从 JAVA 应用程序检查 LDAP 上的用户密码

Check user's password on LDAP from JAVA application

我从未使用过 LDAP。我必须写一个 JAVA class 来检查用户提供的密码是否正确。 Users/password 存储在 WSO2IS 的 LDAP 服务器中。这是配置:

<UserManager>
<Realm>
    <Configuration>
    <AddAdmin>true</AddAdmin>
            <AdminRole>admin</AdminRole>
            <AdminUser>
                 <UserName>admin</UserName>
                 <Password>admin</Password>
            </AdminUser>
        <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
        <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
    </Configuration>

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
        <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
        <Property name="ConnectionURL">ldap://localhost:10389</Property>
        <Property name="Disabled">false</Property>                       
        <Property name="ConnectionName">uid=admin,ou=system</Property>
        <Property name="ConnectionPassword">admin</Property>
        <Property name="passwordHashMethod">SHA</Property>
        <Property name="UserNameListFilter">(objectClass=person)</Property>
    <Property name="UserEntryObjectClass">identityPerson</Property>
        <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
        <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
        <Property name="UserNameAttribute">uid</Property>
    <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}

    
    true
            admin
            
                 admin
                 admin
            
        everyone 
        jdbc/WSO2CarbonDB
        org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
    


        org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
        ldap://localhost:10389
        false                       
        uid=admin,ou=system
        admin
        SHA
        (objectClass=person)
    identityPerson
        ou=Users,dc=wso2,dc=org
        (&(objectClass=person)(uid=?))
        uid
    [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{3,30}$
    ^[\S]{3,30}$
        [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{5,30}$
    true
    true
    false
        ou=Groups,dc=wso2,dc=org
        (objectClass=groupOfNames)
        groupOfNames
        (&(objectClass=groupOfNames)(cn=?))
        cn
        cn
        ou=SharedGroups,dc=wso2,dc=org
        groupOfNames
        (objectClass=groupOfNames)
        (&(objectClass=groupOfNames)(cn=?))
        (objectClass=organizationalUnit)
        ou
        organizationalUnit
        member
        true
    true
        100
        100
        false
    

    
        /permission
    true
    

lt;/Property>
        <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}

    
    true
            admin
            
                 admin
                 admin
            
        everyone 
        jdbc/WSO2CarbonDB
        org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
    


        org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
        ldap://localhost:10389
        false                       
        uid=admin,ou=system
        admin
        SHA
        (objectClass=person)
    identityPerson
        ou=Users,dc=wso2,dc=org
        (&(objectClass=person)(uid=?))
        uid
    [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{3,30}$
    ^[\S]{3,30}$
        [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{5,30}$
    true
    true
    false
        ou=Groups,dc=wso2,dc=org
        (objectClass=groupOfNames)
        groupOfNames
        (&(objectClass=groupOfNames)(cn=?))
        cn
        cn
        ou=SharedGroups,dc=wso2,dc=org
        groupOfNames
        (objectClass=groupOfNames)
        (&(objectClass=groupOfNames)(cn=?))
        (objectClass=organizationalUnit)
        ou
        organizationalUnit
        member
        true
    true
        100
        100
        false
    

    
        /permission
    true
    

lt;/Property>
    <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}

    
    true
            admin
            
                 admin
                 admin
            
        everyone 
        jdbc/WSO2CarbonDB
        org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
    


        org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
        ldap://localhost:10389
        false                       
        uid=admin,ou=system
        admin
        SHA
        (objectClass=person)
    identityPerson
        ou=Users,dc=wso2,dc=org
        (&(objectClass=person)(uid=?))
        uid
    [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{3,30}$
    ^[\S]{3,30}$
        [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{5,30}$
    true
    true
    false
        ou=Groups,dc=wso2,dc=org
        (objectClass=groupOfNames)
        groupOfNames
        (&(objectClass=groupOfNames)(cn=?))
        cn
        cn
        ou=SharedGroups,dc=wso2,dc=org
        groupOfNames
        (objectClass=groupOfNames)
        (&(objectClass=groupOfNames)(cn=?))
        (objectClass=organizationalUnit)
        ou
        organizationalUnit
        member
        true
    true
        100
        100
        false
    

