對這文章發表回應
發表限制: 非會員 可以發表
發表者: 冷日 發表時間: 2021/8/11 8:14:05
java如何呼叫ldap協議【LdapContext】
java教程 · 發表
背景:
做了個系統需要用集團的使用者id登入。而集團使用者系統是用ldap做的。
關鍵知識點
1. 設定連線
ctx = new InitialLdapContext(env, connCtls);
2.設定url和查詢的子路徑
env.put(Context.PROVIDER_URL, URL);// LDAP serverenv.put(Context.SECURITY_PRINCIPAL, SEARCHDN);
3. 設定密碼
env.put(Context.SECURITY_CREDENTIALS, "password");
4.取得返回值屬性
if (obj instanceof SearchResult) {SearchResult si = (SearchResult) obj;Attributes userInfo = si.getAttributes();userDN += userInfo.toString();userDN += "," + BASEDN;}
5.不需要下載任何第三方辦,什麼ldapjdk.jar不用的
背景知識:
LDAP是輕量目錄訪問協議,英文全稱是Lightweight Directory Access Protocol,一般都簡稱為LDAP。它是基於X.500標準的,但是簡單多了並且可以根據需要定製。與X.500不同,LDAP支援TCP/IP,這對訪問Internet是必須的。LDAP的核心規範在RFC中都有定義,所有與LDAP相關的RFC都可以在LDAPman RFC網頁中找到
附原始碼如下:
package com.domain;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class UserAuthenticate {
private String URL = "ldap://localhost:389";
private String SEARCHDN = "CN=alimailfad,OU=service,DC=hz,DC=ali,DC=com";
private String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private String BASEDN = "DC=hz,DC=ali,DC=com";
private LdapContext ctx = null;
private Hashtable env = null;
private Control[] connCtls = null;
private void LDAP_connect() {
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
env.put(Context.PROVIDER_URL, URL);
// LDAP server env.put(Context.SECURITY_PRINCIPAL, SEARCHDN);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_CREDENTIALS, "password");
// 此處若不指定使用者名稱和密碼,則自動轉換為匿名登入
try {
ctx = new InitialLdapContext(env, connCtls);
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private String getUserDN(String email) {
String userDN = "";
LDAP_connect();
try {
String filters = "(&;(&;(objectCategory=person)(objectClass=user))(sAMAccountName=elbert.chenh))";
String[] returnedAtts = { "distinguishedName", "userAccountControl", "displayName", "employeeID" };
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
if (returnedAtts != null && returnedAtts.length > 0) {
constraints.setReturningAttributes(returnedAtts);
}
NamingEnumeration en = ctx.search(BASEDN, filters, constraints);
if (en == null) {
System.out.println("Have no NamingEnumeration.");
}
if (!en.hasMoreElements()) {
System.out.println("Have no element.");
} else {
while (en != null && en.hasMoreElements()) {
Object obj = en.nextElement();
if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
Attributes userInfo = si.getAttributes();
userDN += userInfo.toString();
userDN += "," + BASEDN;
} else {
System.out.println(obj.toString());
}
System.out.println(userDN);
}
}
} catch (Exception e) {
System.out.println("Exception in search():" + e);
}
return userDN;
}
public boolean authenricate(String ID, String password) {
boolean valide = false;
String userDN = getUserDN(ID);
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
System.out.println(userDN + " is authenticated");
valide = true;
} catch (AuthenticationException e) {
System.out.println(userDN + " is not authenticated");
System.out.println(e.toString());
valide = false;
} catch (NamingException e) {
System.out.println(userDN + " is not authenticated");
valide = false;
}
return valide;
}
}
原文出處: java如何呼叫ldap協議【LdapContext】 - IT閱讀
參考資料:javax.naming.ldap (Java Platform SE 7 )