The best API to use with Java is the UnboundID LDAP SDK. It's clear, complete, fully implements the LDAP standard specification, easy-to-use and understand, fully documented, thread-safe where it should be, and the standard edition is free. No other API even comes close.

与 Java 一起使用的最佳 API 是UnboundID LDAP SDK。它清晰、完整、完全实现了 LDAP 标准规范、易于使用和理解、完整记录、线程安全，并且标准版是免费的。没有其他 API 能与之媲美。

see also

也可以看看

• LDAP Examples using the UnboundID LDAP SDK

• 使用 UnboundID LDAP SDK 的 LDAP 示例

Had to dive into Java LDAP SDK market, as some old LDAP JAVA programs with SDK bugs needed to be fixed and I had lost up-to-date overview of supported Java LDAP APIs for a while. A little research has brought me to several aged overviews and this rather old thread. I thought, I'd just share my more-up-to-date SDK findings here.

不得不进入 Java LDAP SDK 市场，因为需要修复一些带有 SDK 错误的旧 LDAP JAVA 程序，而且我已经有一段时间失去了支持的 Java LDAP API 的最新概述。一些研究让我看到了几个陈旧的概述和这个相当古老的线程。我想，我只想在这里分享我最新的 SDK 发现。

As of today, this is what the Java LDAP SDK market seems to offer:

截至今天，Java LDAP SDK 市场似乎提供了以下内容：

jLDAP (Novell Java LDAP SDK), OpenLDAP Java SDK (sibling fork of Novell LDAP SDK), Netscape/Sun Java LDAP SDK, OpenDS LDAP SDK: All 4 repositories seem practically dead/unmaintained for several years (some of them for a decade now) now. No backing companies or active communities in sight.

jLDAP（Novell Java LDAP SDK）、OpenLDAP Java SDK（Novell LDAP SDK 的兄弟分支）、Netscape/Sun Java LDAP SDK、OpenDS LDAP SDK：所有 4 个存储库似乎实际上已死/未维护好几年（其中一些已经十年了） 现在。看不到支持公司或活跃的社区。

Oracle LDAP SDK: Basically the former Netscape/Sun Java SDK with paid Oracle support, but otherwise not maintained either. Does not even exist in the open source world.

Oracle LDAP SDK：基本上是以前的 Netscape/Sun Java SDK，有付费的 Oracle 支持，但也没有维护。甚至在开源世界中都不存在。

OpenDJ Java LDAP SDK: The backing company has moved away from the open source market, no longer maintain this SDK. The most recent SDK version 3.0.0 is already several years old and never left beta stage, the latest official release version is even older: 2.6.11. The commercial version of the SDK is said to be practically abandonned either.

OpenDJ Java LDAP SDK：后盾公司已经离开开源市场，不再维护这个SDK。最新的 SDK 版本 3.0.0 已经有好几年了，从未离开过测试阶段，最新的正式发布版本更旧：2.6.11。SDK 的商业版本据说也几乎被放弃了。

ldaptive.org: some university project. A former JNDI wrapper, but now claims to have an own LDAP SDK protocol implementation. There seem to be no community or users outside of the university perimeter. Not dead, but currently unclear, what quality state to expect here. If you'd ask me, this project would have done a lot better, to spend their time backing the Apache LDAP SDK project, as no one actually needs yet another look-mom-I-also-made-an LDAP-Client-SDK in an a saturated market full of other mostly mediocre JAVA LDAP SDKs.

ldaptive.org：一些大学项目。以前的 JNDI 包装器，但现在声称拥有自己的 LDAP SDK 协议实现。大学外围似乎没有社区或用户。没有死，但目前还不清楚，这里可以期待什么质量状态。如果你问我，这个项目会做得更好，花时间支持 Apache LDAP SDK 项目，因为实际上没有人需要再看看-妈妈-我-也-做了-一个 LDAP-Client-SDK在一个充斥着其他大多数平庸的 JAVA LDAP SDK 的饱和市场中。

Apache LDAP SDK: Compared to other Apache projects, the LDAP SDK shows really slow pace. Somehow Apache LDAP seems to miss a real company backing things, it's only talented hobby enthusiasts pusing things forward. You probably do not want to start any new projects with SDK V1.0, as they state that V2.0 breaks interface code. but you probably also do not want to use SDK V2.0 yet, as it's still beta and no one knows for how much longer it will stay beta (V1 stayed beta for 6 years....). The SDK is far from being dead, it's just showing really really slow progress.

Apache LDAP SDK：与其他 Apache 项目相比，LDAP SDK 显示出非常缓慢的速度。不知何故，Apache LDAP 似乎错过了一家真正支持事物的公司，它只是推动事物向前发展的才华横溢的业余爱好者。您可能不想使用 SDK V1.0 启动任何新项目，因为它们声明 V2.0 破坏了接口代码。但是您可能还不想使用 SDK V2.0，因为它仍然是 beta 版本，没有人知道它会保持 beta 多长时间（V1 保持 beta 6 年......）。SDK 远未消亡，它只是表现出非常缓慢的进展。

Java JNDI: Built into Java since ages and has not changed since release. Still is really ugly for coding, documentation is a mess, every task beyond basic search is an implementation nightmare, basically every project fails to properly implement it, several things are broken by design. There seem to have been a few concept ideas of a JNDI-LDAP-successor for a future JDK, but nothing has ever followed so far.

