Java 针对OpenLDAP服务器对用户进行身份验证时出现Nexus和LDAP-JNDI问题

我正在将Nexus repository manager（Nexus.sonatype.org）与开源LDAP插件（code.google.com/p/Nexus LDAP/）一起使用，发现一个错误，表明使用了错误的协议版本（详细信息如下）。该插件所做的只是使用JNDI LDAP服务提供程序连接到我的LDAP服务器。如果查看nexus.log文件中的堆栈跟踪，则在JNDI LDAP实现的上下文初始化期间会发生异常。所以我的猜测是，下面描述的问题不是由Nexus插件引起的，而是由JNDI的误用或对LDAP身份验证的误解引起的

任何关于这是如何导致错误的猜测或想法都将不胜感激

哪些步骤会重现问题？

配置Nexus使用LDAP协议的OpenLDAP 1.2.x服务器版本2使用LdapAuthenticatingRealm

尝试列出OpenLDAP服务器中的用户，并将其映射到Nexus配置UI中的角色-效果非常好

现在，尝试使用已成功映射到角色的LDAP用户登录到正在运行的Nexus实例或对其进行身份验证

预期输出是什么？你看到的是什么？

尝试登录时，我收到错误消息“用户名、密码不正确或没有使用Nexus用户界面的权限。请重试。”。在Nexus日志文件中，我看到Sun的JNDI LDAP实现（请参阅下面日志文件中的堆栈跟踪）尝试使用给定信息初始化上下文，以便根据LDAP服务器对用户进行身份验证时引发异常。使用NexusUI的用户查找与身份验证期间执行的查找一样工作正常（请参阅下面的日志文件）

CommunicationException中包含的错误消息（“[LDAP:错误代码2-版本不受支持]”）表示使用了错误的LDAP协议版本。我尝试显式使用协议版本2，因为OpenLDAP版本1.2.7-30只支持LDAP v2（企业环境-服务器版本不可协商）。为此，我检查了您的源代码，在se.devateam.nexus.ldap.NexusLdapContextFactory:52中添加了行“env.put”（“java.naming.ldap.version”，“2”）；”。没有什么变化

在测试期间，我在浏览Sun源代码时意识到javax.naming.ldap.InitialLdapContext.InitialLdapContext（）方法所做的第一件事是将ldap协议版本设置为“3”（javax.naming.ldap.InitialLdapContext:131）。尽管Java6文档解释了我使用的属性（java.sun[dot]com/javase/6/docs/technotes/guides/jndi/jndi ldap gl.html#version），jndi教程提到这是解决协议版本冲突的正确方法（java.sun[dot]com/products/jndi/tutorial/ldap/misc/version.html）我想知道：当使用JNDI作为LDAP服务提供者时，是否有办法显式使用LDAP协议版本2

接下来，我尝试使用一个相当最新的OpenLDAP服务器版本（openldap2-2.3）作为LDAP协议版本3请求的代理，这将把它们委托给旧服务器。同样的问题，同样的例外

其他信息

环境：部署在Tomcat 6.0.16上的Nexus Webapp Nexus版本：1.3.6 ldap领域版本：0.4 JRE版本：JDK 1.6.0_14-b08 平台：虚拟环境 LDAP目录品牌：OpenLDAP 1.2.7和2.2.3

