LDAP:空的binddn“”和身份验证类型从没有变得简单

时间:2019-06-12 07:43:54

标签: oracle spring-security oracle11g ldap spring-security-ldap

Am使用Spring Security在Spring MVC&JPA中开发应用程序。现在通过LDAP集成OUD(Oracle统一目录)。在进行用户身份验证时,来自OUD日志文件中LDAP的响应是

CONNECT conn = 909681从*******到*******:1636 protocol = LDAPS

绑定REQ conn = 909681 op = 0 msgID = 1 type = SIMPLE dn =“” version = 3

BindRES conn = 909681 op = 0 msgID = 1 result = 1 message =“目录服务器找不到绑定dn”“的网络组,因为客户端连接与连接不匹配网络组的标准。”

断开连接 conn = 909681原因=“客户端断开连接”

security.xml文件中的应用程序和LDAP之间的映射

<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldaps://192.168.0.182:1636/o=company"/>
    <property name="userDn" value="cn=userid,o=company,ou=groups"/>
    <property name="password" value="password"/>
</bean>

<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" >
     <constructor-arg>
          <bean class="in.web.service.impl.CustomLdapBindAuthenticator">
               <constructor-arg ref="contextSource"/>
               <property name="userDnPatterns">
                   <list>
                       <value>cn={0},ou=groups</value>
                   </list>
               </property>
           </bean>
     </constructor-arg>
     <constructor-arg>
           <bean class="in.web.service.impl.CustomLdapUserAuthoritiesPopulator">
           </bean>
     </constructor-arg>     
 </bean>

CustomLdapBindAuthenticator中的代码

public LdapUserDetails search(String cn) throws Exception {
        Hashtable env = new Hashtable();
        String sp = "com.sun.jndi.ldap.LdapCtxFactory";
        env.put(Context.INITIAL_CONTEXT_FACTORY, sp);

        String [] urls = contextSource.getUrls();
        for(String url: urls){
            System.out.println("ldapurls="+url);
        }
        env.put(Context.PROVIDER_URL, urls[0]);

        DirContext dctx = new InitialDirContext(env);

        String base = "ou=groups,o=company";
        System.out.println("BASE DN="+base);

        SearchControls sc = new SearchControls();
        String[] attributeFilter = {"cn", "fullName", "mail", "l", "mobile"};
        sc.setReturningAttributes(attributeFilter);
        sc.setSearchScope(SearchControls.SUBTREE_SCOPE);

        String filter = "(&(cn="+cn+")(objectClass=*))";

        NamingEnumeration results = dctx.search(base, filter, sc);
        LdapUserDetails user = new LdapUserDetails();
        while (results.hasMore()) {
            SearchResult sr = (SearchResult) results.next();
            Attributes attrs = sr.getAttributes();

            user.setCn(getAttribute(attrs, "cn"));
            user.setFullName(getAttribute(attrs, "fullName"));
            user.setMail(getAttribute(attrs, "mail"));
            user.setMobile(getAttribute(attrs, "mobile"));
            user.setLocation(getAttribute(attrs, "l")); 
        }
        dctx.close();
        return user;
        }

Pl。帮我解决问题

  1. 我没有提到身份验证那么简单。我从哪里在日志文件中得到 type = simple
  2. 为什么我得到dn =“”

预先感谢

1 个答案:

答案 0 :(得分:1)

默认身份验证为“简单绑定”,表示DN和密码。 您没有在环境env中设置任何凭据,因此JNDI会默认尝试进行绑定匿名操作,即空DN和密码。

相关问题
最新问题