LDAP:为空的binddn“";身份验证类型从无到有变得简单 [英] LDAP: Empty binddn"" and Authentication type becomes simple from none
问题描述
Am在Spring MVC&中开发应用程序;具有Spring Security的JPA.现在通过LDAP集成OUD(Oracle统一目录).在进行用户身份验证时,来自OUD日志文件中LDAP的响应是
Am Developing an application in Spring MVC & JPA with Spring Security. Now Integrating the OUD (Oracle Unified Directory) through LDAP. While User authentication the response from the LDAP in OUD log file is
CONNECT conn = 909681从*******到*******:1636 protocol = LDAPS
CONNECT conn=909681 from ******* to *******:1636 protocol=LDAPS
绑定REQ conn = 909681 op = 0 msgID = 1 type = SIMPLE dn =" version = 3
Bind REQ conn=909681 op=0 msgID=1 type=SIMPLE dn="" version=3
BindRES conn = 909681 op = 0 msgID = 1 result = 1 message =目录服务器找不到绑定dn"的网络组,因为客户端连接与该连接不匹配任何网络组的标准."
BindRES conn=909681 op=0 msgID=1 result=1 message="The directory server could not find a network group for the bind dn "" because the client connection does not match the connection criteria for any network groups."
断开连接 conn = 909681原因=客户端断开连接"
DISCONNECT conn=909681 reason="Client Disconnect"
security.xml文件中的应用程序和LDAP之间的映射
Mapping between application and LDAP in security.xml file
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.0.182:1636/o=company"/>
<property name="userDn" value="cn=userid,o=company,ou=groups"/>
<property name="password" value="password"/>
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" >
<constructor-arg>
<bean class="in.web.service.impl.CustomLdapBindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userDnPatterns">
<list>
<value>cn={0},ou=groups</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="in.web.service.impl.CustomLdapUserAuthoritiesPopulator">
</bean>
</constructor-arg>
</bean>
CustomLdapBindAuthenticator中的代码
Code in CustomLdapBindAuthenticator
public LdapUserDetails search(String cn) throws Exception {
Hashtable env = new Hashtable();
String sp = "com.sun.jndi.ldap.LdapCtxFactory";
env.put(Context.INITIAL_CONTEXT_FACTORY, sp);
String [] urls = contextSource.getUrls();
for(String url: urls){
System.out.println("ldapurls="+url);
}
env.put(Context.PROVIDER_URL, urls[0]);
DirContext dctx = new InitialDirContext(env);
String base = "ou=groups,o=company";
System.out.println("BASE DN="+base);
SearchControls sc = new SearchControls();
String[] attributeFilter = {"cn", "fullName", "mail", "l", "mobile"};
sc.setReturningAttributes(attributeFilter);
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(cn="+cn+")(objectClass=*))";
NamingEnumeration results = dctx.search(base, filter, sc);
LdapUserDetails user = new LdapUserDetails();
while (results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
Attributes attrs = sr.getAttributes();
user.setCn(getAttribute(attrs, "cn"));
user.setFullName(getAttribute(attrs, "fullName"));
user.setMail(getAttribute(attrs, "mail"));
user.setMobile(getAttribute(attrs, "mobile"));
user.setLocation(getAttribute(attrs, "l"));
}
dctx.close();
return user;
}
Pl.帮我解决问题
- 我没有提到身份验证那么简单.从哪里我在日志文件中得到 type = simple
- 为什么我得到dn ="
预先感谢
推荐答案
默认身份验证为简单绑定",表示DN和密码.
您没有在环境env中设置任何凭据,因此JNDI会默认尝试执行绑定匿名"操作,即空DN和密码.
Default authentication is "simple Bind" which means a DN and a password.
You are not setting any credentials in the Environment env, so JNDI does the default of trying to do a Bind anonymous, i.e. empty DN and password.
这篇关于LDAP:为空的binddn“";身份验证类型从无到有变得简单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
