通过Java在嵌套组中查找LDAP用户
我找不到对我有用的东西。我很难找到包含有效代码的答案,而不是简单地从另一个站点粘贴搜索过滤器字符串 尝试执行搜索的相关代码是:通过Java在嵌套组中查找LDAP用户,java,active-directory,ldap,Java,Active Directory,Ldap,我找不到对我有用的东西。我很难找到包含有效代码的答案,而不是简单地从另一个站点粘贴搜索过滤器字符串 尝试执行搜索的相关代码是: SearchResult sr = executeSearchSingleResult(ctx, SearchControls.SUBTREE_SCOPE, "dc=mydomain,dc=local", "(&(objectClass=person)(sAMAccountName=admin2))", new String[]{"memberOf"}); if
SearchResult sr = executeSearchSingleResult(ctx, SearchControls.SUBTREE_SCOPE, "dc=mydomain,dc=local", "(&(objectClass=person)(sAMAccountName=admin2))", new String[]{"memberOf"});
if (sr != null) {
Attribute memberOf = sr.getAttributes().get("memberOf");
if (memberOf != null) {
for (int i = 0; i < memberOf.size(); i++) {
Attributes attributes = ctx.getAttributes(memberOf.get(i).toString(), new String[]{"CN"});
Attribute attribute = attributes.get("CN");
if (attribute != null) {
log.info("member of : " + attribute.get(0));
}
}
for (Enumeration e1 = memberOf.getAll(); e1.hasMoreElements();) {
String unprocessedGroupDN = e1.nextElement().toString();
String unprocessedGroupCN = getCN(unprocessedGroupDN);
//checking something here
}
}
}
private static SearchResult executeSearchSingleResult(DirContext ctx, int searchScope, String searchBase, String searchFilter, String[] attributes) throws NamingException {
NamingEnumeration result = executeSearch(ctx, searchScope, searchBase, searchFilter, attributes);
SearchResult sr = null;
try {
while (result.hasMoreElements()) {
sr = (SearchResult) result.next();
break;
}
} catch (Exception e) {
log.error(e, e);
}
return sr;
}
private static NamingEnumeration executeSearch(DirContext ctx, int searchScope, String searchBase, String searchFilter, String[] attributes) throws NamingException {
SearchControls searchCtls = new SearchControls();
if (attributes != null) {
searchCtls.setReturningAttributes(attributes);
}
searchCtls.setSearchScope(searchScope);
NamingEnumeration result = ctx.search(searchBase, searchFilter, searchCtls);
return result;
}
这会发现AdminUser1很好。它找不到AdminUser2。我需要做的是发现AdminUser2一直返回到名为MyAdmins
的最高级别组
我找到了很多关于1.2.840.113556.1.4.1941
的参考资料,但将其放入搜索过滤器的不同方法没有帮助
我需要在代码和/或搜索过滤器中更改什么,以收集特定用户在任何特定深度的组嵌套中一直返回到最顶端的组?使用类似于以下内容的过滤器:
(成员:1.2.840.113556.1.4.1941:=(CN=UserName,CN=Users,DC=YOURDOMAIN,DC=NET))
通常会找到用户CN=UserName、CN=Users、DC=YOURDOMAIN、DC=NET所属的所有组
但这很复杂
- Microsoft Active Directory有几个
- Microsoft Active Directory具有不同的LDAP服务 (普通和全局目录)
- 局限性
还有一些限制。当组嵌套“太深”或“太宽”时,链类型搜索中的LDAP_匹配_规则_往往会失败。这意味着该成员所属的嵌套级别或组太多。在LDAP中,我们可以查询用户是否属于给定的组一旦您建立了连接,就可以使用member或memberOf属性进行查询 查询memberOf属性: 使用的筛选器:(&(组成员属性=组DN)(对象类=组对象类)) 例如:(&(memberOf=CN=group,ou=qa_-ou,dc=ppma,dc=org)(objectClass=group)) 使用成员属性: 使用的筛选器:(&(组成员属性=用户DN)(对象类=组对象类)) 例如:(&(member=CN=user,ou=qa_-ou,dc=ppma,dc=org)(objectClass=group)) 但是您必须使用用户的member或memberOf属性列表进行递归搜索。e、 g.如果用户具有以下组层次结构: cn:user1成员:cn=group1,DC=foo,DC=example,DC=com成员:cn=group2,DC=foo,DC=example,DC=com 然后,您需要使用附加的LDAP搜索递归地查找group1和group2,依此类推,查找这些组所属的组 我们不能在生产中使用LDAP\u匹配\u规则\u链,因为当嵌套层次结构太深时,它不起作用,并且只适用于Active Directory。下面的解决方案与AD或OpenLDAP独立工作,我们只需要替换组属性 下面是查询用户所属的所有嵌套组的示例代码:
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class MemberDemo {
private static final String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
private static final String connectionURL = "ldap://10.224.243.133:389";
private static final String connectionName = "CN=administrator,CN=users,DC=ppma,DC=org";
private static final String connectionPassword = "Conleyqa12345";
public static int nestLevel = 3;
public static int level = 1;
// Optional
private static final String authentication = null;
private static final String protocol = null;
private static String userBase = "OU=qa_OU,DC=ppma,DC=org";
public static void main(String[] args) throws NamingException {
long start = System.currentTimeMillis();
Hashtable<String, String> env = new Hashtable<String, String>();
// Configure our directory context environment.
