簡體   English   中英

使用Java中的服務帳戶進行LDAP身份驗證

[英]LDAP Authentication with a service account in Java

我正在嘗試使用創建的服務帳戶從LDAP驗證用戶。 我在ctx = new InitialDirContext(env)上得到以下錯誤;

[LDAP:錯誤代碼49 - 8009030C:LdapErr:DSID-0C0903A8,注釋:AcceptSecurityContext錯誤,數據2030,v1db1

有人可以幫我理解我哪里出錯了嗎?

這是我的java文件

/**
 * 
 */
package com.dei;

import java.util.Hashtable;

import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class LdapConnector {


        private static final String LDAP_SERVER_PORT = "389";
        private static final String LDAP_SERVER = "server";
        private static final String LDAP_BASE_DN = "OU=role,OU=roles,OU=de,OU=apps,DC=meta,DC=company,DC=com";
        private static final String LDAP_BIND_DN = "cn=service_account";//service account userid provided by LDAP team
        private static final String LDAP_BIND_PASSWORD = "password";///service account pwd provided by LDAP team


        public Boolean validateLogin(String userName, String userPassword) {
            Hashtable<String, String> env = new Hashtable<String, String>();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);

            // To get rid of the PartialResultException when using Active Directory
            env.put(Context.REFERRAL, "follow");

            // Needed for the Bind (User Authorized to Query the LDAP server) 
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);
            env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);

            DirContext ctx;
            try {
               ctx = new InitialDirContext(env);
            } catch (NamingException e) {
               throw new RuntimeException(e);
            }

            NamingEnumeration<SearchResult> results = null;

            try {
               SearchControls controls = new SearchControls();
               controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree
               controls.setCountLimit(1);   //Sets the maximum number of entries to be returned as a result of the search
               controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds

               String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";

               results = ctx.search("", searchString, controls);

               if (results.hasMore()) {

                   SearchResult result = (SearchResult) results.next();
                   Attributes attrs = result.getAttributes();
                   Attribute dnAttr = attrs.get("distinguishedName");
                   String dn = (String) dnAttr.get();

                   // User Exists, Validate the Password

                   env.put(Context.SECURITY_PRINCIPAL, dn);
                   env.put(Context.SECURITY_CREDENTIALS, userPassword);

                   new InitialDirContext(env); // Exception will be thrown on Invalid case
                   System.out.println("Login successful");
                   return true;
               } 
               else 
                   return false;

            } catch (AuthenticationException e) { // Invalid Login
                System.out.println("Login failed" +e.getMessage());

                return false;
            } catch (NameNotFoundException e) { // The base context was not found.
                System.out.println("Login failed" +e.getMessage());
                return false;
            } catch (SizeLimitExceededException e) {
                throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);
            } catch (NamingException e) {
               throw new RuntimeException(e);
            } finally {

               if (results != null) {
                  try { results.close(); } catch (Exception e) { /* Do Nothing */ }
               }

               if (ctx != null) {
                  try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }
               }
            }
        }
}

錯誤49代表無效憑證,但診斷字符串“AcceptSecurityContext error,data 2030”表示“No such Object”,即在目錄中找不到LDAP_BIND_DN“cn = service_account”。 我的猜測是“cn = service_account”不是帳戶的完整DN。

綁定操作失敗,通常是由於帳戶出現問題。

確保用於連接LDAP服務器的綁定帳戶的憑據正確。錯誤代碼數據2030表示用戶的DN無效。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM