通过SSL匿名用户的Active Directory身份验证 [英] Active Directory authentication through ssl as anonymous user

问题描述

我能够与配置好的ContextSource终身使用Spring-LDAP用户身份验证的Active Directory。我的Spring XML配置看起来lilke这样的：

I'm able to authenticate Active Directory with a user configured for ContextSource lifetime using Spring-ldap. My Spring xml configuration looks lilke this:

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <property name="contextSource" ref="contextSource" />
</bean>


<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://xxx.xxx.xxx.xxx:389" />
    <property name="userDn" value="myName@xxx.xxx" />
    <property name="password" value="password" />

</bean>

在Java code认证的用户：

The java code to authenticate the user is :

public boolean login(String username, String password) {
    AndFilter filter = new AndFilter();
    this.ldapTemplate.setIgnorePartialResultException(true); // Active Directory doesn’t transparently handle referrals. This fixes that.
    filter.and(new EqualsFilter("objectCategory","****"));
    filter.and(new EqualsFilter("objectClass","****"));
    filter.and(new EqualsFilter("sAMAccountName", username));
    return this.ldapTemplate.authenticate("OU=myBaseOu,DC=xyz,DC=def", filter.encode(), password);

    }

与Linux的开放的Ldap V3也是同样的作品，即使我不将用户DN 和密码属性里面的好的ContextSource 豆。

The same works with Linux open Ldap v3 also even if I don't set userDn and password property inside contextSource bean.

所有我需要的是配置这个XML，这样我可以访问Active Directory的匿名用户（没有设置用户DN和密码）。

All I need is to configure this xml such that I can access Active Directory as anonymous user(Without setting userDn and password).

此外，我需要通过SSL进行身份验证的用户。对于我用

Also I need to authenticate user through SSL. For that I used

<property name="url" value="ldaps://xxx.xxx.xxx.xxx:636" /> 

但我有例外，如：

but I got exception like:

Exception in thread "main" org.springframework.ldap.CommunicationException: simple bind failed: 192.168.0.13:636; nested exception is javax.naming.CommunicationException: simple bind failed: 192.168.0.13:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

在寻找，虽然，我得到的解决方案，我需要指出的是，其中存储证书的密钥库中。在这里，我不知道在哪里这个（在Java类或XML文件）。

While searching though, I got solution that I need to point out the keystore where the certificates are stored. Here I'm not sure where to this(Either in java class or in xml file).

您快速响应将AP preciated。 谢谢你。

Your quick response will be appreciated. Thanks.

推荐答案

我做了一些研究，发现有类似问题的其他应用程序。

I did some research and found other applications having similar issues.

1. Make sure you have imported your certificates into the keystore according to the Connect to LDAP or Other Services Via SSL instructions.
2. Make sure any certificates have been imported into the correct keystore; you may have multiple JDKs. 

这篇关于通过SSL匿名用户的Active Directory身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！