与LDAP Windows密码身份验证 [英] Windows password Authentication with LDAP

问题描述

我有一个桌面应用程序，我可以得到域用户名与authentication.getPrincipal（）。的toString（）code line.If域名和用户输入相匹配正是我授予用户的所有访问。对另一方面，当用户键入另一个用户名（其不匹配域用户名），则程序在数据库检查密码

I have a desktop application and i can get the domain username with authentication.getPrincipal().toString() code line.If the domain name and the user input matches exactly i granted all access to user .On the other hand , when the user types another username(which doesn't match the domain user name ) ,the programme checks the password in Database.

问题是，我想与Windows域密码检查密码不DB.When用户写入的用户名，该方案应该为此查找Windows域密码username.I尝试LDAP，但我无法得到域密码与LDAP。

The problem is that I want to check the password with windows domain passwords not with DB.When the user writes the username , the programme should lookup windows domain password for this username.I try LDAP but I couldn't get the domain password with LDAP.

是否有任何可能的方式来检查与域密码的用户？在别的意思，有没有查找属于用户的密码可能的方式是什么？

Is there any possible way to check the users with domain passwords? In other meaning , is there a possible way to lookup the password which belongs to user?

推荐答案

这应该是不可能取回密码（应该没有人能得到其他用户的密码）。

It should be impossible to retrieve passwords (noone should be able to get another user's password).

不过，如果他们访问，而身份登录该帐户，你不需要检查密码。你可以去authentication.getPrincipal的事实表明，它们的是的身份登录该用户 - 你不再需要询问密码

However, if they are accessing while logged in as that account you don't need to check the password. The fact you can go authentication.getPrincipal shows that they are logged in as that user - you no longer need to ask for a password.

另外，如果他们使用的是一个给定的Windows-auth的用户名和密码访问，而不是登录的用户可能有一个方法，如果他们的密码是有效的，但我怀疑它，因为isValid（）的布尔调用先给你知道你刚刚交出密码是有效的，因此Windows已经泄露自己的密码。

Alternatively, if they are accessing using a given windows-auth username and password while not logged in as that user there may be a way to see if their password is valid but I doubt it because the IsValid() boolean call would let you know the password you just handed over was valid and as such Windows has leaked their password.

编辑：

Java的LDAP验证code（来源： HTTP： //java.sun.com/products/jndi/tutorial/ldap/security/ldap.html ）

Java LDAP Authentication code (source: http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html)

// Set up the environment for creating the initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, 
    "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial");

// Authenticate
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, authentication.getPrincipal().toString() );
env.put(Context.SECURITY_CREDENTIALS, "PASSWORD");

// Create the initial context
DirContext ctx = new InitialDirContext(env);

这篇关于与LDAP Windows密码身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！