LDAP:如何使用连接详细信息对用户进行身份验证 [英] LDAP: How to authenticate user with connection details
问题描述
我无法使用LDAP验证用户.我有以下详细信息:
I am not able to authenticate a user using LDAP. I have got following details:
URL=ldap://10.10.10.10:389
LDAP BASE:DC=lab2,DC=ins
LDAP Bind Account: CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=lab2,DC=ins
LDAP Bind Account Pw: secret
我可以使用上述详细信息搜索sAMAccountName值,但是如何使用用户名和密码对用户进行身份验证?
如果您遵循我之前的问题,那么您将理解,我可以成功连接到LDAP服务器,但无法对其进行身份验证.
用户进行身份验证:
I can search a sAMAccountName value using above details, but how to authenticate a user with user name and password?
If you follow my previous questions then you will understand that, I am successfully able to connect to LDAP server but not able to authenticate him.
User to authenticate:
user: someusername
password: somepwd
我无法使用'somepwd'连接到LDAP服务器,应该如何使用someusername.我可以搜索给定用户为sAMAccountName.
I am not able to connect to LDAP server with 'somepwd' and how should I use someusername. I am able to search given user as sAMAccountName.
推荐答案
这是我在各个地方发现的东西的混搭.如果您不想使用UnboundID SDK,它应该使您走上正确的道路.这不是生产质量,如果您的商店支持,您可能希望在此处添加SSL内容.
This is a mashup of stuff I found in various places. It should put you along the correct path if you don't want to use the UnboundID SDK. This isn't production quality, you might want to add the SSL stuff in here if your shop supports it.
public static Boolean validateLogin(String userName, String userPassword) {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);
// To get rid of the PartialResultException when using Active Directory
env.put(Context.REFERRAL, "follow");
// Needed for the Bind (User Authorized to Query the LDAP server)
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);
env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException e) {
throw new RuntimeException(e);
}
NamingEnumeration<SearchResult> results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree
controls.setCountLimit(1); //Sets the maximum number of entries to be returned as a result of the search
controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds
String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";
results = ctx.search("", searchString, controls);
if (results.hasMore()) {
SearchResult result = (SearchResult) results.next();
Attributes attrs = result.getAttributes();
Attribute dnAttr = attrs.get("distinguishedName");
String dn = (String) dnAttr.get();
// User Exists, Validate the Password
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, userPassword);
new InitialDirContext(env); // Exception will be thrown on Invalid case
return true;
}
else
return false;
} catch (AuthenticationException e) { // Invalid Login
return false;
} catch (NameNotFoundException e) { // The base context was not found.
return false;
} catch (SizeLimitExceededException e) {
throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);
} catch (NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try { results.close(); } catch (Exception e) { /* Do Nothing */ }
}
if (ctx != null) {
try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }
}
}
}
这篇关于LDAP:如何使用连接详细信息对用户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
