如何在 LDAP 中使用 DN 和密码在 Java 中进行绑定?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11045628/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to bind in Java using DN and Password in LDAP?
提问by user1177755
I want to search a user from LDAP and after getting the user I want to connect (validate) that particular user using his DN and Password I have successfully getting the DN but dont know how to bind it?
我想从 LDAP 搜索用户,在获取用户后,我想使用他的 DN 和密码连接(验证)该特定用户,我已成功获取 DN 但不知道如何绑定它?
回答by Houcem Berrayana
Here is an example that I took from the official documentation:
这是我从官方文档中获取的示例:
// Set up the environment for creating the initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial");
// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=S. User, ou=NewHires, o=JNDITutorial");
env.put(Context.SECURITY_CREDENTIALS, "mysecret");
DirContext ctx = new InitialDirContext(env);
You have to choose your right authentication model. I have tried it before and worked fine.
您必须选择正确的身份验证模型。我以前试过,效果很好。
回答by user207421
The LDAP bind() operation corresponds to the following in JNDI:
LDAP bind() 操作对应于 JNDI 中的以下内容:
Constructing an
InitialDirContextorInitialLdapContextwith enough information in the environment to cause a login, i.e. a security principal and credentials, orCalling
reconnect()on anLdapContextinitially obtained without any security information in the environment, or with security information relating to a different principal, but whose environment has subsequently been modified.
在环境中使用足够的信息构建一个
InitialDirContextorInitialLdapContext以导致登录,即安全主体和凭据,或呼叫
reconnect()上的LdapContext最初无需在环境中的任何安全信息获得,或与涉及到不同的主要安全信息,但其环境在随后被修改。
回答by Terry Gardner
When a connection is made to a directory server using LDAP, the connection state is unauthenticated. Requests can be transmitted on an unauthenticated connection, assuming the server administrators permit unauthenticated requests. The BINDrequest is used to change authentication state of a connection.
使用 LDAP 连接到目录服务器时,连接状态为未经身份验证。可以在未经身份验证的连接上传输请求,假设服务器管理员允许未经身份验证的请求。的BIND请求用于改变的连接的认证状态。
Here is an example of searching and authenticating using the UnboundID LDAP SDK: SimpleBindExample.java. This example searches for an entry given a base object, naming attribute, and username, and then attempts to authenticate using a simple bind. Examples using a SASL bind could be constructed just as easily.
下面是搜索和使用验证的例子UnboundID LDAP SDK:SimpleBindExample.java。此示例搜索给定基础对象、命名属性和用户名的条目,然后尝试使用simple bind. 可以同样轻松地构建使用 SASL 绑定的示例。
回答by Honza
If you already have LdapContextopened using your credentials, you can copy it, change principal+credential in its environment and try reconnect:
如果您已经使用您的凭据打开了LdapContext,您可以复制它,在其环境中更改主体+凭据并尝试重新连接:
LdapContext userContext = ldapContext.newInstance(null); // copy context
userContext.addToEnvironment(InitialDirContext.SECURITY_PRINCIPAL, userDn);
userContext.addToEnvironment(InitialDirContext.SECURITY_CREDENTIALS, password);
userContext.reconnect(null); // throws NamingException if creds wrong
userContext.close();
If it throws NamingException, credentials are wrong. It it is successful, credentials are ok. ;)
如果它抛出 NamingException,则凭据是错误的。它成功了,凭据没问题。;)
(This is useful if you have only LdapContext, but not the InitialDirContext, available.)
(如果您只有 LdapContext 而没有 InitialDirContext 可用,这很有用。)