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
env.put(Context.PROVIDER_URL, connectionURL);
env.put(Context.SECURITY_PRINCIPAL, connectionName);
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
if (authentication != null)
env.put(Context.SECURITY_AUTHENTICATION, authentication);
if (protocol != null)
env.put(Context.SECURITY_PROTOCOL, protocol);
InitialDirContext context = new InitialDirContext(env);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
Set<String> traversedGroups = new HashSet<String>();
Set<String> relatedGroups = new HashSet<String>();
List<String> tempParentColl = new CopyOnWriteArrayList<String>();
List<String> tempGroups = new ArrayList<String>();
String loginUser = "CN=qa20Nest,OU=qa_OU,DC=ppma,DC=org";
String filter = "(&(member=" + loginUser + ")(objectClass=group))";
tempGroups = findNestedGroups(tempGroups, context, filter, loginUser, constraints,
tempParentColl, traversedGroups, getUserName(loginUser));
relatedGroups.addAll(tempGroups);
System.out.println("Parent Groups :");
for (String group : relatedGroups) {
System.out.println(group);
}
long end = System.currentTimeMillis();
long elapsedTime = end - start;
System.out.println("Total time taken in sec : " + elapsedTime / 1000);
}
@SuppressWarnings("rawtypes")
public static List<String> findNestedGroups(List<String> tempGrpRelations, InitialDirContext context, String filter,
String groupName, SearchControls constraints, List<String> tempParentColl, Set<String> traversedGrp,
String groupIdentifier) {
NamingEnumeration results;
try {
traversedGrp.add(groupName);
results = context.search(userBase, filter, constraints);
// Fail if no entries found
if (results == null || !results.hasMore()) {
System.out.println("No result found for :" + groupName);
if (tempParentColl.isEmpty()) {
return tempGrpRelations;
} else {
tempParentColl.remove(groupName);
}
}
while (results.hasMore()) {
SearchResult result = (SearchResult) results.next();
System.out.println("DN - " + result.getNameInNamespace());
tempParentColl.add(result.getNameInNamespace());
tempGrpRelations.add(result.getNameInNamespace());
}
Iterator<String> itr = tempParentColl.iterator();
while (itr.hasNext()) {
String groupDn = itr.next();
String nfilter = "(&(member=" + groupDn + ")(objectClass=group))";
tempParentColl.remove(groupDn);
if (!traversedGrp.contains(groupDn)) {
findNestedGroups(tempGrpRelations, context, nfilter, groupDn, constraints, tempParentColl,
traversedGrp, getUserName(groupDn));
}
}
} catch (NamingException e) {
e.printStackTrace();
}
return tempGrpRelations;
}
public static String getUserName(String cnName) {
String name = cnName.substring(cnName.indexOf("CN=")).split(",")[0].split("=")[1];
return name;
}
}
导入java.util.ArrayList;
导入java.util.HashMap;
导入java.util.HashSet;
导入java.util.Hashtable;
导入java.util.Iterator;
导入java.util.List;
导入java.util.Map;
导入java.util.Set;
导入java.util.concurrent.CopyOnWriteArrayList;
导入javax.naming.Context;
导入javax.naming.NamingEnumeration;
导入javax.naming.NamingException;
导入javax.naming.directory.InitialDirContext;
导入javax.naming.directory.SearchControls;
导入javax.naming.directory.SearchResult;
公共类成员演示{
私有静态最终字符串contextFactory=“com.sun.jndi.ldap.LdapCtxFactory”;
专用静态最终字符串connectionURL=”ldap://10.224.243.133:389";
私有静态最终字符串connectionName=“CN=administrator,CN=users,DC=ppma,DC=org”;
私有静态最终字符串连接password=“Conleyqa12345”;
公共静态int nestLevel=3;
公共静态int级别=1;
//可选的
私有静态最终字符串身份验证=null;
私有静态最终字符串协议=null;
私有静态字符串userBase=“OU=qa\u OU,DC=ppma,DC=org”;
公共静态void main(字符串[]args)引发NamingException{
长启动=System.currentTimeMillis();
Hashtable env=新的Hashtable();
//配置目录上下文环境。
环境放置(Context.INITIAL\u Context\u FACTORY,contextFactory);
env.put(Context.PROVIDER\uURL,connectionURL);
环境put(Context.SECURITY\u主体,connectionName);
环境放置(Context.SECURITY\u凭证、连接密码);
if(身份验证!=null)
环境put(Context.SECURITY\u身份验证、身份验证);
if(协议!=null)
环境put(Context.SECURITY_协议,协议);
InitialDirContext=新的InitialDirContext(env);
SearchControls约束=新的SearchControls();
约束.setSearchScope(SearchControls.SUBTREE_范围);
Set traversedGroups=new HashSet();
Set relatedGroups=new HashSet();
List tempParentColl=新建CopyOnWriteArrayList();
List tempGroups=new ArrayList();
