要检查(使用openDS SDK),成员属于openDS LDAP中的哪个组
[英]To check (using openDS SDK) a member belongs to which group in openDS LDAP
问题描述
I have just got this requirement two days back and I'm using a LDAP(openDS) for the first time. 
我两天前刚刚得到这个要求,我第一次使用LDAP(openDS)。 As things are I have got a very limited time for R&D. 事实上,我的研发时间非常有限。 I have gone through the developers guide and SDK Api for openDS as much as possible. 我尽可能地浏览了开发人员指南和SDK Api for openDS。
Basically I have got a very simple requirement. 基本上我有一个非常简单的要求。 I will be provided a ' user-id ' and using that I have to authenticate whether this user belongs to any available groups (defined by me) in the LDAP. 我将提供一个' user-id '并使用我必须验证此用户是否属于LDAP中的任何可用组(由我定义)。
I have managed to do this code snippet: 我设法做了这段代码:
public void getGroup(String userId) {
Connection connection = new LDAPConnection().getConnection();
try {
// No explicit bind yet so we remain anonymous for now.
SearchResultEntry entry;
entry = connection.searchSingleEntry("ou=Groups,dc=example,dc=com",
SearchScope.WHOLE_SUBTREE,
"(uniqueMember=" + "uid="+userId+", ou=People, dc=example,dc=com" + ")",
"cn");
String cn = entry.getAttribute("cn").firstValueAsString();
System.out.println("Hello, " + cn + "!");
} catch (ErrorResultException e) {
e.getMessage();
} finally {
closeConnection(connection);
}
}
Now if I receive a search result then the user belongs to a group otherwise not. 现在,如果我收到搜索结果,那么用户属于一个组,否则不属于。 Now I'm not sure is this the way to achieve this. 现在我不确定这是实现这一目标的方法。 I also looked something like 'isMemberOf' but I'm not sure whether the API provide such kind of method or that is something else. 我也看起来像'isMemberOf',但我不确定API是否提供这种方法或其他东西。
Any help is much appreciated. 任何帮助深表感谢。 Thanks. 谢谢。
2 个解决方案
解决方案1
1 已采纳 2012-06-03 16:02:54
The LDAP Client should transmit a search request to the server with the following filter: LDAP客户端应使用以下过滤器向服务器发送搜索请求:
'(isMemberOf=<the distinguished name of the entry>)'
and the appropriate base object, filter, and requested attributes. 以及适当的基础对象,过滤器和请求的属性。 This assumes the server has the isMemberOf virtual attribute enabled. 这假设服务器启用了isMemberOf虚拟属性。
If only the relative distinguished name component is available, the LDAP client must search for the distinguished name - in this case use (<attribute-type>=<userid>>) (for example, '(uid=user.1)' ) and 1.1 for the request attribute which will result in no attributes being returned. 如果只有相对可分辨名称组件可用,则LDAP客户端必须搜索可分辨名称 - 在这种情况下使用(<attribute-type>=<userid>>) (例如, '(uid=user.1)' )和1.1的request属性将导致不返回任何属性。 The distinguished name is always returned for each matched entry. 始终为每个匹配的条目返回可分辨名称。 Then construct the filter with isMemberOf and search again. 然后使用isMemberOf构造过滤器并再次搜索。
see also 也可以看看
解决方案2
1 2012-06-04 07:27:54
The search above does return the cn of the Group. 上面的搜索确实返回了该组的cn。 If you are given a userid and need to check that the user is in a well known group, then the filter "(isMemberOf= 如果给你一个用户ID并且需要检查用户是否在一个众所周知的组中,那么过滤器“(isMemberOf =
If you search for (&(uid=)(isMemberOf= that is part of the Group. 如果您搜索(&(uid =)(isMemberOf =属于该组的一部分)。
Kind regards, 亲切的问候,
Ludovic. 朱利。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.