    
        /permission
    true
    

lt;/Property>
        <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}

    
    true
            admin
            
                 admin
                 admin
            
        everyone 
        jdbc/WSO2CarbonDB
        org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
    


        org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
        ldap://localhost:10389
        false                       
        uid=admin,ou=system
        admin
        SHA
        (objectClass=person)
    identityPerson
        ou=Users,dc=wso2,dc=org
        (&(objectClass=person)(uid=?))
        uid
    [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{3,30}$
    ^[\S]{3,30}$
        [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{5,30}$
    true
    true
    false
        ou=Groups,dc=wso2,dc=org
        (objectClass=groupOfNames)
        groupOfNames
        (&(objectClass=groupOfNames)(cn=?))
        cn
        cn
        ou=SharedGroups,dc=wso2,dc=org
        groupOfNames
        (objectClass=groupOfNames)
        (&(objectClass=groupOfNames)(cn=?))
        (objectClass=organizationalUnit)
        ou
        organizationalUnit
        member
        true
    true
        100
        100
        false
    

    
        /permission
    true
    

lt;/Property>
        <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}

    
    true
            admin
            
                 admin
                 admin
            
        everyone 
        jdbc/WSO2CarbonDB
        org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
    


        org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager
        ldap://localhost:10389
        false                       
        uid=admin,ou=system
        admin
        SHA
        (objectClass=person)
    identityPerson
        ou=Users,dc=wso2,dc=org
        (&(objectClass=person)(uid=?))
        uid
    [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{3,30}$
    ^[\S]{3,30}$
        [a-zA-Z0-9._-|//]{3,30}$
        ^[\S]{5,30}$
    true
    true
    false
        ou=Groups,dc=wso2,dc=org
        (objectClass=groupOfNames)
        groupOfNames
        (&(objectClass=groupOfNames)(cn=?))
        cn
        cn
        ou=SharedGroups,dc=wso2,dc=org
        groupOfNames
        (objectClass=groupOfNames)
        (&(objectClass=groupOfNames)(cn=?))
        (objectClass=organizationalUnit)
        ou
        organizationalUnit
        member
        true
    true
        100
        100
        false
    

    
        /permission
    true
    

lt;/Property>
    <Property name="ReadGroups">true</Property>
    <Property name="WriteGroups">true</Property>
    <Property name="EmptyRolesAllowed">false</Property>
        <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
        <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="GroupEntryObjectClass">groupOfNames</Property>
        <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
        <Property name="GroupNameAttribute">cn</Property>
        <Property name="SharedGroupNameAttribute">cn</Property>
        <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
        <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
        <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
        <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
        <Property name="SharedTenantNameAttribute">ou</Property>
        <Property name="SharedTenantObjectClass">organizationalUnit</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
    <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
        <Property name="MaxRoleNameListLength">100</Property>
        <Property name="MaxUserNameListLength">100</Property>
        <Property name="SCIMEnabled">false</Property>
    </UserStoreManager>

    <AuthorizationManager
        class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
        <Property name="AdminRoleManagementPermissions">/permission</Property>
    <Property name="AuthorizationCacheEnabled">true</Property>
    </AuthorizationManager>
</Realm>

你能帮帮我吗?我不知道从哪里开始。谢谢。

您需要检查 user/password 使用某种身份验证的用户 API。有一个名为 RemoteUserStoreManagerService 的 Web 服务服务,您可以使用它来验证用户的 user/password。此 API 也可用于管理 LDAP 中的用户。您可以 add/update/delete LDAP 用户。有关 API 的更多详细信息可以从 here 中找到,使用简单的 java 客户端调用此 API