使用用户名的Java LDAP身份验证 [英] Java LDAP authentication with username

问题描述

好的，这让我发疯.我正在尝试使用Java创建LDAP身份验证，如果我在SECURITY_PRINCIPAL中使用我的名字和姓氏，一切都很好.这是我的代码:

Ok, this is driving me crazy. I'm trying to create an LDAP authentication with Java and everything is fine if I use my First name and Last name in the SECURITY_PRINCIPAL. This is my code:

 try {
    Hashtable<String, String> ldapEnv = new Hashtable<String, String>();
    ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    ldapEnv.put(Context.PROVIDER_URL,  "LDAP://myldap.mydomain.com:389");
    ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
    ldapEnv.put(Context.SECURITY_PRINCIPAL, "CN=FirstName LastName" + ",ou=Users");    
    ldapEnv.put(Context.SECURITY_CREDENTIALS, "password");

    DirContext ldapContext = new InitialLdapContext(ldapEnv, null);
    }
    catch (Exception e) {
      System.out.println(" bind error: " + e);
      e.printStackTrace();
   }

问题是它不适用于我的用户名.如果我尝试:

The problem is that it does not work with my username. If I try:

ldapEnv.put(Context.SECURITY_PRINCIPAL, "CN=myusername" + ",ou=Users");

或

ldapEnv.put(Context.SECURITY_PRINCIPAL, "uid=myusername" + ",ou=Users");

我总是得到[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]

出于某种原因，这似乎只能用于我的名字和姓氏.我检查了广告，我的sAMAccountName是正确的用户名.不知道为什么会这样.还有其他人有这样的问题吗?我可以将其他内容传递给Context.SECURITY_PRINCIPAL吗?我尝试了ldapEnv.put(Context. SECURITY_PRINCIPAL , "sAMAccountName=myusername" + ",ou=Users");，但是也失败了.有人可以帮忙吗?

This only seems to work with my First name and Last name for some reason. I checked the AD and my sAMAccountName is my correct username. Not sure why this is happening. Anyone else had such issues? Can I pass something else to Context.SECURITY_PRINCIPAL? I tried ldapEnv.put(Context.SECURITY_PRINCIPAL, "sAMAccountName=myusername" + ",ou=Users"); but it also fails... Can anyone please help?

推荐答案

EJP，谢谢您的输入.您确实是正确的，但我正在寻找简单的方法-只需将用户名和密码传递给AD，然后查看其是否通过身份验证即可.我在第一篇文章中应该更具体一些.您的建议会奏效，但我认为这要简单得多:

EJP, thanks for your input. You are indeed correct but I was looking for something simple - just pass a username and password to the AD and see if it authenticates or not .I should have been more specific in my first post. Your suggestion will work but I think this is much simpler:

            Hashtable props = new Hashtable();
            String principalName = "username@mydomain.com";
            props.put(Context.SECURITY_PRINCIPAL, principalName);
            props.put(Context.SECURITY_CREDENTIALS, "mypassword");
            DirContext context;

                //try to authenticate
            try {

                   context = com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance("LDAP://myldap.mydomain.com:389" + '/', props);
                   context.close();                    
            }

这样，我不在乎DN.只需传递username @ domain和voila-就像一个魅力:)再次感谢！

This way I don't care about the DN. Just passing the username@domain and voila - works like a charm :) Thanks again!

这篇关于使用用户名的Java LDAP身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！