String loginUser=“CN=qa20Nest,OU=qa_OU,DC=ppma,DC=org”;
字符串筛选器=“(&(member=“+logiuser+”)(objectClass=group))”;
tempGroups=findNestedGroups(tempGroups、上下文、筛选器、登录用户、约束、,
tempParentColl、traversedGroups、getUserName(loginUser));
relatedGroups.addAll(临时组);
System.out.println(“父组:”);
for(字符串组:relatedGroups){
系统输出打印项次(组);
}
long end=System.currentTimeMillis();
长延时=结束-开始;
System.out.println(“以秒为单位的总时间:“+elapsedTime/1000”);
}
@抑制警告(“原始类型”)
public static List findNestedGroups(List tempgrpreslations、InitialDirContext上下文、字符串筛选器、,
字符串groupName、SearchControls约束、List tempParentColl、Set traversedGrp、,
字符串组标识符){
纳米根默比
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class MemberDemo {
private static final String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
private static final String connectionURL = "ldap://10.224.243.133:389";
private static final String connectionName = "CN=administrator,CN=users,DC=ppma,DC=org";
private static final String connectionPassword = "Conleyqa12345";
public static int nestLevel = 3;
public static int level = 1;
// Optional
private static final String authentication = null;
private static final String protocol = null;
private static String userBase = "OU=qa_OU,DC=ppma,DC=org";
public static void main(String[] args) throws NamingException {
long start = System.currentTimeMillis();
Hashtable<String, String> env = new Hashtable<String, String>();
// Configure our directory context environment.
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
env.put(Context.PROVIDER_URL, connectionURL);
env.put(Context.SECURITY_PRINCIPAL, connectionName);
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
if (authentication != null)
env.put(Context.SECURITY_AUTHENTICATION, authentication);
if (protocol != null)
env.put(Context.SECURITY_PROTOCOL, protocol);
InitialDirContext context = new InitialDirContext(env);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
Set<String> traversedGroups = new HashSet<String>();
Set<String> relatedGroups = new HashSet<String>();
List<String> tempParentColl = new CopyOnWriteArrayList<String>();
List<String> tempGroups = new ArrayList<String>();
String loginUser = "CN=qa20Nest,OU=qa_OU,DC=ppma,DC=org";
String filter = "(&(member=" + loginUser + ")(objectClass=group))";
tempGroups = findNestedGroups(tempGroups, context, filter, loginUser, constraints,
tempParentColl, traversedGroups, getUserName(loginUser));
relatedGroups.addAll(tempGroups);
System.out.println("Parent Groups :");
for (String group : relatedGroups) {
System.out.println(group);
}
long end = System.currentTimeMillis();
long elapsedTime = end - start;
System.out.println("Total time taken in sec : " + elapsedTime / 1000);
}
@SuppressWarnings("rawtypes")
public static List<String> findNestedGroups(List<String> tempGrpRelations, InitialDirContext context, String filter,
String groupName, SearchControls constraints, List<String> tempParentColl, Set<String> traversedGrp,
String groupIdentifier) {
NamingEnumeration results;
try {
traversedGrp.add(groupName);
results = context.search(userBase, filter, constraints);
// Fail if no entries found
if (results == null || !results.hasMore()) {
System.out.println("No result found for :" + groupName);
if (tempParentColl.isEmpty()) {
return tempGrpRelations;
} else {
tempParentColl.remove(groupName);
}
}
while (results.hasMore()) {
SearchResult result = (SearchResult) results.next();
System.out.println("DN - " + result.getNameInNamespace());
tempParentColl.add(result.getNameInNamespace());
tempGrpRelations.add(result.getNameInNamespace());
}
Iterator<String> itr = tempParentColl.iterator();
while (itr.hasNext()) {
String groupDn = itr.next();
String nfilter = "(&(member=" + groupDn + ")(objectClass=group))";
tempParentColl.remove(groupDn);
if (!traversedGrp.contains(groupDn)) {
findNestedGroups(tempGrpRelations, context, nfilter, groupDn, constraints, tempParentColl,
traversedGrp, getUserName(groupDn));
}
}
} catch (NamingException e) {
e.printStackTrace();
}
return tempGrpRelations;
}
public static String getUserName(String cnName) {
String name = cnName.substring(cnName.indexOf("CN=")).split(",")[0].split("=")[1];
return name;
}
}