LDAP:如何在 JAVA 中从多个 AD 组中检索用户数据
[英]LDAP: How to retrieve user data from multiple AD groups in JAVA
问题描述
我正在使用一个 java 程序从活动目录中检索用户信息。 该程序正在运行,但它仅传递来自一组的数据(搜索过滤器定义为字符串
String searchFilter ="CN=CostCentre_1041";)如何在程序中传递多个组。
我曾尝试使用数组但无法正确定义它。
package Test.ad;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class GetUsersFrormLDAPGroup {
static String ldapSearchBase = "DC=test,DC=edu,DC=com";
private static DirContext ctx = null;
private static DirContext getActiveDirectoryContext() throws Exception {
final Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
properties.put(Context.PROVIDER_URL, "ldap://testad:3268");
properties.put(Context.SECURITY_AUTHENTICATION, "simple");
properties.put(Context.SECURITY_PRINCIPAL, "admin");
properties.put(Context.SECURITY_CREDENTIALS, "test");
return new InitialDirContext(properties);
}
public void getGroupUsers(String searchBase, String searchFilter, String returnedAttrs[], int maxResults) {
Hashtable userEntries = null;
String member = "";
try {
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(returnedAttrs);
ctx = getActiveDirectoryContext();
try {
System.out.println("Search Base: " + searchBase);
System.out.println("Search Filter: " + searchFilter);
NamingEnumeration users = ctx.search(searchBase, searchFilter, searchCtls);
if (users.hasMoreElements() == false) {
System.out.println("Not find any object with this filter " + searchFilter + " and searchBase " + searchBase);
}
int k = 0;
String attValue = "";
userEntries = new Hashtable();
while (users.hasMoreElements()) {
if (k >= maxResults)
break;
SearchResult sr = (SearchResult) users.next();
Attributes attrs = sr.getAttributes();
if (attrs.size() == 0) {
System.out.println("Could not find attribute " + returnedAttrs[0] + " for this object.");
} else {
try {
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore(); ) {
Attribute attr = (Attribute) ae.next();
String id = attr.getID();
for (NamingEnumeration e = attr.getAll(); e.hasMore(); ) {
attValue = (String) e.next();
if (id.equalsIgnoreCase("member"))
member = attValue;
{
System.out.println("member :" + member);
}
//{
//System.out.println("empty");
// }
}
}
} catch (NamingException e) {
System.out.println("Problem listing membership:" + e);
}
}
k++;
}
} catch (NamingException e) {
System.out.println("Problem searching directory: " + e);
}
ctx.close();
ctx = null;
} catch (Exception namEx) {
System.out.println("Exception while fetching the users from LDAP::" + namEx);
}
}
public static void main(String args[]) throws Exception {
GetUsersFrormLDAPGroup gug = new GetUsersFrormLDAPGroup();
String returnedAttrs[] = {"cn", "member", "name"};
String searchFilter = "CN=CostCentre_1041";
gug.getGroupUsers(ldapSearchBase, searchFilter, returnedAttrs, Integer.parseInt("2000"));
}
}
1 个解决方案
解决方案1
0 2020-02-11 15:18:20
您可以:
- 使用不同的
searchFilter再次调用getGroupUsers()以获取不同组的结果:
String searchFilter = "CN=CostCentre_1041";
gug.getGroupUsers(ldapSearchBase, searchFilter, returnedAttrs, Integer.parseInt("2000"));
searchFilter = "CN=SNOW - EA DEV INTG";
gug.getGroupUsers(ldapSearchBase, searchFilter, returnedAttrs, Integer.parseInt("2000"));
- 更改您的
searchFilter以返回两个组。
String searchFilter = "(|(CN=CostCentre_1041)(CN=SNOW - EA DEV INTG))";
gug.getGroupUsers(ldapSearchBase, searchFilter, returnedAttrs, Integer.parseInt("2000"));
使用Java程序从LDAP检索用户的嵌套组
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.