Fatal编程技术网
  • java/
  • 使用JAVA在OpenLDAP中获取用户组

使用JAVA在OpenLDAP中获取用户组

java ldap

使用JAVA在OpenLDAP中获取用户组,java,ldap,openldap,Java,Ldap,Openldap,我对java不太了解,但我需要更改代码。这里的背景是我们有在LDAP中工作的代码,它将给我们分配给已登录用户的组。现在,出于某种原因,我们不得不切换到OpenLDAP,问题就出现了。在这里,我们无法获得分配给用户的组 以前,我是用来获取组的 这里的上下文名称是ou=People,dc=maxcrc,dc=com NamingEnumeration<SearchResult> search = context.search(contextName,

我对java不太了解,但我需要更改代码。这里的背景是我们有在LDAP中工作的代码,它将给我们分配给已登录用户的组。现在,出于某种原因,我们不得不切换到OpenLDAP,问题就出现了。在这里,我们无法获得分配给用户的组

以前,我是用来获取组的

这里的上下文名称是ou=People,dc=maxcrc,dc=com

NamingEnumeration<SearchResult> search 
    = context.search(contextName, 
            "(sAMAccountName=" + userId + ")", constraints);

namingumeration搜索
=context.search(contextName,
“(sAMAccountName=“+userId+”),约束条件);
现在,我尝试了各种组合,比如

NamingEnumeration<SearchResult> search 
          = context.search(contextName, 
                   "(uid=" + userId + ")",  constraints);

namingumeration搜索
=context.search(contextName,
“(uid=“+userId+”),约束条件;


namingumeration搜索
=context.search(contextName,
“(&(objectClass=groupOfNames)(cn=+userId)”,约束条件);
等等

问题是我没有得到群组名称。所以,我搜索群组的方式有错吗?或者我没有得到什么。有人能帮我吗

这是我们的代码

public static HashMap getGroupList(
        DirContext context, String userId, String key) 
        throws NamingException, NullArgumentException, 
                InvalidStringValueException, ParserException {

  //setting sonstraints ans searach control to subtree scope
  HashMap groupList = new HashMap();
  SearchControls constraints = new SearchControls();
  constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
  constraints.setReturningAttributes(new String[]{"cn", MEMBER_OF_ATTRIBUTE});

  String contextName = parser.getConfigNodeValue("contextName");
  logger.debug("Context Name: " + contextName);
  logger.debug("Finding Group List for user ID: " + userId);
  NamingEnumeration<SearchResult> search 
          = context.search(contextName, 
                  SAMAC_COUNT_NAME + userId + CLOSE_BRACKET, constraints);

  //searching attribute
  logger.debug("searching attribute");

  SearchResult searchResult = null;

  String value = "";
  while (search.hasMoreElements()) {
      searchResult = search.next();
      String groupName = searchResult.getAttributes().get(MEMBER_OF_ATTRIBUTE).toString();
      groupList.put(groupName, groupName);
  }

  return groupList;
}

公共静态HashMap getGroupList(
DirContext上下文、字符串用户ID、字符串键)
抛出NamingException、NullArgumentException、,
InvalidStringValueException,ParserException{
//将SONANS SEARCH控件设置为子树范围
HashMap groupList=新建HashMap();
SearchControls约束=新的SearchControls();
约束。设置搜索范围(SearchControls.ONELEVEL_范围);
setReturningAttributes(新字符串[]{“cn”,_属性}的成员_);
字符串contextName=parser.getConfigNodeValue(“contextName”);
debug(“上下文名称:”+contextName);
debug(“查找用户ID的组列表:“+userId”);
NamingEnumeration搜索
=context.search(contextName,
SAMAC_COUNT_NAME+userId+右括号,约束);
//搜索属性
debug(“搜索属性”);
SearchResult SearchResult=null;
字符串值=”;
while(search.hasMoreElements()){
searchResult=search.next();
String groupName=searchResult.getAttributes().get(_属性的成员)。toString();
groupList.put(groupName,groupName);
}
返回群组列表;
}
编辑:

这里的上下文名称是
ou=People,dc=maxcrc,dc=com
,我已经应用了各种搜索过滤器作为
(uid=userId)
,也
(&(objectClass=groupOfNames)(uid=userId))
,还有
(&(objectClass=user)(uid=userId))
,但我什么都没有得到。我需要知道如何在这里搜索

这里的目录很简单-

dc=maxcrc dc=com中有ou=People 演示中有一个用户,演示是组的一部分。对象类是用户的inetOrgPerson

结果什么也没有

这并不意味着属性为空。如果是这种情况,您可能会看到
logger.debug(groupName+“group name find for“+userId”);
的输出。。由于您没有这样做,搜索本身显然没有返回任何内容,即筛选器或启动DN出现问题

EDIT重新编辑时,只有第一个筛选器有意义。第二个筛选器是语法错误,第三个筛选器搜索的是组而不是用户,而将具有
memberOf
属性的是用户,而不是组。此处仍然没有足够的信息进行进一步评论

编辑2

上下文名称是
ou=People,dc=maxcrc,dc=com

我已经应用了各种搜索过滤器作为
(uid=userId)

你的意思是
(uid={0})
,参数值为
userId
?你应该这样做。那么
userId
的值是多少

这也
(&(objectClass=groupOfNames)(uid=userId))

这简直是胡说八道:

  • ou=People
    下不会有(不应该有)组
  • 组对象将不具有
    memberOf
    属性。用户将具有
    memberOf
    属性,显示他们所属的组。在组中查找该属性毫无意义
    • 这也
    (&(objectClass=user)(uid=userId))

    如上所述。这要求用户对象具有
    user
    objectClass
    。它们有吗?如果没有,它们有什么,为什么不使用它

    请回答关于目录树的相关部分是什么样子的问题。包括对象类。

    我一直都错了。我们的OpenLDAP中没有memberof属性,因此代码无法工作

    因此,我需要稍微更改代码,以便对用户进行身份验证,然后我应该查询存在的每个组,并检查这些组中是否存在该用户名

    所以,即使没有会员,我也能解决

    这是我使用的示例代码-

    import javax.naming.NamingException;


public class LdapQuery {
    public static void main(String[] args) throws NamingException {
        SimpleLdapAuthentication obj = new SimpleLdapAuthentication();
        obj.ldapquery();
    }

}
    这里是方法

    import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class SimpleLdapAuthentication {

    public String ldapquery() {
        String distName = "";
        String username = "cn=demo,ou=People,dc=saas,dc=com";
        String[] userID = new String[2];
        userID[0] = "Users";
        userID[1] = "Developers";
        int size = userID.length;
        String password = "sacs3";
        String groupName = "";
        String base = "ou=People,dc=maxcrc,dc=com";
        //String searchFilter = "cn=" + username + "," + base;
        String ldapURL = "ldap://yourldapurl";
        Hashtable<String, String> environment = new Hashtable<String, String>();
        environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        environment.put(Context.PROVIDER_URL, ldapURL);
        environment.put(Context.SECURITY_AUTHENTICATION, "simple");
        environment.put(Context.SECURITY_PRINCIPAL, username);
        environment.put(Context.SECURITY_CREDENTIALS, password);
        String[] returnAttribute = {"member"};
        SearchControls srchControls = new SearchControls();
        srchControls.setReturningAttributes(returnAttribute);
        srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        for (int i = 0; i <= size - 1; i++) {
            String searchFilter = "(cn=" + userID[i] + ")";
            try {
                DirContext authContext = new InitialDirContext(environment);
                //System.out.println("Authentication Successful");
                NamingEnumeration<SearchResult> search = authContext.search(base, searchFilter, srchControls);
                // Probably want to test for nulls here
                distName = search.nextElement().toString();

                String[] splitBasedOnColon = distName.split("\\:");
                for (String x : splitBasedOnColon) {
                    if (x.startsWith("cn")) {
                        String[] splitGroupName = x.split("\\=");
                        groupName = splitGroupName[1];
                    }
                }
                if (distName.contains(username)) {
                    System.out.println("User is part of the group: " + groupName);
                }
            } catch (AuthenticationException authEx) {
                System.out.println("Authentication failed!");
            } catch (NamingException namEx) {
                System.out.println("Something went wrong!");
                namEx.printStackTrace();
            } catch (NullPointerException notFound) {
                System.out.println("User is not part group : "+ userID[i]);
               // notFound.printStackTrace();
            }
        }
        return distName;
    }
}

    import java.util.Hashtable;
导入javax.naming.AuthenticationException;
导入javax.naming.Context;
导入javax.naming.NamingEnumeration;
导入javax.naming.NamingException;
导入javax.naming.directory.DirContext;
导入javax.naming.directory.InitialDirContext;
导入javax.naming.directory.SearchControls;
导入javax.naming.directory.SearchResult;
公共类SimpleDapAuthentication{
公共字符串ldapquery(){
字符串distName=“”;
String username=“cn=demo,ou=People,dc=saas,dc=com”;
String[]userID=新字符串[2];
userID[0]=“用户”;
userID[1]=“开发者”;
int size=userID.length;
字符串password=“sacs3”;
字符串groupName=“”;
String base=“ou=People,dc=maxcrc,dc=com”;
//字符串searchFilter=“cn=“+username+”,“+base;
String ldapURL=“l

    import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class SimpleLdapAuthentication {

    public String ldapquery() {
        String distName = "";
        String username = "cn=demo,ou=People,dc=saas,dc=com";
        String[] userID = new String[2];
        userID[0] = "Users";
        userID[1] = "Developers";
        int size = userID.length;
        String password = "sacs3";
        String groupName = "";
        String base = "ou=People,dc=maxcrc,dc=com";
        //String searchFilter = "cn=" + username + "," + base;
        String ldapURL = "ldap://yourldapurl";
        Hashtable<String, String> environment = new Hashtable<String, String>();
        environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        environment.put(Context.PROVIDER_URL, ldapURL);
        environment.put(Context.SECURITY_AUTHENTICATION, "simple");
        environment.put(Context.SECURITY_PRINCIPAL, username);
        environment.put(Context.SECURITY_CREDENTIALS, password);
        String[] returnAttribute = {"member"};
        SearchControls srchControls = new SearchControls();
        srchControls.setReturningAttributes(returnAttribute);
        srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        for (int i = 0; i <= size - 1; i++) {
            String searchFilter = "(cn=" + userID[i] + ")";
            try {
                DirContext authContext = new InitialDirContext(environment);
                //System.out.println("Authentication Successful");
                NamingEnumeration<SearchResult> search = authContext.search(base, searchFilter, srchControls);
                // Probably want to test for nulls here
                distName = search.nextElement().toString();

                String[] splitBasedOnColon = distName.split("\\:");
                for (String x : splitBasedOnColon) {
                    if (x.startsWith("cn")) {
                        String[] splitGroupName = x.split("\\=");
                        groupName = splitGroupName[1];
                    }
                }
                if (distName.contains(username)) {
                    System.out.println("User is part of the group: " + groupName);
                }
            } catch (AuthenticationException authEx) {
                System.out.println("Authentication failed!");
            } catch (NamingException namEx) {
                System.out.println("Something went wrong!");
                namEx.printStackTrace();
            } catch (NullPointerException notFound) {
                System.out.println("User is not part group : "+ userID[i]);
               // notFound.printStackTrace();
            }
        }
        return distName;
    }
}