使用JAVA在OpenLDAP中获取用户组
我对java不太了解,但我需要更改代码。这里的背景是我们有在LDAP中工作的代码,它将给我们分配给已登录用户的组。现在,出于某种原因,我们不得不切换到OpenLDAP,问题就出现了。在这里,我们无法获得分配给用户的组 以前,我是用来获取组的 这里的上下文名称是ou=People,dc=maxcrc,dc=com使用JAVA在OpenLDAP中获取用户组,java,ldap,openldap,Java,Ldap,Openldap,我对java不太了解,但我需要更改代码。这里的背景是我们有在LDAP中工作的代码,它将给我们分配给已登录用户的组。现在,出于某种原因,我们不得不切换到OpenLDAP,问题就出现了。在这里,我们无法获得分配给用户的组 以前,我是用来获取组的 这里的上下文名称是ou=People,dc=maxcrc,dc=com NamingEnumeration<SearchResult> search = context.search(contextName,
NamingEnumeration<SearchResult> search
= context.search(contextName,
"(sAMAccountName=" + userId + ")", constraints);
namingumeration搜索
=context.search(contextName,
“(sAMAccountName=“+userId+”),约束条件);
现在,我尝试了各种组合,比如
NamingEnumeration<SearchResult> search
= context.search(contextName,
"(uid=" + userId + ")", constraints);
namingumeration搜索
=context.search(contextName,
“(uid=“+userId+”),约束条件;
及
namingumeration搜索
=context.search(contextName,
“(&(objectClass=groupOfNames)(cn=+userId)”,约束条件);
等等
问题是我没有得到群组名称。所以,我搜索群组的方式有错吗?或者我没有得到什么。有人能帮我吗
这是我们的代码
public static HashMap getGroupList(
DirContext context, String userId, String key)
throws NamingException, NullArgumentException,
InvalidStringValueException, ParserException {
//setting sonstraints ans searach control to subtree scope
HashMap groupList = new HashMap();
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
constraints.setReturningAttributes(new String[]{"cn", MEMBER_OF_ATTRIBUTE});
String contextName = parser.getConfigNodeValue("contextName");
logger.debug("Context Name: " + contextName);
logger.debug("Finding Group List for user ID: " + userId);
NamingEnumeration<SearchResult> search
= context.search(contextName,
SAMAC_COUNT_NAME + userId + CLOSE_BRACKET, constraints);
//searching attribute
logger.debug("searching attribute");
SearchResult searchResult = null;
String value = "";
while (search.hasMoreElements()) {
searchResult = search.next();
String groupName = searchResult.getAttributes().get(MEMBER_OF_ATTRIBUTE).toString();
groupList.put(groupName, groupName);
}
return groupList;
}
公共静态HashMap getGroupList(
DirContext上下文、字符串用户ID、字符串键)
抛出NamingException、NullArgumentException、,
InvalidStringValueException,ParserException{
//将SONANS SEARCH控件设置为子树范围
HashMap groupList=新建HashMap();
SearchControls约束=新的SearchControls();
约束。设置搜索范围(SearchControls.ONELEVEL_范围);
setReturningAttributes(新字符串[]{“cn”,_属性}的成员_);
字符串contextName=parser.getConfigNodeValue(“contextName”);
debug(“上下文名称:”+contextName);
debug(“查找用户ID的组列表:“+userId”);
NamingEnumeration搜索
=context.search(contextName,
SAMAC_COUNT_NAME+userId+右括号,约束);
//搜索属性
debug(“搜索属性”);
SearchResult SearchResult=null;
字符串值=”;
while(search.hasMoreElements()){
searchResult=search.next();
String groupName=searchResult.getAttributes().get(_属性的成员)。toString();
groupList.put(groupName,groupName);
}
返回群组列表;
}
编辑:
这里的上下文名称是ou=People,dc=maxcrc,dc=com
,我已经应用了各种搜索过滤器作为(uid=userId)
,也(&(objectClass=groupOfNames)(uid=userId))
,还有(&(objectClass=user)(uid=userId))
,但我什么都没有得到。我需要知道如何在这里搜索
这里的目录很简单-
在dc=maxcrc dc=com中有ou=People
演示中有一个用户,演示是组的一部分。对象类是用户的inetOrgPerson
结果什么也没有
这并不意味着属性为空。如果是这种情况,您可能会看到logger.debug(groupName+“group name find for“+userId”);
的输出。。由于您没有这样做,搜索本身显然没有返回任何内容,即筛选器或启动DN出现问题
EDIT重新编辑时,只有第一个筛选器有意义。第二个筛选器是语法错误,第三个筛选器搜索的是组而不是用户,而将具有memberOf
属性的是用户,而不是组。此处仍然没有足够的信息进行进一步评论
编辑2
上下文名称是ou=People,dc=maxcrc,dc=com
嗯
我已经应用了各种搜索过滤器作为(uid=userId)
你的意思是(uid={0})
,参数值为userId
?你应该这样做。那么userId
的值是多少
这也(&(objectClass=groupOfNames)(uid=userId))
这简直是胡说八道:
ou=People
下不会有(不应该有)组memberOf
属性。用户将具有memberOf
属性,显示他们所属的组。在组中查找该属性毫无意义(&(objectClass=user)(uid=userId))
如上所述。这要求用户对象具有user
的objectClass
。它们有吗?如果没有,它们有什么,为什么不使用它
请回答关于目录树的相关部分是什么样子的问题。包括对象类。我一直都错了。我们的OpenLDAP中没有memberof属性,因此代码无法工作 因此,我需要稍微更改代码,以便对用户进行身份验证,然后我应该查询存在的每个组,并检查这些组中是否存在该用户名 所以,即使没有会员,我也能解决 这是我使用的示例代码-
import javax.naming.NamingException;
public class LdapQuery {
public static void main(String[] args) throws NamingException {
SimpleLdapAuthentication obj = new SimpleLdapAuthentication();
obj.ldapquery();
}
}
这里是方法
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class SimpleLdapAuthentication {
public String ldapquery() {
String distName = "";
String username = "cn=demo,ou=People,dc=saas,dc=com";
String[] userID = new String[2];
userID[0] = "Users";
