使用 Java 的简单 LDAP 身份验证

Question

I am using LDAP authentication using Java .我正在使用 Java 使用 LDAP 身份验证。 I am using the following code but its throwing error我正在使用以下代码，但它的抛出错误

Exception in thread "main" javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580线程“主”javax.naming.AuthenticationException 中的异常：[LDAP：错误代码 49 - 80090308：LdapErr：DSID-0C09044E，注释：AcceptSecurityContext 错误，数据 52e，v2580

Java Code i am using我正在使用的 Java 代码

 package test;

import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;

public class LoginLDAP {

public static void main(String[] args) throws Exception {
    Map<String,String> params = createParams(args);

    // firstname.lastname@mydomain.com
   // String domainName = params.get("domain"); // mydomain.com or empty
    
   String url="ldap://ip here:389";
   String principalName="username here";
   String domainName ="domain name";
   
    if (domainName==null || "".equals(domainName)) {
        int delim = principalName.indexOf('@');
        domainName = principalName.substring(delim+1);
    }

    Properties props = new Properties();
    props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    props.put(Context.PROVIDER_URL, url); 
    props.put(Context.SECURITY_PRINCIPAL, principalName); 
      props.put(Context.SECURITY_CREDENTIALS, "password here");
    if (url.toUpperCase().startsWith("LDAPS://")) {
        props.put(Context.SECURITY_PROTOCOL, "ssl");
        props.put(Context.SECURITY_AUTHENTICATION, "simple");
        props.put("java.naming.ldap.factory.socket", "test.DummySSLSocketFactory");         
    }

    InitialDirContext context = new InitialDirContext(props);
    try {
        SearchControls ctrls = new SearchControls();
        ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        NamingEnumeration<SearchResult> results = context.search(toDC(domainName),"(& (userPrincipalName="+principalName+")(objectClass=user))", ctrls);
        if(!results.hasMore())
            throw new AuthenticationException("Principal name not found");

        SearchResult result = results.next();
        System.out.println("distinguisedName: " + result.getNameInNamespace() ); // CN=Firstname Lastname,OU=Mycity,DC=mydomain,DC=com

        Attribute memberOf = result.getAttributes().get("memberOf");
        if(memberOf!=null) {
            for(int idx=0; idx<memberOf.size(); idx++) {
                System.out.println("memberOf: " + memberOf.get(idx).toString() ); // CN=Mygroup,CN=Users,DC=mydomain,DC=com
                //Attribute att = context.getAttributes(memberOf.get(idx).toString(), new String[]{"CN"}).get("CN");
                //System.out.println( att.get().toString() ); //  CN part of groupname
            }
        }
    } finally {
        try { context.close(); } catch(Exception ex) { }
    }       
}

/**
 * Create "DC=sub,DC=mydomain,DC=com" string
 * @param domainName    sub.mydomain.com
 * @return
 */
private static String toDC(String domainName) {
    StringBuilder buf = new StringBuilder();
    for (String token : domainName.split("\\.")) {
        if(token.length()==0) continue;
        if(buf.length()>0)  buf.append(",");
        buf.append("DC=").append(token);
    }
    return buf.toString();
}

private static Map<String,String> createParams(String[] args) {
    Map<String,String> params = new HashMap<String,String>();  
    for(String str : args) {
        int delim = str.indexOf('=');
        if (delim>0) params.put(str.substring(0, delim).trim(), str.substring(delim+1).trim());
        else if (delim==0) params.put("", str.substring(1).trim());
        else params.put(str, null);
    }
    return params;
}



package test;

import java.io.*;
import java.net.*;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;    
import javax.net.*;
import javax.net.ssl.*;

public class DummySSLSocketFactory extends SSLSocketFactory {
private SSLSocketFactory socketFactory;
public DummySSLSocketFactory() {
    try {
      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(null, new TrustManager[]{ new DummyTrustManager()}, new SecureRandom());
      socketFactory = ctx.getSocketFactory();
    } catch ( Exception ex ){ throw new IllegalArgumentException(ex); }
}

  public static SocketFactory getDefault() { return new DummySSLSocketFactory(); }

  @Override public String[] getDefaultCipherSuites() { return socketFactory.getDefaultCipherSuites(); }
  @Override public String[] getSupportedCipherSuites() { return socketFactory.getSupportedCipherSuites(); }

  @Override public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException {
    return socketFactory.createSocket(socket, string, i, bln);
  }
  @Override public Socket createSocket(String string, int i) throws IOException, UnknownHostException {
    return socketFactory.createSocket(string, i);
  }
  @Override public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException, UnknownHostException {
    return socketFactory.createSocket(string, i, ia, i1);
  }
  @Override public Socket createSocket(InetAddress ia, int i) throws IOException {
    return socketFactory.createSocket(ia, i);
  }
  @Override public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException {
    return socketFactory.createSocket(ia, i, ia1, i1);
  }

} }

 class DummyTrustManager implements X509TrustManager {
     @Override public void checkClientTrusted(X509Certificate[] xcs, String str) {
     // do nothing
   }
    @Override public void checkServerTrusted(X509Certificate[] xcs, String str) {
    /*System.out.println("checkServerTrusted for authType: " + str); // RSA
    for(int idx=0; idx<xcs.length; idx++) {
        X509Certificate cert = xcs[idx];
        System.out.println("X500Principal: " + cert.getSubjectX500Principal().getName());
      }*/
    }
  @Override public X509Certificate[] getAcceptedIssuers() {
        return new java.security.cert.X509Certificate[0];
   }
}

Answer 1

data 52e - Returns when username is valid but password/credential is invalid. data 52e - 当用户名有效但密码/凭证无效时返回。

I am guessing that you are passing the password to Microsoft Active Directory in plain text which usually will not work.我猜你是以纯文本的形式将密码传递给 Microsoft Active Directory，这通常是行不通的。

We have a " updateUserPassword " method in our "JNDI Examples" repository that should help.我们的“JNDI 示例”存储库中有一个“ updateUserPassword ”方法，应该会有所帮助。

使用 Java 的简单 LDAP 身份验证

问题描述

1 个解决方案

解决方案1
0 2022-05-28 08:21:51

使用 Java 的简单 LDAP 身份验证

问题描述

1 个解决方案

解决方案1 0 2022-05-28 08:21:51

解决方案1
0 2022-05-28 08:21:51