java LDAP 搜索基础 DN 不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17320237/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
LDAP search base DN not working
提问by David F. Suárez Chacón
I'm trying to perform an LDAP search into many different OUs that are located at the root of the directory.
我正在尝试对位于目录根目录的许多不同 OU 执行 LDAP 搜索。
Context initialization:
上下文初始化:
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_CREDENTIALS, "somePassword");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_PRINCIPAL, "MYDOMAIN\\myUsername");
env.put(Context.PROVIDER_URL, "ldap://myLdapServer:389");
searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctx = new InitialDirContext(env);
So for searching an user I call
所以为了搜索用户,我打电话
ctx.search("OU=OrgUnitOne,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
or
或者
ctx.search("OU=OrgUnitTwo,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
and either works fine. But since I want to search into all of OUs in the root of DA, I have to use another baseDN for the search, which I've failed to find. I've tried the following but none seems to work...
要么工作正常。但是由于我想搜索 DA 根目录中的所有 OU,所以我必须使用另一个 baseDN 进行搜索,但我没有找到。我已经尝试了以下但似乎没有工作...
Without OU:
没有 OU:
ctx.search("DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=mysite,DC=com'
Empty searchBasestring:
空searchBase字符串:
ctx.search("", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:'']; remaining name ''
Desperate wildcard *
绝望的通配符 *
ctx.search("OU=\*,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'DC=mysite,DC=com']; remaining name 'OU=*,DC=mysite,DC=com'
Desperate wildcard %
绝望的通配符 %
ctx.search("OU=%,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'DC=mysite,DC=com']; remaining name 'OU=%,DC=mysite,DC=com'
Desperate OR operator |
绝望的 OR 运算符 |
ctx.search("OU=OrgUnitOne|OrgUnitTwo,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'DC=mysite,DC=com'];
remaining name 'OU=OrgUnitOne|OrgUnitTwo,DC=mysite,DC=com'
余名 'OU=OrgUnitOne|OrgUnitTwo,DC=mysite,DC=com'
Is there a way to achieve this search over all the root OUs?
有没有办法在所有根 OU 上实现这种搜索?
回答by Khalid Habib
This works for me:
这对我有用:
Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://ldapHost");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, "CN=Administrator,CN=Users,DC=domain,DC=com");
ldapEnv.put(Context.SECURITY_CREDENTIALS, "secret");
ldapContext = new InitialDirContext(ldapEnv);
// Create the search controls
SearchControls searchCtls = new SearchControls();
// Specify the attributes to return
String returnedAtts[]={"sn","givenName", "samAccountName"};
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = "(&(samAccountName=userName))";
// Specify the Base for the search
String searchBase = "dc=domain,dc=com";
// initialize counter to total the results
int totalResults = 0;
// Search for objects using the filter
NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, searchFilter, searchCtls);
// Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
Attributes attrs = sr.getAttributes();
System.out.println(">>>>>>" + attrs.get("samAccountName"));
}
System.out.println("Total results: " + totalResults);
ldapContext.close();
回答by Terry Gardner
Construct a search request using the desired base object, a search scope of sub, a filter that restricts the entries returned to just the entries desired, and a list of requested attributes. Using the UnboundID LDAP SDK:
使用所需的基础对象、搜索范围sub、将返回的条目限制为所需条目的过滤器以及请求的属性列表构建搜索请求。使用 UnboundID LDAP SDK:
SearchRequest req = new SearchRequest("dc=mysite,dc=com",
SearchScope.SUB,"samAccountName=someUserName","1.1");
SearchResult searchResult = ldapConnection.search(req);
This search will return all of the entries (1.1means return no attributes, replace this with the list of attributes desired) in which the samAccounName attribute contains the value "someUserName" (matching of the values is performed using matching rules) if the server permits. In some cases, the server administrators may not permit this search because it traverses the entire directory server database. Also, the connection's authorization state must permit the examination of the samAccountName. Note that a search can be successful (result code SUCCESS, integer 0) but no entries returned.
如果服务器允许,此搜索将返回所有条目(1.1意味着不返回任何属性,将其替换为所需的属性列表),其中 samAccounName 属性包含值“someUserName”(使用匹配规则执行值的匹配)。在某些情况下,服务器管理员可能不允许此搜索,因为它遍历整个目录服务器数据库。此外,连接的授权状态必须允许检查. 请注意,搜索可能成功(结果代码 SUCCESS,整数 0),但不会返回任何条目。samAccountName
- The is no "or" operator for distinguished names.
- There is no "wildcard" operator in distinguished names
- 可分辨名称没有“或”运算符。
- 专有名称中没有“通配符”运算符