userID[1] = "Developers";
int size = userID.length;
String password = "sacs3";
String groupName = "";
String base = "ou=People,dc=maxcrc,dc=com";
//String searchFilter = "cn=" + username + "," + base;
String ldapURL = "ldap://yourldapurl";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, ldapURL);
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, username);
environment.put(Context.SECURITY_CREDENTIALS, password);
String[] returnAttribute = {"member"};
SearchControls srchControls = new SearchControls();
srchControls.setReturningAttributes(returnAttribute);
srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
for (int i = 0; i <= size - 1; i++) {
String searchFilter = "(cn=" + userID[i] + ")";
try {
DirContext authContext = new InitialDirContext(environment);
//System.out.println("Authentication Successful");
NamingEnumeration<SearchResult> search = authContext.search(base, searchFilter, srchControls);
// Probably want to test for nulls here
distName = search.nextElement().toString();
String[] splitBasedOnColon = distName.split("\\:");
for (String x : splitBasedOnColon) {
if (x.startsWith("cn")) {
String[] splitGroupName = x.split("\\=");
groupName = splitGroupName[1];
}
}
if (distName.contains(username)) {
System.out.println("User is part of the group: " + groupName);
}
} catch (AuthenticationException authEx) {
System.out.println("Authentication failed!");
} catch (NamingException namEx) {
System.out.println("Something went wrong!");
namEx.printStackTrace();
} catch (NullPointerException notFound) {
System.out.println("User is not part group : "+ userID[i]);
// notFound.printStackTrace();
}
}
return distName;
}
}
import java.util.Hashtable;
导入javax.naming.AuthenticationException;
导入javax.naming.Context;
导入javax.naming.NamingEnumeration;
导入javax.naming.NamingException;
导入javax.naming.directory.DirContext;
导入javax.naming.directory.InitialDirContext;
导入javax.naming.directory.SearchControls;
导入javax.naming.directory.SearchResult;
公共类SimpleDapAuthentication{
公共字符串ldapquery(){
字符串distName=“”;
String username=“cn=demo,ou=People,dc=saas,dc=com”;
String[]userID=新字符串[2];
userID[0]=“用户”;
userID[1]=“开发者”;
int size=userID.length;
字符串password=“sacs3”;
字符串groupName=“”;
String base=“ou=People,dc=maxcrc,dc=com”;
//字符串searchFilter=“cn=“+username+”,“+base;
String ldapURL=“l
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class SimpleLdapAuthentication {
public String ldapquery() {
String distName = "";
String username = "cn=demo,ou=People,dc=saas,dc=com";
String[] userID = new String[2];
userID[0] = "Users";
userID[1] = "Developers";
int size = userID.length;
String password = "sacs3";
String groupName = "";
String base = "ou=People,dc=maxcrc,dc=com";
//String searchFilter = "cn=" + username + "," + base;
String ldapURL = "ldap://yourldapurl";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, ldapURL);
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, username);
environment.put(Context.SECURITY_CREDENTIALS, password);
String[] returnAttribute = {"member"};
SearchControls srchControls = new SearchControls();
srchControls.setReturningAttributes(returnAttribute);
srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
for (int i = 0; i <= size - 1; i++) {
String searchFilter = "(cn=" + userID[i] + ")";
try {
DirContext authContext = new InitialDirContext(environment);
//System.out.println("Authentication Successful");
NamingEnumeration<SearchResult> search = authContext.search(base, searchFilter, srchControls);
// Probably want to test for nulls here
distName = search.nextElement().toString();
String[] splitBasedOnColon = distName.split("\\:");
for (String x : splitBasedOnColon) {
if (x.startsWith("cn")) {
String[] splitGroupName = x.split("\\=");
groupName = splitGroupName[1];
}
}
if (distName.contains(username)) {
System.out.println("User is part of the group: " + groupName);
}
} catch (AuthenticationException authEx) {
System.out.println("Authentication failed!");
} catch (NamingException namEx) {
System.out.println("Something went wrong!");
namEx.printStackTrace();
} catch (NullPointerException notFound) {
System.out.println("User is not part group : "+ userID[i]);
// notFound.printStackTrace();
}
}
return distName;
}
}