Am使用Spring Security在Spring MVC&JPA中开发应用程序。现在通过LDAP集成OUD(Oracle统一目录)。在进行用户身份验证时,来自OUD日志文件中LDAP的响应是
CONNECT conn = 909681从*******到*******:1636 protocol = LDAPS
绑定REQ conn = 909681 op = 0 msgID = 1 type = SIMPLE dn =“” version = 3
BindRES conn = 909681 op = 0 msgID = 1 result = 1 message =“目录 服务器找不到绑定dn“”的网络组,因为 客户端连接与任何连接条件都不匹配 网络组。”
DISCONNECT conn = 909681原因=“客户端断开连接”
security.xml文件中的应用程序和LDAP之间的映射
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.0.182:1636/o=company"/>
<property name="userDn" value="cn=userid,ou=groups,o=company"/>
<property name="password" value="password"/>
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" >
<constructor-arg>
<bean class="in.web.service.impl.CustomLdapBindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userDnPatterns">
<list>
<value>cn={0},ou=groups</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="in.web.service.impl.CustomLdapUserAuthoritiesPopulator">
</bean>
</constructor-arg>
</bean>
CustomLdapBindAuthenticator中的代码
public LdapUserDetails search(String cn) throws Exception {
Hashtable env = new Hashtable();
String sp = "com.sun.jndi.ldap.LdapCtxFactory";
env.put(Context.INITIAL_CONTEXT_FACTORY, sp);
String [] urls = contextSource.getUrls();
for(String url: urls){
System.out.println("ldapurls="+url);
}
env.put(Context.PROVIDER_URL, urls[0]);
DirContext dctx = new InitialDirContext(env);
String base = "ou=groups,o=company";
System.out.println("BASE DN="+base);
SearchControls sc = new SearchControls();
String[] attributeFilter = {"cn", "fullName", "mail", "l", "mobile"};
sc.setReturningAttributes(attributeFilter);
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(cn="+cn+")(objectClass=*))";
NamingEnumeration results = dctx.search(base, filter, sc);
LdapUserDetails user = new LdapUserDetails();
while (results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
Attributes attrs = sr.getAttributes();
user.setCn(getAttribute(attrs, "cn"));
user.setFullName(getAttribute(attrs, "fullName"));
user.setMail(getAttribute(attrs, "mail"));
user.setMobile(getAttribute(attrs, "mobile"));
user.setLocation(getAttribute(attrs, "l"));
}
dctx.close();
return user;
}
Pl。帮我解决问题
答案 0 :(得分:1)
似乎没有network group允许您的源IP访问目录。因为没有匹配的网络组,所以您在错误字符串中看到了一个空DN。有两种管理网络组的方法:
ODSM Web Mgmt GUI:“配置”标签,常规配置=>网络组
LDAP到配置目录(默认端口4444):cn = network groups,cn = config
此外,这可能是您删除私人信息时引入的一个问题,该ID不会是cn = userid,o = company,ou = groups,而是cn = userid,ou = groups,o = company(和那么通常只有当用户位于名为 groups 的OU中时,我通常才能看到名为groups的OU中的 group 对象和名为 users <的OU中的用户对象。 / em>或雇员或人。)
ETA:简单是Spring LDAP中使用的默认身份验证机制。您需要设置DirContextAuthenticationStrategy才能使用其他机制。