使用 java 的多个活动目录服务器身份验证
[英]multiple active directory server authentication using java
问题描述
i have three active directory servers 
different address,port and domain name and all In my app when user log-in the system i have to authenticate.我有三个不同的地址、端口和域名的活动目录服务器,并且所有在我的应用程序中,当用户登录系统时,我必须进行身份验证。 The user provide his username and password only not the domain name or ip address.用户只提供他的用户名和密码,而不是域名或 ip 地址。 How can i authenticate him, whether i have to loop through the all the ldap server and when i get the Context i have to break it.. or is any other possible solution is there for authenticate a user in multiple servers please suggest.我如何对他进行身份验证,我是否必须遍历所有 ldap 服务器,当我获得上下文时,我必须打破它.. 或者是否有任何其他可能的解决方案可以在多个服务器中对用户进行身份验证,请建议。 thanks in advance提前致谢
1 个解决方案
解决方案1
0 2011-08-12 05:10:09
If the user gives his FDN or UPN (User Principal Name) instead of just an user name it will be helpful.如果用户提供他的 FDN 或 UPN(用户主体名称)而不仅仅是用户名,这将很有帮助。 But still there is no guarantee that upn will match your realm name.但是仍然不能保证 upn 将匹配您的 realm 名称。 If he gives FDN then atleast you can cache defaultNamingContext from all the three server and try to match it with the fdn provided by the user and authenticate him against the matching server.如果他提供 FDN,那么至少您可以缓存所有三个服务器的 defaultNamingContext,并尝试将其与用户提供的 fdn 匹配,并针对匹配的服务器对他进行身份验证。
But I guess he is providing the samAccountName in your case.但我猜他在你的情况下提供了 samAccountName 。 In this case we dont have any clue to identify the server.在这种情况下,我们没有任何线索来识别服务器。 You have to go through one by one and probably cache it which server he is authenticated against for next time performance improvment.您必须逐个 go 并可能将其缓存到他通过身份验证的服务器,以便下次提高性能。 Its also possible that the same username exist in multiple AD.多个AD中也可能存在相同的用户名。 You have to handle this case based on your AD environment.您必须根据您的 AD 环境来处理这种情况。
as a additional note, if its web application try using spring's ldapTemplate.作为附加说明,如果其 web 应用程序尝试使用 spring 的 ldapTemplate。 This might ease your task.这可能会减轻您的任务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.