Java JNDI：内置于 Java 中，自发布以来一直没有改变。编码仍然非常丑陋，文档一团糟，基本搜索之外的每项任务都是实现的噩梦，基本上每个项目都无法正确实现它，有几件事被设计破坏了。似乎有一些关于未来 JDK 的 JNDI-LDAP 继任者的概念想法，但到目前为止还没有任何进展。

Unbound SDK: Mature, best maintained SDK, Has huge amount of features. Though the backing company is still nurtured from venture capital, burning money. So far it does not look like they stand on their own feet any time soon. So the long term aspect of SDK backing support is unclear. A former party pooper for the SDK in commercial projects once was it's GPL license. The open source version now seems to have a LGPL license as well (that may or may not fit a project).

未绑定的SDK：成熟的、维护得最好的SDK，拥有大量的功能。尽管这家支持公司仍然是由风险投资培育出来的，烧钱。到目前为止，看起来他们不会很快独立。因此，SDK 支持的长期方面尚不清楚。商业项目中 SDK 的前党派人士曾经是它的 GPL 许可证。开源版本现在似乎也有 LGPL 许可证（可能适合也可能不适合项目）。

Spring: seems like a stable LDAP SDK, plus has the large Spring community. But less feature-rich and no bleeding edge stuff. Personally no experience yet though with this SDK.

Spring：看起来像一个稳定的 LDAP SDK，加上拥有庞大的 Spring 社区。但功能较少，也没有前沿的东西。个人还没有使用这个 SDK 的经验。

So right now, Java LDAP seem have a reasonable choice of four: JNDI, Unbound, Spring, Apache, each with their pros and cons. And you probably will hate JNDI a lot, as soon as you start using it. A good advice might be, to not rush into migration projects of old SDKs and to invest into the extra effort of implementing wrapper code, to be at all able to easily switch the SDK later when needed.

所以现在，Java LDAP 似乎有四种合理的选择：JNDI、Unbound、Spring、Apache，每种都有其优缺点。一旦你开始使用它，你可能会非常讨厌 JNDI。一个很好的建议可能是，不要急于进行旧 SDK 的迁移项目并投入额外的精力来实现包装器代码，以便在以后需要时能够轻松地切换 SDK。

Check the Apache Directory Client APIit is opensource and has an active community (full disclosure: I work on Apache Directory project) and most importantly Apache Directory Client supports all basic LDAP controls including password policy and syncrepl by default unlike some commercial versions which support these in a paid version only.

检查Apache Directory Client API，它是开源的并且有一个活跃的社区（完全披露：我从事 Apache Directory 项目），最重要的是 Apache Directory Client 默认支持所有基本的 LDAP 控件，包括密码策略和 syncrepl，这与一些支持这些的商业版本不同仅限付费版本。

You can easily add new/custom controls and extended operations if needed and it is very easy to start an in-memory Directory Server with the help of the annotation driven test framework

如果需要，您可以轻松添加新/自定义控件和扩展操作，并且在注释驱动的测试框架的帮助下启动内存目录服务器非常容易

Take a look at this exampleto see how you can leverage the API and test framework for unit testing.

查看此示例，了解如何利用 API 和测试框架进行单元测试。

And otoh, if you ever need a Kerberos v5 server in your unit test, it is just an annotation away.

另外，如果您在单元测试中需要 Kerberos v5 服务器，那么它只是一个注释。

We use the the UnboundID LDAP SDK. It is very good and there are many examples and good support.

我们使用 UnboundID LDAP SDK。非常好，有很多例子和很好的支持。

Poor support and maintenance for the JLDAP and Mozilla Directory APIs is why we QUIT using them.

对 JLDAP 和 Mozilla 目录 API 的支持和维护不佳是我们停止使用它们的原因。

Like the https://wiki.mozilla.org/LDAP_Java_SDKdoes not exist. The JLDP sdk has not been updated in YEARS. (2009 as I recall).

像https://wiki.mozilla.org/LDAP_Java_SDK不存在。JLDP sdk 已多年未更新。（我记得是 2009 年）。

There is also open source lib from Imperva https://github.com/imperva/domain-directory-controller

还有来自 Imperva https://github.com/imperva/domain-directory-controller 的开源库

There You can find a pretty good examples of queries.

在那里您可以找到一个很好的查询示例。

I'm using https://www.ldaptive.org/in production, so far I'm pleased it's like 'ORM'

我在生产中使用https://www.ldaptive.org/，到目前为止我很高兴它就像“ORM”