[英]LDAP not returning all attributes
I'm using Ldap to retrieve accounts from AD LDS: 我正在使用Ldap从AD LDS检索帐户:
Hashtable props = new Hashtable();
props.put(Context.SECURITY_PRINCIPAL, "cn=adminuser,o=myorg,c=uk");
props.put(Context.SECURITY_CREDENTIALS, "password");
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldaps://myldapserver:636");
InitialLdapContext context = new InitialLdapContext(props, null);
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
controls.setReturningAttributes(null);
// according to javadoc, null means "return all attributes"
NamingEnumeration<SearchResult> results =
context.search(userBase, "cn=SOMEUSER", controls);
The account comes back fine. 该帐户恢复正常。 But not all of SOMEUSER's attributes get returned.
但并非所有SOMEUSER的属性都被返回。
Specifcally, the msDS-UserPasswordExpired
attribute never comes back. 具体来说,
msDS-UserPasswordExpired
属性永远不会返回。
However... if I list that attribute in SearchControls
: 但是......如果我在
SearchControls
列出该属性:
controls.setReturningAttributes(new String[] {
"msDS-UserPasswordExpired", "cn", "mail"
});
Then magically it does come back. 然后,奇迹般地它确实回来。
Why? 为什么? Is
SearchControl
javadoc lying? SearchControl
是javadoc说谎吗?
How do I tell it that I really really want all attributes back? 我该如何告诉它,我真的 很希望所有的属性都回来了?
The workaround is to list every single attribute that I want back. 解决方法是列出我想要的每个属性。 But that's hideous, and will make adding future fields very error-prone.
但这很可怕,并且会增加未来的字段非常容易出错。
The password-control attributes are operational attributes, which aren't returned unless you specifically ask for them. 密码控制属性是操作属性,除非您特别要求,否则不会返回这些属性。
How do I tell it that I really really want all attributes back?
我怎么告诉它我真的想要所有的属性?
You specify new String[]{"*", "+"}
as the attribute IDs to return: "*"
means all non-operational attributes, and "+"
means all operational attributes. 您指定
new String[]{"*", "+"}
作为要返回的属性ID: "*"
表示所有非操作属性, "+"
表示所有操作属性。 But this is not generally a good idea. 但这通常不是一个好主意。 There are lots of operational attributes that are none of your business.
有许多操作属性不属于您的业务。 Just ask for what you actually need.
只要问你实际需要什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.