nexus.log的相关部分：

2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - o.s.j.r.PlexusSecur~          - Realm: 'org.sonatype.jsecurity.realms.XmlAuthenticatingRealm', caused: User 'testuser' cannot be retrieved.
org.jsecurity.authc.AccountException: User 'testuser' cannot be retrieved.
    at org.sonatype.jsecurity.realms.XmlAuthenticatingRealm.doGetAuthenticationInfo(XmlAuthenticatingRealm.java:68)
    at org.jsecurity.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:168)
    at org.sonatype.jsecurity.web.WebPlexusSecurity.getAuthenticationInfo(WebPlexusSecurity.java:185)
    at org.jsecurity.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:186)
    at org.jsecurity.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:276)
    at org.jsecurity.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:141)
    at org.jsecurity.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:171)
    at org.jsecurity.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:312)
    at org.jsecurity.subject.DelegatingSubject.login(DelegatingSubject.java:237)
    at org.jsecurity.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:49)
    at org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.onAccessDenied(NexusHttpAuthenticationFilter.java:121)
    at org.jsecurity.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:145)
    at org.jsecurity.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:175)
    at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:129)
    at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
    at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
    at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
    at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:419)
    at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:378)
    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1509)
    at java.lang.Thread.run(Thread.java:619)
Caused by: org.sonatype.jsecurity.realms.tools.NoSuchUserException: User with id='testuser' not found!
    at org.sonatype.jsecurity.realms.tools.DefaultConfigurationManager.readUser(DefaultConfigurationManager.java:410)
    at org.sonatype.jsecurity.realms.tools.ResourceMergingConfigurationManager.readUser(ResourceMergingConfigurationManager.java:278)
    at org.sonatype.jsecurity.realms.XmlAuthenticatingRealm.doGetAuthenticationInfo(XmlAuthenticatingRealm.java:64)
    ... 29 more
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.LdapAuthent~          - Authenticating user 'testuser' through LDAP
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.LdapAuthent~          - LDAP user search filter: (&(objectClass=account)(uid={0}))
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP security principal not set
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP security credentials not set
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP provider url(s): ldap://ldap:389
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP initial context factory: com.sun.jndi.ldap.LdapCtxFactory
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP security protocol: null
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP security authentication: null
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP search scope: subtree
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.LdapAuthent~          - User object found
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.LdapAuthent~          - LDAP authentication principal: uid=testuser, dc=corporation,dc=de
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP provider url(s): ldap://ldap:389
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP initial context factory: com.sun.jndi.ldap.LdapCtxFactory
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP security protocol: null
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - s.d.n.l.NexusLdapCo~          - LDAP security authentication: null
2009-10-23 15:06:37 ERROR [ajp-8009-3     ] - o.j.r.l.AbstractLda~          - LDAP naming error while attempting to authenticate user.
javax.naming.CommunicationException: [LDAP: error code 2 - version not supported]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3089)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at se.devoteam.nexus.ldap.NexusLdapContextFactory.getLdapContext(NexusLdapContextFactory.java:63)
    at se.devoteam.nexus.ldap.LdapAuthenticatingRealm.queryForAuthenticationInfo(LdapAuthenticatingRealm.java:139)
    at org.jsecurity.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:186)
    at org.jsecurity.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:168)
    at org.sonatype.jsecurity.web.WebPlexusSecurity.getAuthenticationInfo(WebPlexusSecurity.java:185)
    at org.jsecurity.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:186)
    at org.jsecurity.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:276)
    at org.jsecurity.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:141)
    at org.jsecurity.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:171)
    at org.jsecurity.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:312)
    at org.jsecurity.subject.DelegatingSubject.login(DelegatingSubject.java:237)
    at org.jsecurity.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:49)
    at org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.onAccessDenied(NexusHttpAuthenticationFilter.java:121)
    at org.jsecurity.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:145)
    at org.jsecurity.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:175)
    at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:129)
    at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
    at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
    at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
    at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:419)
    at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:378)
    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1509)
    at java.lang.Thread.run(Thread.java:619)
2009-10-23 15:06:37 INFO  [ajp-8009-3     ] - o.s.n.s.f.a.NexusSe~          - Unable to authenticate user [testuser] from address/host [172.31.2.155/172.31.2.155]
2009-10-23 15:06:37 DEBUG [ajp-8009-3     ] - o.s.n.e.Authenticat~:default  - Notifying 1 EventListener about event org.sonatype.nexus.auth.NexusAuthenticationEvent fired (org.sonatype.nexus.auth.NexusAuthenticationEvent@d637d)

2009-10-23 15:06:37调试[ajp-8009-3]-o.s.j.r.PlexusSecur~-Realm:'org.sonatype.jsecurity.realms.XMLAuthenticationRealm'，原因：无法检索用户“testuser”。
org.jsecurity.authc.AccountException:无法检索用户“testuser”。
位于org.sonatype.jsecurity.realms.XMLAuthenticationRealm.DogeAuthenticationInfo（XMLAuthenticationRealm.java:68）
位于org.jsecurity.realm.authenticationRealm.getAuthenticationInfo（authenticationRealm.java:168）
位于org.sonatype.jsecurity.web.WebPlexusSecurity.getAuthenticationInfo（WebPlexusSecurity.java:185）
在org.jsecurity.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication（ModularRealmAuthenticator.java:186）上
位于org.jsecurity.authc.pam.ModularRealmAuthenticator.doAuthenticate（ModularRealmAuthenticator.java:276）
位于org.jsecurity.authc.AbstractAuthenticator.authenticate（AbstractAuthenticator.java:141）
位于org.jsecurity.mgt.authenticationSecurityManager.authenticate（authenticationSecurityManager.java:171）
在org.jsecurity.mgt.DefaultSecurityManager.login（DefaultSecurityManager.java:312）上
登录org.jsecurity.subject.DelegatingSubject.login（DelegatingSubject.java:237）
在org.jsecurity.web.filter.authc.authenticationfilter.executeLogin（authenticationfilter.java:49）
位于org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.onAccessDenied（NexusHttpAuthenticationFilter.java:121）
位于org.jsecurity.web.filter.AccessControlFilter.onPreHandle（AccessControlFilter.java:145）
在org.jsecurity.web.filter.PathMatchingFilter.preHandle（PathMatchingFilter.java:175）上
位于org.jsecurity.web.servlet.AdviceFilter.doFilterInternal（AdviceFilter.java:129）
位于org.jsecurity.web.servlet.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:180）
位于org.jsecurity.web.servlet.FilterChainRapper.doFilter（FilterChainRapper.java:57）
位于org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal（JSecurityFilter.java:382）
位于org.jsecurity.web.servlet.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:180）
位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:235）
位于org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:206）
位于org.apache.catalina.core.StandardWrapperValve.invoke（StandardWrapperValve.java:233）
位于org.apache.catalina.core.StandardContextValve.invoke（StandardContextValve.java:175）
位于org.apache.catalina.core.StandardHostVa