使用JNDI进行LDAP身份验证 [英] LDAP authentication with JNDI

问题描述

我想测试给定的用户名和LDAP用户的密码是否正确.

I'd like to test if a given user and password of a LDAP user are correct.

我整理出jndi是要使用的库.

I sorted out that jndi is the library to use.

我发现了这个简单的类:

I found this simple class:

package myldap;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;


// boolean function to test user and pwd
public static boolean userVerify(String user, String password){
boolean userVerify = false;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://192.168.48.10");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "CN=" + user + ",conn");
env.put(Context.SECURITY_CREDENTIALS, password);

try {
DirContext authContext = new InitialDirContext(env);
userVerify = true;
authContext.close();
} catch (AuthenticationException authEx) {
//("Authentication Exception!");
userVerify = false;
} catch (NamingException namEx) {
//("Something went wrong!");
userVerify = false;
} 
return userVerify;
}

因为我试图使其正常工作，所以我一直在使用参数. 我在函数中输入的值是

since i am trying to make it work i am playing around with the parameters. The values i put in the function are

INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
PROVIDER_URL, "ldap://192.168.48.10");
SECURITY_AUTHENTICATION, "simple");
SECURITY_PRINCIPAL, "CN=" + user + ",conn");
SECURITY_CREDENTIALS, password);

通过以上操作，我得到AuthenticationException，这是我可以通过更改获得的NamingException来达到的最佳结果，因此看来我不太接近解决方案了.

with the above i get AuthenticationException, that is the best result i could achieve, by changing things I obtain NamingException, so it seems i am less close to the solution.

尤其是我不确定SECURITY_PRINCIPAL.

有没有人有经验，可以就如何正确传递这些值提供建议，指出哪些是错误的?当然，我想联系并且不引发异常.

Does anyone have experience and can give advice on how to pass those values correctly pinpointing which ones are wrong? Of course I would like to connect and not raise exceptions.

推荐答案

SECURITY_PRINCIPAL必须是您要验证的用户的完整DN.

The SECURITY_PRINCIPAL needs to be the entire DN of the user you are authenticating as.

通常，您必须使用用户的某些唯一属性(例如，他的电子邮件地址)对DIT进行事先搜索，以查找到该信息，并且通常您必须作为内置在具有权限的DIT中的其他管理用户身份进行身份验证进行搜索.然后，找到DN后，您就可以更改SECURITY_PRINCIPAL并重新连接.

Usually you have to do a prior search of the DIT to find that, using some unique attribute of the user such as his email address, and usually you have to authenticate as some other administrative user built into the DIT that has the rights to do that search. Then, when you've found the DN, you change the SECURITY_PRINCIPAL and do a reconnect.

这篇关于使用JNDI进行LDAP身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！