我写了一个小程序来对ldap进行身份验证。
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
class SAuth {
public static void main(String[] args) {
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://xx.xx.xx.xx:yyyy/");
// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "username");
env.put(Context.SECURITY_PRINCIPAL, "cn=orcladmin");
env.put(Context.SECURITY_CREDENTIALS, "password");
try {
DirContext ctx = new InitialDirContext(env);
System.out.println(" i guess the connection is sucessfull :)");
// Do something useful with ctx
// Close the context when we're done
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
} }
我收到以下错误:
javax.naming.AuthenticationNotSupportedException: orcladmin
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:100)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288
)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
at Simple.main(Simple.java:28)
但是,如果我尝试使用ldap cmd行和相同的用户凭据访问ldap目录,它可以顺利运行。 例如:
ldapsearch -p <port> -h <ip> -D "cn=orcladmin" -w "password" objectClass=*
返回有关数据。 我想java程序有问题,但dunno wat。
答案 0 :(得分:3)
尝试更改
env.put(Context.SECURITY_AUTHENTICATION, "username");
到
env.put(Context.SECURITY_AUTHENTICATION, "simple");