从 JAVA 应用程序检查 LDAP 上的用户密码
Check user's password on LDAP from JAVA application
我从未使用过 LDAP。我必须写一个 JAVA class 来检查用户提供的密码是否正确。 Users/password 存储在 WSO2IS 的 LDAP 服务器中。这是配置:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="Disabled">false</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
你能帮帮我吗?我不知道从哪里开始。谢谢。
您需要检查 user/password 使用某种身份验证的用户 API。有一个名为 RemoteUserStoreManagerService
的 Web 服务服务,您可以使用它来验证用户的 user/password。此 API 也可用于管理 LDAP 中的用户。您可以 add/update/delete LDAP 用户。有关 API 的更多详细信息可以从 here 中找到,使用简单的 java 客户端调用此 API
我从未使用过 LDAP。我必须写一个 JAVA class 来检查用户提供的密码是否正确。 Users/password 存储在 WSO2IS 的 LDAP 服务器中。这是配置:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="Disabled">false</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}
true
admin
admin
admin
everyone
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
ldap://localhost:10389
false
uid=admin,ou=system
admin
SHA
(objectClass=person)
identityPerson
ou=Users,dc=wso2,dc=org
(&(objectClass=person)(uid=?))
uid
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{3,30}$
^[\S]{3,30}$
[a-zA-Z0-9._-|//]{3,30}$
^[\S]{5,30}$
true
true
false
ou=Groups,dc=wso2,dc=org
(objectClass=groupOfNames)
groupOfNames
(&(objectClass=groupOfNames)(cn=?))
cn
cn
ou=SharedGroups,dc=wso2,dc=org
groupOfNames
(objectClass=groupOfNames)
(&(objectClass=groupOfNames)(cn=?))
(objectClass=organizationalUnit)
ou
organizationalUnit
member
true
true
100
100
false
/permission
true
lt;/Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
你能帮帮我吗?我不知道从哪里开始。谢谢。
您需要检查 user/password 使用某种身份验证的用户 API。有一个名为 RemoteUserStoreManagerService
的 Web 服务服务,您可以使用它来验证用户的 user/password。此 API 也可用于管理 LDAP 中的用户。您可以 add/update/delete LDAP 用户。有关 API 的更多详细信息可以从 here 中找到,使用简单的 java 客户端调用此 API