It's not possible to give you exact answer without knowing your schema.

在不知道您的架构的情况下，不可能给您确切的答案。

 LdapContext authContext = new InitialLdapContext(authEnv, null);
 SearchControls constraints = new SearchControls();
 String []returnedAttributes = {"mail"};
 String filter = "(userName={0})"; // You might want to limit search to user objects only based on objectClass
 String []filterAttributes = {userName};
 String baseDN = "CN=user,DC=company,DC=org"; // Replace this with the real baseDN
 constraints.setReturningAttributes(returnedAttributes)
 constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
 NamingEnumeration<SearchResult> results = authContext.search(baseDN, filter, filterAttributes, constraints);

You have several issues in your code. You are using Active Directory so the use of uid is not going to work. You would need to use CN.

您的代码中有几个问题。您正在使用 Active Directory，因此 uid 的使用将不起作用。您将需要使用 CN。

You do not show your baseDN, but are you sure you know what it is? Check "The Hard Part"

您没有显示您的 baseDN，但您确定您知道它是什么吗？检查“困难的部分”

Likewise, the ldapURL. Do as suggested, get a known LDAP browser and make a connection. Using Microsoft LIBs (or VB) will not show LDAP communication properly as MS does a lot of work under the covers for you. My current favorite.

同样，ldapURL。按照建议进行操作，获取已知的 LDAP 浏览器并建立连接。使用 Microsoft LIB（或 VB）不会正确显示 LDAP 通信，因为 MS 在幕后为您做了很多工作。我目前最喜欢的。

Try someone else's codethat is know to work against AD.

尝试其他人的已知可以对抗 AD的代码。

you are doing wrong in this line:

你在这一行做错了：

NamingEnumeration results = authContext.search("mail", userName, constraints);

the first argument to authContext.search is the base, its should be your server's domain

authContext.search 的第一个参数是基础，它应该是您服务器的域

ex:

前任：

ou=People,dc=google,dc=com

Note: use some graphical LDAP Browser to figure out the domain

注意：使用一些图形化的 LDAP 浏览器来找出域

A search request consists of, at a minimum:

搜索请求至少包括：

• the base object, below which entries are candidates for being returned in the search result
• the scope of the search (base, one, or sub)
• a filter to determine which candidates are returned in the search result, for example, mail=*(present), cn=Stack Overflow(equality), cn=Stack*(substring)
• a list of attributes to return

• 基础对象，其下方的条目是搜索结果中返回的候选对象
• 搜索范围 ( base, one, 或sub)
• 用于确定搜索结果中返回哪些候选的过滤器，例如，mail=*(present), cn=Stack Overflow(equality), cn=Stack*(substring)
• 要返回的属性列表

Entries are candidates for being returned:

参赛作品是被退回的候选人：

• if they are at or below the search base (with the exception of search scope onein which only the entries immediately subordinate to the base object are returned but not the base object itself)
• the assertion in the filter matches attribute values in the entry, for example, the presentfilter mail=*would match all entries at or below the base object that have a mailattribute except for search scope oneas noted

• 如果它们处于或低于搜索基础（搜索范围除外，one其中仅返回直接从属于基础对象的条目，而不返回基础对象本身）
• 在过滤器中的断言的属性值相匹配的条目，例如，该present过滤器mail=*将匹配于或基本对象低于具有所有条目mail除了搜索范围属性one如所指出

see also

也可以看看

• LDAP: Search Practices

• LDAP：搜索实践

Check Oracles tutorials on this: http://docs.oracle.com/javase/tutorial/jndi/ldap/jndi.html

检查 Oracles 教程：http: //docs.oracle.com/javase/tutorial/jndi/ldap/jndi.html

In your example the first parameter should be the search base, means where your users are located within the directory, i.e. "ou=people". The second one is the search filter, in your example probably some attribute you can match the user against. i.e. "sn="+userName (<- Should be encoded).

在您的示例中，第一个参数应该是search base，表示您的用户在目录中的位置，即“ou=people”。第二个是搜索过滤器，在您的示例中可能是您​​可以匹配用户的某些属性。即 "sn="+userName (<- 应该被编码)。

The value of "mail" should be within the result, as this is the information you want to get.

“邮件”的值应该在结果内，因为这是您想要获取的信息。

Also see http://docs.oracle.com/javase/1.6/docs/api/javax/naming/directory/DirContext.html

另请参阅http://docs.oracle.com/javase/1.6/docs/api/javax/naming/directory/DirContext.html

LDAP is not easy, try to find some good tutorials to get started with.

LDAP 并不容易，试着找一些好的教程开始。