Java Active Directory查询返回不完整的用户列表
[英]Java Active Directory query returning incomplete user list
问题描述
I want to list all AD users in Java. 
我想列出Java中的所有AD用户。 I'm using this code: 我正在使用此代码:
String ldapUri = "ldap://" + serverName;
LdapContext ctx = null;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
//it can be <domain\\userid> something that you use for windows login
//it can also be
env.put(Context.SECURITY_PRINCIPAL, adminName);
try {
env.put(Context.SECURITY_CREDENTIALS, adminPass.getBytes("UTF8"));
env.put(Context.REFERRAL, "follow");
} catch (java.io.UnsupportedEncodingException e) {
log.error("Non-Fatal exception : ", e);
/* ignore */
}
//in following property we specify ldap protocol and connection url.
//generally the port is 389
env.put(Context.PROVIDER_URL, ldapUri);
log.info("AD Server: " + ldapUri + ", admin " + adminName);
ctx = new InitialLdapContext(env, null);
DirContext ctx1 = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
String[] attrIDs = {"distinguishedName", "cn", "name", "uid",
"sn",
"name",
"memberOf",
"displayName",
"userPrincipalName"};
ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration answer = ctx1.search(searchPath, "(&(objectClass=user)(objectCategory=person))", ctls);
while (answer.hasMoreElements()) {
// Process user
SearchResult rslt = (SearchResult) answer.next();
}
The code works fine in most environments but there is a customer that reports that some users are missing. 代码在大多数环境中都可以正常工作,但有一位客户报告说有些用户丢失了。 I've tried to troubleshoot it but the user aren't listed but they are listed using Active Directory admin or Active Directory Explorer. 我尝试对其进行故障排除,但未列出用户,但使用Active Directory管理员或Active Directory资源管理器列出了这些用户。
Any ideas? 有任何想法吗?
2 个解决方案
解决方案1
3 已采纳 2015-10-30 22:18:17
I assume that account you are using has enough permissions. 我假设您使用的帐户具有足够的权限。 As far as I recall any instance of domain controller will return 1000 objects by default. 据我所知,域控制器的任何实例默认都会返回1000个对象。 It is very likely you are running into this situation. 你很可能遇到这种情况。 You have to use LDAP pagination In order to solve this problem. 您必须使用LDAP分页才能解决此问题。 Take a look into JNDI page controls - https://docs.oracle.com/javase/tutorial/jndi/newstuff/paged-results.html . 查看JNDI页面控件 - https://docs.oracle.com/javase/tutorial/jndi/newstuff/paged-results.html 。
Also, take a look into JNDI code samples from Java forum - https://community.oracle.com/thread/1157644?tstart=0 . 另外,请查看来自Java论坛的JNDI代码示例 - https://community.oracle.com/thread/1157644?tstart=0 。
Hope this helps. 希望这可以帮助。
解决方案2
0 2015-10-31 20:26:56
Besides making sure that you don't hit any query limits you should consider that some of your customers might run a more complex Active Directory setup. 除了确保您没有达到任何查询限制之外,您还应该考虑一些客户可能运行更复杂的Active Directory设置。 This might involve multiple domains. 这可能涉及多个域。 In order to address those you need to connect to the global catalog. 为了解决那些需要连接到全局编录的问题。 You do so by binding to port 3268. 您可以通过绑定到端口3268来实现此目的。
You should either make this your standard way of connecting or make this configurable by an administrator at your customers site. 您应该将其作为标准连接方式,或者由客户站点的管理员进行配置。
Read more about this at Microsoft: https://technet.microsoft.com/de-de/library/cc978012.aspx 在Microsoft了解更多相关信息: https : //technet.microsoft.com/de-de/library/cc978012.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.