LDAP.没有身份验证的Java应用程序 [英] LDAP. Java Application without Authentication

问题描述

此应用程序将在Active Directory中已通过身份验证的客户端上运行.

This application will be run on clients that are already authenticated in Active Directory.

问题:LDAP协议(或Active Directory设置)似乎需要用户名和密码.

Problem: the LDAP protocol (or Active Directory settings) seem to require username and password.

目标:在Java中使用LDAP查询Active Directory，而不必进行身份验证(询问用户名和密码).

Goal: query Active Directory using LDAP in Java without having to authenticate (ask for username and password).

要点:运行此应用程序的所有客户端都已经登录.因此，它们已经通过Active Directory身份验证(进入)/.

Gist: all clients who run this application have already logged in. Thus, they are already authenticated (into)/ by Active Directory.

现在他们已经登录并可以在应用程序外部访问AD，难道无法摆脱"已经通过身份验证并在我的应用程序中运行我的LDAP查询的事实吗?

Now that they are logged in and have access to AD outside the application, isn't it possible to "mooch" off of the fact that they are already authenticated and run my LDAP queries in my application?

错误:尝试操纵过去的​​身份验证时；我已经习惯于绑定错误，log4j错误；以及几乎所有关于Stack Overflow，Oracle和Apache的建议.

Errors: while trying to maneuver past authentication; I have become accustomed to binding errors, log4j errors; and almost everything recommended on Stack Overflow, Oracle and Apache.

尝试的方法:我尝试了匿名绑定，Ldap api，nada！

Methods tried: I have tried anonymous binding, Ldap api's, nada!!

问题:

1. 是否可以在不进行身份验证的情况下查询Active Directory?
2. 是否可以通过告诉服务器嘿，我已经登录AD，继续进行查询"来查询Active Directory?不会提示用户输入用户名和密码?

推荐答案

以下解决方案(或至少非常相似的解决方案)用于解决此问题:

The following solution (or at least a very similar one) was used to solve this question:

import com4j.Variant;
import com4j.typelibs.ado20.ClassFactory;
import com4j.typelibs.ado20._Command;
import com4j.typelibs.ado20._Connection;
import com4j.typelibs.ado20._Recordset;

public static void queryADForComputers() throws Exception {

    String query            = "cn,sn,givenName,department";
    String filter           = "(&(objectclass=user)(objectcategory=person))";
    String namingContext    = "OU=Desktops,OU=Workstations,OU=HO,DC=win";
    _Connection conn        = ClassFactory.createConnection();

    conn.provider("ADsDSOObject");
    conn.open("Active Directory Provider","","",-1);

    _Command cmd            = ClassFactory.createCommand();
    cmd.activeConnection(conn);
    cmd.commandText("<LDAP://" + namingContext + ">;" + filter + ";" + query + ";subTree");
    _Recordset rs = cmd.execute(null, Variant.getMissing(), -1);
    System.out.println("Found " + rs.recordCount() + " users/computers/whatever i was looking for");

    //Then here you can use a while loop while(!rs.eof())
    //in which you can get each value as rs.fields().item(i).value();
    //in my case, i did rs.fields().item(i).value().toString()
    //or you can check for its type and go from there. 
}

我前一段时间进行了此工作，目前没有活动目录来进行测试和验证.但这应该可以帮助您入门.

I worked on this a while ago and don't currently have an active directory to test and verify. but this should get you started.

这篇关于LDAP.没有身份验证的Java应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！