如何使用UnboundID LDAP SDK在LDAP中使用用户ID获取DN [英] how to get DN in LDAP with user ID using UnboundID LDAP SDK
问题描述
当我拥有的唯一参数是用户ID
I'm trying to get a DN ( could be more than one ) of a user when the only parameter i have is the user-id
我也试图获得用户的DN(可能不止一个)你可以看到使用UnboundID LDap SDK:
also i'm using UnboundID LDap SDK as you can see:
public String getCustomerAdminDN(String uid)
{
String result =null;
String filter = "uid=" +uid;
try {
SearchResult searchResult = this.ldapConnection.search("",SearchScope.SUB,filter);
result = searchResult.getMatchedDN();
} catch (LDAPSearchException e) {
throw new RuntimeException("Error in the searching query :" + e.getMessage());
}
return result;
}
我们假设我的uid属于以下DN
let's assume my uid belongs to the following DN
谢谢你的头
推荐答案
这种情况下的问题是匹配的DN元素不是你想的那样。它不是符合搜索条件的条目的DN(实际上可能是零,一个或多个条目)。如果操作的目标不存在,则可以提供响应的匹配的DN元素。对于搜索操作,如果您指定了不存在的搜索库DN,则匹配的DN可能会指定与您指定的服务器中实际存在的最近条目的DN。例如,如果您指定的搜索基准DN为ou =不存在,dc = example,dc = com,但该项不存在,但条目dc = example,dc = com条目确实存在,那么服务器可以返回匹配的DN值dc = example,dc = com。
The issue in this case is that the "matched DN" element isn't what you think it is. It isn't the DN of an entry that matched the search criteria (which could in fact be zero, one or multiple entries). The matched DN element of a response may be supplied if the target of the operation doesn't exist. For a search operation, if you had specified a search base DN that doesn't exist, then the matched DN might specify the DN of the closest entry to what you specified that actually does exist in the server. For example, if you had specified a search base DN of "ou=nonexistent,dc=example,dc=com", which doesn't exist but the entry "dc=example,dc=com" entry does exist, then the server may return a matched DN value of "dc=example,dc=com".
如果您的搜索与一个或多个条目匹配,则(除非您使用了搜索结果侦听器) ,在上面提供的示例中并非如此),匹配条目可通过getSearchEntries方法访问。例如:
If your search matches one or more entries, then (unless you used a search result listener, which wasn't the case in the example you provided above), the matching entries will be accessible through the getSearchEntries method. For example:
List<SearchResultEntry> searchEntries = searchResult.getSearchEntries();
if (searchEntries.size() != 1)
{
// The search didn't match exactly one entry.
}
else
{
SearchResultEntry entry = searchEntries.get(0);
result = entry.getDN();
}
此外,从部分字符串表示构造过滤器时应小心该值可能来自用户输入,因为这可能允许某种注入攻击。 LDAP注入比SQL更困难,通常更加良性,但它并不完全不存在。因此,建议代替:
Also, you should be careful when constructing filters from their string representations when part of the value may come from user input, as that may allow for some kind of injection attack. LDAP injection is more difficult and usually more benign than SQL is, but it is not entirely nonexistent. It is therefore recommended that instead of:
String filter = "uid=" + uid;
您使用:
Filter filter = Filter.createEqualityFilter("uid", uid);
这篇关于如何使用UnboundID LDAP SDK在LDAP中使用用户ID获取DN的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
