使用用户名使用 UnboundID 对 Active Directory 用户进行身份验证
Authenticate an Active Directory user with UnboundID using username
我正在构建一个应用程序,我需要使用 UnboundID
连接到 Active Directory。使用 example,我设法将用户与其 distinguishedName
和 password
.
联系起来
但是我想仅使用 domain
和 username
来验证它们,类似于 Windows 中的做法。使用名为 JXplorer
的工具浏览 AD,似乎 sAMAccountName
可能是我需要的 属性。但是,将 distinguishedName
替换为 sAMAccountName 会导致 AcceptSecurityContext
错误。使用示例中显示的 "uid=..."
语法也会产生相同的错误。
有没有办法只使用域 username
/sAMAccountName
和 password
登录。或者我是否需要以某种方式搜索 AD 并找到我希望验证的用户的 distinguishedName
,然后使用他们的 distinguishedName
和 password
绑定连接?
您将需要使用具有适当权限的帐户来搜索 samAccountName 以找到用户,然后使用可分辨名称绑定为找到的用户。
您需要确保只从搜索中 return 一个条目。
示例仅供演示!
参数类似于:
"adldap.example.com" "CN=bob,OU=Users,DC=example,DC=com" "connPwd" "OU=Users,DC=example,DC=com" "samAccountName" "findUserValue" "userPassword"
/**
* @author jwilleke <br/>
* Use For Demonstration Purposes ONLY!
* @param args
*/
public static void main(String[] args)
{
String connHost = args[0];
String connID = args[1];
String connPwd = args[2];
String searchBase = args[3];
String findUserByAttribute = args[4];
String findUserValue = args[5];
String userPassword = args[6];
int connPort = 389;
// TODO Auto-generated method stub
String actualLDAPServer = null;
RootDSE rootDSE = null;
// If I were doing this for real, I would use a POOL for Connections
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); // Use For Demonstration Purposes ONLY!
SSLSocketFactory sslSocketFactory = null;
try
{
sslSocketFactory = sslUtil.createSSLSocketFactory();
}
catch (GeneralSecurityException e1)
{
// TODO Auto-generated catch block
e1.printStackTrace();
}
SimpleBindRequest adminBindRequest = new SimpleBindRequest(connID, connPwd);
LDAPConnection adminConnection = new LDAPConnection(sslSocketFactory);
try
{
adminConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP adminConnection to:" + connHost + ":" + connPort);
adminConnection.bind(adminBindRequest);
log.debug("Successful Bind as:" + connID);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
LDAPConnection userConnection = new LDAPConnection(sslSocketFactory);
try
{
userConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP userConnection to:" + connHost + ":" + connPort);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
// Construct Filter to find user
Filter findUserfilter = null;
findUserfilter = Filter.createEqualityFilter(findUserByAttribute, findUserValue);
// Create Search Request
SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, findUserfilter);
searchRequest.setSizeLimit(1); // We will error if we get more than one hit
SearchResult searchResult = null;
try
{
searchResult = adminConnection.search(searchRequest);
}
catch (LDAPSearchException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
String userDN = null;
if (searchResult.getEntryCount() > 1)
{
log.error("We got more than one Entry for:" + searchRequest.getFilter());
}
if (searchResult.getEntryCount() == 0)
{
log.error("We got No Entries for:" + searchRequest.getFilter());
}
for (SearchResultEntry entry : searchResult.getSearchEntries())
{
userDN = entry.getDN();
log.debug("Found an Entry: " + userDN);
}
SimpleBindRequest userBindRequest = new SimpleBindRequest(userDN, userPassword);
if (userBindRequest.getBindDN() == null)
{
log.warn("We got a null for the userBindRequest UserDN and therefore the bind is anonymous !");
}
if (userBindRequest.getPassword() == null)
{
log.warn("We got a null for the userBindRequest Password and therefore the bind is anonymous !");
}
try
{
userConnection.bind(userDN, userPassword);
log.debug("Successful userConnection Bind as:" + userDN);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
-吉姆
正如@ioplex 在他的评论中所说,AD 接受使用来自 sAMAccountName 的用户名并附加域名的绑定。只需使用它而不是绑定上的 DN:
String userId = username + "@" + domain;
SimpleBindRequest adminBindRequest = new SimpleBindRequest(userId, passsword);
最终的用户 ID 类似于 'eharris@contoso.local'
我正在构建一个应用程序,我需要使用 UnboundID
连接到 Active Directory。使用 example,我设法将用户与其 distinguishedName
和 password
.
