不包含任何子组。

第二个导致错误:

ERROR - Encountered error with LDAP:
org.springframework.ldap.CommunicationException: example.org    :389; nested exception is javax.naming.CommunicationException: example.org  :389 [Root exception is java.net.UnknownHostException: example.org  ]
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:604)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:594)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:482)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:498)
    at LDAP.LdapImporter.searchLdapGroup(LdapImporter.java:128)
    ...(omitted lines from the software)
Caused by: javax.naming.CommunicationException: example.org :389 [Root exception is java.net.UnknownHostException: example.org  ]
    at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
    at javax.naming.directory.InitialDirContext.search(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.ldap.pool.factory.DirContextPoolableObjectFactory$FailureAwareContextProxy.invoke(DirContextPoolableObjectFactory.java:271)
    at com.sun.proxy.$Proxy17.search(Unknown Source)
    at org.springframework.ldap.pool.DelegatingDirContext.search(DelegatingDirContext.java:347)
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
    ... 11 more
Caused by: java.net.UnknownHostException: example.org

在例外中,“未知主机”与搜索库相同,例如。 CN =示例,CN = org - &gt; org.springframework.ldap.CommunicationException:example.org:389;

导致此类错误的原因是什么?这个错误似乎表明某种DNS问题,但是由于第一次使用相同的基础搜索工作,它让我感到困惑。

搜索错误时,所有其他人似乎遇到“连接被拒绝”错误或PartialResultExceptions,这不是这里的情况。

0 个答案:

没有答案
相关问题
最新问题