LDAP / Java的身份验证:如何指定的工作站? [英] LDAP/Java auth: How to specify workstation?
问题描述
我们有一个小型局域网,其中每个用户通过Active Directory服务器上登录Windows。我希望能够以同样的方式从Java code认证用户。我这样做以下列方式:
We have a small LAN where each user is logging into Windows via Active Directory server. I want to be able to authenticate users from Java code in the same way. I was doing this in the following way:
Hashtable <String, String> env = new Hashtable <>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://192.168.0.1:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "user1");
env.put(Context.SECURITY_CREDENTIALS, "pass1"));
env.put(Context.REFERRAL, "ignore");
try {
new InitialDirContext(env).close();
return true;
} catch (AuthenticationException ex) {
return false;
}
其中,用户1 和 PASS1 是用户credentals。
where user1 and pass1 was user credentals.
这工作得很好,直到本地管理员限制通过明确设置允许工作站为每个用户列表的访问。现在,用户仍然可以登录到Windows,但我的code(允许工作站上运行)产生
That worked fine until local administrator restricted access by explicitly setting a list of allowed workstations for each user. Now users are still able to log into Windows, but my code (executed on allowed workstation) produces
javax.naming.AuthenticationException: [LDAP: error code 49 - ...:
LdapErr: ...,
comment: AcceptSecurityContext error,
data 531,
...]
所以,问题是:我应该怎么验证LDAP服务器上的用户,当用户允许工作站设置?我应该以某种方式传递当前工作站的LDAP服务器还是什么?
So the question is: how should I authenticate a user on LDAP server when user's allowed workstations are set? Should I somehow pass current workstation to the LDAP server or what?
推荐答案
允许工作站参数在AD将 userWorkstations 属性。
Allowed workstations parameter is set in the AD in userWorkstations attribute.
所以,你可能需要设置承载您的Java code到 userWorkstations的服务器名称属性在AD的登录用户。
So you may need to set the server name that hosts your java code to the userWorkstations attribute in the AD for the login user.
Refere以下链接查看更多细节。
Refere to below link for more details
<一个href="https://stackoverflow.com/questions/18766158/cant-get-connection-with-ad-from-java-$c$c/18767613#18767613?newreg=854061f7965244399fec2b7757c3b325">Can't得到的Java code 与AD连接
这篇关于LDAP / Java的身份验证:如何指定的工作站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
