LDAP 初试
LDAP (Lightweight Directory AccessProtocol) 轻量级目录访问协议
LDAP目录是一树状的层次结构存储数据。
LDAP
目录记录的标识名(Distinguished Name) DN 用来读取单个记录,以及回溯到树在顶部。
基准DN baseDN LDAP目录树在最顶部的根。 有两种表现形式:1、用公司域名作为基准DN;2、用DNS域名在不同部分组成部分基准DN。
DN是LDAP记录项在名字。在LDAP目录中在所有记录项都要有一个唯一在“Distinguished Name”。每个DN由两部分组成:相对DN(RDN)和记录在LDAP目录中的位置。
LDAP目录可以定制成存储任何二进制数据,以一系列“属性对”的形式来存储记录项,每一个记录项包括属性类型和属性值。
属性在值的保存时是保留大小写的,但在默认情况下搜索是不区分大小写。注:有些特殊的属性(如:password)在搜索时是需要区分大小写。
关键知识点
1. 设置连接
ctx = new InitialLdapContext(env, connCtls);
2.设置url和查询的子路径
env.put(Context.PROVIDER_URL, URL);// LDAP server
env.put(Context.SECURITY_PRINCIPAL, SEARCHDN);
env.put(Context.SECURITY_PRINCIPAL, SEARCHDN);
3. 设置密码
env.put(Context.SECURITY_CREDENTIALS, "password");
4.取得返回值属性
if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
Attributes userInfo = si.getAttributes();
userDN += userInfo.toString();
userDN += "," + BASEDN;
}
SearchResult si = (SearchResult) obj;
Attributes userInfo = si.getAttributes();
userDN += userInfo.toString();
userDN += "," + BASEDN;
}
具体代码:
import java.io.IOException; import java.util.Hashtable; import javax.naming.Context; import javax.naming.NameClassPair; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.ldap.Control; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; import javax.naming.ldap.SortControl; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * LDAP Connector */ public class LDAPConnector { protected final Log log = LogFactory.getLog(getClass()); private static LDAPConnector instance; private String url = "ldap://IP:389"; private String baseDN = "DC=soft,DC=com"; private String bindDN = "XX"; private String bindPassword = "111111"; private final Hashtable<String, String> env = new Hashtable<String, String>(); private final Control[] sortConnCtls = new SortControl[1]; private final String[] returnedAtts = { "distinguishedName", "userAccountControl", "displayName", "employeeID" }; { try { sortConnCtls[0] = new SortControl("sAMAccountName", Control.CRITICAL); } catch (IOException ex) { } } private LDAPConnector() { try { env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, url); env.put(Context.SECURITY_PRINCIPAL, bindDN); env.put(Context.SECURITY_CREDENTIALS, bindPassword); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put("java.naming.batchsize", "50"); env.put("com.sun.jndi.ldap.connect.timeout", "3000"); env.put("com.sun.jndi.ldap.connect.pool", "true"); env.put("com.sun.jndi.ldap.connect.pool.maxsize", "3"); env.put("com.sun.jndi.ldap.connect.pool.prefsize", "1"); env.put("com.sun.jndi.ldap.connect.pool.timeout", "300000"); env.put("com.sun.jndi.ldap.connect.pool.initsize", "1"); env.put("com.sun.jndi.ldap.connect.pool.authentication", "simple"); } catch (Exception e) { e.printStackTrace(); } } public static LDAPConnector getInstance() { if (instance == null) instance = new LDAPConnector(); return instance; } public boolean validateUser(String username, String password) { boolean passed = false; LdapContext dirContext = null; try { dirContext = new InitialLdapContext(env, sortConnCtls); dirContext.setRequestControls(sortConnCtls); SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); if (returnedAtts != null && returnedAtts.length > 0) { controls.setReturningAttributes(returnedAtts); } String filter = "(sAMAccountName=" + username + ")"; NamingEnumeration<?> answer = dirContext.search(baseDN, filter, controls); String userDN = null; if (!answer.hasMoreElements()) { System.out.println("Have no element."); } else { while (answer.hasMoreElements()) { userDN = ((NameClassPair) answer.nextElement()).getName(); } System.out.println(userDN); Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.PROVIDER_URL, url); env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); DirContext context = new InitialDirContext(env); passed = true; context.close(); } } catch (NamingException e) { //e.printStackTrace(); } finally { if (dirContext != null) { try { dirContext.close(); } catch (NamingException e) { e.printStackTrace(); } } } System.out.println(passed); return passed; } public static void main(String[] args) { LDAPConnector ldapConnector = new LDAPConnector(); // ldapConnector.validateUser("XXX", "12345"); ldapConnector.validateUser("XX", "111111"); } }