但是我想仅使用 domain
和 username
来验证它们,类似于 Windows 中的做法。使用名为 JXplorer
的工具浏览 AD,似乎 sAMAccountName
可能是我需要的 属性。但是,将 distinguishedName
替换为 sAMAccountName 会导致 AcceptSecurityContext
错误。使用示例中显示的 "uid=..."
语法也会产生相同的错误。
有没有办法只使用域 username
/sAMAccountName
和 password
登录。或者我是否需要以某种方式搜索 AD 并找到我希望验证的用户的 distinguishedName
,然后使用他们的 distinguishedName
和 password
绑定连接?
您将需要使用具有适当权限的帐户来搜索 samAccountName 以找到用户,然后使用可分辨名称绑定为找到的用户。
您需要确保只从搜索中 return 一个条目。
示例仅供演示!
参数类似于:
"adldap.example.com" "CN=bob,OU=Users,DC=example,DC=com" "connPwd" "OU=Users,DC=example,DC=com" "samAccountName" "findUserValue" "userPassword"
/**
* @author jwilleke <br/>
* Use For Demonstration Purposes ONLY!
* @param args
*/
public static void main(String[] args)
{
String connHost = args[0];
String connID = args[1];
String connPwd = args[2];
String searchBase = args[3];
String findUserByAttribute = args[4];
String findUserValue = args[5];
String userPassword = args[6];
int connPort = 389;
// TODO Auto-generated method stub
String actualLDAPServer = null;
RootDSE rootDSE = null;
// If I were doing this for real, I would use a POOL for Connections
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); // Use For Demonstration Purposes ONLY!
SSLSocketFactory sslSocketFactory = null;
try
{
sslSocketFactory = sslUtil.createSSLSocketFactory();
}
catch (GeneralSecurityException e1)
{
// TODO Auto-generated catch block
e1.printStackTrace();
}
SimpleBindRequest adminBindRequest = new SimpleBindRequest(connID, connPwd);
LDAPConnection adminConnection = new LDAPConnection(sslSocketFactory);
try
{
adminConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP adminConnection to:" + connHost + ":" + connPort);
adminConnection.bind(adminBindRequest);
log.debug("Successful Bind as:" + connID);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
LDAPConnection userConnection = new LDAPConnection(sslSocketFactory);
try
{
userConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP userConnection to:" + connHost + ":" + connPort);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
// Construct Filter to find user
Filter findUserfilter = null;
findUserfilter = Filter.createEqualityFilter(findUserByAttribute, findUserValue);
// Create Search Request
SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, findUserfilter);
searchRequest.setSizeLimit(1); // We will error if we get more than one hit
SearchResult searchResult = null;
try
{
searchResult = adminConnection.search(searchRequest);
}
catch (LDAPSearchException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
String userDN = null;
if (searchResult.getEntryCount() > 1)
{
log.error("We got more than one Entry for:" + searchRequest.getFilter());
}
if (searchResult.getEntryCount() == 0)
{
log.error("We got No Entries for:" + searchRequest.getFilter());
}
for (SearchResultEntry entry : searchResult.getSearchEntries())
{
userDN = entry.getDN();
log.debug("Found an Entry: " + userDN);
}
SimpleBindRequest userBindRequest = new SimpleBindRequest(userDN, userPassword);
if (userBindRequest.getBindDN() == null)
{
log.warn("We got a null for the userBindRequest UserDN and therefore the bind is anonymous !");
}
if (userBindRequest.getPassword() == null)
{
log.warn("We got a null for the userBindRequest Password and therefore the bind is anonymous !");
}
try
{
userConnection.bind(userDN, userPassword);
log.debug("Successful userConnection Bind as:" + userDN);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
-吉姆
正如@ioplex 在他的评论中所说,AD 接受使用来自 sAMAccountName 的用户名并附加域名的绑定。只需使用它而不是绑定上的 DN:
String userId = username + "@" + domain;
SimpleBindRequest adminBindRequest = new SimpleBindRequest(userId, passsword);
最终的用户 ID 类似于 'eharris@contoso.local'