ldap连接问题

时间:2011-04-26 11:02:15

标签: java jboss ldap

我在jboss-conf.xml中有以下配置,我在代码中使用它来在LDAP中创建新用户。

 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
        <module-option name="debug">true</module-option> 
        <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="pwdChangeAttr">pwdattribute</module-option>
        <!-- number that represents (busnessUser|nonBusinessUser) and (inactive|active|discarded) - uses bitwise-->
        <module-option name="userType">employeeType</module-option>
            <module-option name="java.naming.provider.url">ldap://devhost-ldap.ghost.com:10389</module-option>
            <module-option name="bindDN">uid=root,ou=users,dc=Product,DC=Ghost,DC=COM</module-option>
            <!--module-option name="jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=jmx-console</module-option-->   
            <!--module-option name="bindCredential">1hzUmi4rjRZcWdVFqoh7FD</module-option-->
            <module-option name="bindCredential">GhostCredential</module-option>
            <module-option name="rolesDn">ou=groups</module-option>
            <module-option name="usersDn">ou=users</module-option>
            <module-option name="objectClass">groupOfNames</module-option>
    <module-option name="baseCtxDN">dc=product,dc=ghost,dc=com</module-option>
    <module-option name="baseFilter">(uid={0})</module-option>
    <module-option name="rolesCtxDN">dc=Product,dc=ghost,dc=com</module-option>
    <module-option name="roleFilter">(member={1})</module-option>
    <module-option name="roleAttributeID">cn</module-option>
    <module-option name="roleRecursion">-1</module-option>
    <module-option name="searchScope">SUBTREE_SCOPE</module-option>
    <module-option name="defaultRole">Authenticated</module-option>
    <module-option name="allowEmptyPasswords">false</module-option> 
     </login-module>

我创建了如下的子上下文:

createUserAttr.append(userAttrName).append(ASSIGNMENT_OPERATER)
                .append(userUid).append(COMMA_SEPARATER)
                .append(commonNameAttribute).append(ASSIGNMENT_OPERATER)
                .append(userDistinguishedName);
        logger.info("createUserAttr: " + createUserAttr.toString());
        getLdapConnection().createSubcontext(createUserAttr.toString(),
                atrs);

记录器打印出来的地方:createUserAttr: uid=test,ou=users

你能告诉我为什么我仍然收到这个例外吗?

   An exception has occured when trying to create an LDAP user javax.naming.NameNotFoundException:
 [LDAP: error code 32 - The provided entry uid=test,ou=users cannot be added because its suffix is not defined as one of the suffixes within the Directory Server]; remaining name 'uid=root,ou=users'

1 个答案:

答案 0 :(得分:0)

这里有一个循环。您似乎尝试使用uid = root,ou = users,dc = Product,DC = Ghost,DC = COM作为登录DN来更改目录,并且您还要编写代码来创建此用户。这怎么样?

如果以某种方式工作,则错误只意味着getLdapConnection()返回的上下文不能包含RDN uid = root,ou = users。我认为你必须在这里提供单部分RDN,所以你应该导航到'用户'上下文并创建uid = root作为它的子上下文。