堆栈内存溢出
  简体   繁体   English

Java:以最少的用户信息查询Active Directory信息

[英]Java: Query Active Directory information with minimal user information

 原文  2009-09-21 20:51:50       java/ active-directory/ ldap

问题描述

So, here's the situation. 所以,这是情况。 We'd like to be able to query active directory for a user's roles/group memberships, etc. Now, I can already do that using standard Java API (javax.naming), but I need a username, domain server name/address, and a password to do it. 我们希望能够在活动目录中查询用户的角色/组成员身份等。现在,我已经可以使用标准Java API(javax.naming)来做到这一点,但是我需要一个用户名,域服务器名称/地址,和密码来做到这一点。 Users also have limited rights, so I can't use any external calls to fancy administrative tools. 用户也具有有限的权限,因此我无法使用任何外部调用来访问高级管理工具。

In Java, is there a way that I can get that information with just the username and domain server name/address? 在Java中,有没有一种方法可以仅使用用户名和域服务器名称/地址来获取该信息? I'm also open to 3rd party packages to do this. 我也愿意接受第三者套餐。 Alternatively, you could provide me with (or point me to) information on what to configure in AD to allow this. 或者,您可以向我提供(或指向我)有关在AD中进行配置以允许此操作的信息。

Hopefully that makes sense. 希望这是有道理的。 I'm not an AD guru, so the more info the better. 我不是广告专家,所以信息越多越好。

2 个解决方案

解决方案1
 6  2009-09-21 21:19:02

Your problem of needing to login first is because AD does not allow anonymous querying. 您需要先登录的问题是因为AD不允许匿名查询。 Before you can query the database you must login ("bind" in LDAP terms) as a valid user with sufficient rights to issue the query. 在查询数据库之前,必须以具有足够权限发出查询的有效用户身份登录(LDAP术语为“ bind”)。

If your AD admin is willing, you could have them create a special user (we call ours "ldapquery") that is permitted to bind and query the database. 如果您的AD管理员愿意,您可以让他们创建一个特殊的用户(我们称为“ ldapquery”),该用户被允许绑定和查询数据库。 The userid and password for that user would become configuration values in your code. 该用户的用户名和密码将成为您代码中的配置值。

解决方案2
 1 已采纳  2009-09-23 14:41:29

Okay, so expounding on what others have told me and the vast research I had to do with the clues given here, it appears that I'd just use my "special user" as the login info in my code, transparent to the user, and then perform the query using their credentials. 好的,在阐述其他人告诉我的内容以及我对此处给出的线索所做的大量研究之后,看来我只是将“特殊用户”用作代码中的登录信息,对用户是透明的,然后使用其凭据执行查询。 So: in the code, bind using the "special user", then perform the query with the current user as a query parameter (sAMAccountName=username). 因此:在代码中,使用“特殊用户”进行绑定,然后使用当前用户作为查询参数(sAMAccountName = username)进行查询。

Thanks all, for your input. 谢谢大家的投入。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Java查找简单的Active Directory信息 - Using Java to find simple Active Directory Information 使用Java JNDI更新信息活动目录数据。 - Update the information active directory data using the java JNDI ? 在Java中获取活动窗口信息 - Getting active window information in Java Active Directory查询-Java - Active Directory Query - Java 使用Windows上登录的用户在Java中查询Active Directory - Query Active Directory in Java using a logged on user on windows Java Active Directory查询返回不完整的用户列表 - Java Active Directory query returning incomplete user list Android-Facebook:必须使用主动访问令牌来查询有关当前用户的信息 - Android - Facebook: an active access token must be used to query information about the current user 必须使用活动访问令牌来查询有关当前用户的信息-OAuthException Spring Social - An active access token must be used to query information about the current user - OAuthException Spring Social Java首选项用于记住用户信息 - Java Preferences using for remember user information Java Spring 安全性。 记录的用户信息 - Java Spring Security. Logged user information
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM