当前位置:theitroad>java 如何使用 UnboundID LDAP SDK 查找用户在 LDAP 中的所有角色?

java 如何使用 UnboundID LDAP SDK 查找用户在 LDAP 中的所有角色?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/17921842/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-01 19:37:08  来源:igfitidea点击:

How do I find all the roles a user has in LDAP using the UnboundID LDAP SDK?

javaldapunboundid-ldap-sdk

提问by kajafls

I am having trouble finding the roles a user belongs to, I've tried the following code and it gives a lot of attributes, but what I am interested in is what roles the user belongs to in a certain app.

我无法找到用户所属的角色,我尝试了以下代码,它提供了很多属性,但我感兴趣的是用户在某个应用程序中属于哪些角色。

The user I am searching for belongs to the following two groups (userrole and adminrole). How do I retreive this information?

我要搜索的用户属于以下两个组(userrole 和 adminrole)。我如何检索这些信息?

DN: cn=userrole,ou=roles,ou=appname,ou=apps,ou=groups,dc=example,dc=no

DN:cn=userrole,ou=roles,ou=appname,ou=apps,ou=groups,dc=example,dc=no

DN: cn=adminrole,ou=roles,ou=appname,ou=apps,ou=groups,dc=example,dc=no

DN:cn=a​​dminrole,ou=roles,ou=appname,ou=apps,ou=groups,dc=example,dc=no

private final String host = "host.example.com";
private final int port = 389;
private final String bindDn = "uid=appname,ou=systems,dc=example,dc=no";
private final String password = "password";
private final String searchDn = "dc=example,dc=no";

public SearchResultEntry getUserDetails(String username) {
    try {
        final LDAPConnection connection = new LDAPConnection(host, port,
                bindDn, password);
        SearchResult searchResults;
        searchResults = connection.search(searchDn, SearchScope.SUB,
                "(uid=" + username + ")", "+");

        if (searchResults.getEntryCount() == 1) {
            SearchResultEntry entry = searchResults.getSearchEntries().get(
                    0);
            connection.close();
            return entry;
        } else {
            LOGGER.error("NOT FOUND!");
            connection.close();
            return null;
        }
    } catch (LDAPException e) {
        LOGGER.error("Exception");
        return null;
    }
}

回答by Michael

Use the following function. Assumption that you works with SUN LDAP (you use uid):

使用以下功能。假设您使用 SUN LDAP(您使用uid):

Edited

已编辑

private boolean isGroupContainUser(LDAPConnection ldapConnection, String groupDn, String userDn) throws LDAPException {
    boolean ret = false;
    Entry groupEntry = ldapConnection.getEntry(groupDn);

    String[] memberValues = groupEntry.getAttributeValues("uniquemember");
    if (memberValues != null) {
        DN ldapUserDn = new DN(userDn);
        for (String memberEntryDnString : memberValues) {
            DN memberEntryDn = new DN(memberEntryDnString);
            if (memberEntryDn.equals(ldapUserDn)) {
                ret = true;
                break;
            }
        }
    }
    return ret;
}

回答by Terry Gardner

The server might support either memberOfor isMemberOf. These are attributes (in most servers these attributes are virtual, that is, they do not occupy any storage and are generated upon client request) whose presence in an object indicates the group membership of the object. Here is an example that assumes the server supports the isMemberOfattribute:

服务器可能支持memberOfisMemberOf。这些是属性(在大多数服务器中,这些属性是虚拟的,也就是说,它们不占用任何存储空间并根据客户端请求生成),它们在对象中的存在表明对象的组成员身份。这是一个假设服务器支持该isMemberOf属性的示例:

String[] getGroupMembership() {

    try {

        // SSL can be supported by using a SocketFactory
        SocketFactory socketFactory = createSocketFactory();

        LDAPConnectionOptions options = new LDAPConnectionOptions();
        options.setConnectTimeoutMillis(connectTimeoutMillis);

        // Try to connect to a single server. It is also possible to use
        // a 'ServerSet' for support of multiple servers.
        LDAPConnection ldapConnection =
            new LDAPConnection(socketFactory,options,hostname,port,
                userDN,userPassword); 

        try {

            // Some broken directory servers, most notably the old Sun 
            // directory servers, do not support the legal filter "(&)".
            // If this is the case, use the present filter "(objectClass=*)"
            // instead. 
            SearchRequest searchRequest =
               new SearchRequest(userDN,SearchScope.BASE,"(&)","isMemberOf");
            searchRequest.setResponseTimeoutMillis(responseTimeoutMillis);

            SearchResult searchResult = ldapConnection.search(searchRequest);

            if(searchResult.getEntryCount() == 1) {
                Entry entry = searchResult.getSearchEntry(userDN);
                return getAttributeValues("isMemberOf");
           }

        } catch(LDAPException ex) {
            // Handle the exception
        } finally {
            ldapConnection.close();
        }

    } catch(LDAPException ldapException) {
        // Handle the connection exception here
    } 

    return null;
}

see also

也可以看看

相关推荐

Java .drawImage:如何“取消绘制”或删除图像?

Java .drawImage:如何“取消绘制”或删除图像?

Java 在一种方法中使用两个可变参数

Java 在一种方法中使用两个可变参数

java 回合制游戏设计:事件驱动与游戏循环

java 回合制游戏设计:事件驱动与游戏循环

java try、catch 和 finally 的确切执行顺序是什么?

java try、catch 和 finally 的确切执行顺序是什么?

相关推荐
最近更新
标签