(可选)下载一个ldap浏览器,http://www.ldapbrowserwindows.com/
起个名字,下一步
填写好相关信息
账号密码
Filter是过滤信息,这里默认就好了,因为怕进去误删数据,我这里选择只查看
可以看到进去后它是一个目录结构,打开可以看到它的信息
前面我们已经测试了地址可以连进去并且看到了信息,下面是工具类代码(因为公司业务需求,所以写了这个工类,小伙伴们可以忽略),lombok这个包可以不导:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import lombok.extern.slf4j.Slf4j;
@Component
@Slf4j
public class LDAPUtil {
@Value("${ldapUrl}")
private String LDAPURL;
@Value("${BaseDN}")
private String BASEDN;
public boolean connectLDAP(String userName, String passwd, String SearchName) {
Hashtable<String, String> env = new Hashtable<String, String>();
log.debug("===" + userName + "开始认证LDAP===");
log.debug("password:" + passwd);
boolean result = false;
env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + SearchName);//用户名
log.debug("uid=" + userName + "," + SearchName);
env.put(Context.SECURITY_CREDENTIALS, passwd);//密码
env.put(Context.PROVIDER_URL, LDAPURL + BASEDN);//连接LDAP的URL和端口(这里的BASEDN你们可以不用,只要LDAPURL)
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");//JNDI Context工厂类
env.put(Context.SECURITY_AUTHENTICATION, "simple");//认证类型
try {
new InitialLdapContext(env, null);//开始连接
result = true;
log.debug("===认证成功===");
} catch (NamingException e) {
log.debug("===认证失败===");
}
return result;
}
}
工具类写好之后我们写实现:
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import lombok.extern.slf4j.Slf4j;
/**
*
* @version:
* @Description: LDAP认证获取用户信息
* @author: huyw
* @date: 2018年10月5日 下午1:15:09
*/
@Slf4j
@Component
public class LADPGetUser {
@Value("${BaseDN}")
private String BASEDN;
@Value("${pwd}")
private String PASSWORD;
@Value("${ldapUrl}")
private String URL;
@Value("${staffSearchName}")
private String STAFFSEARCHNAME;
@Value("${gstudentSearchName}")
private String GSTUDENTSEARCHNAME;
@Value("${studentSearchName}")
private String STUDENTSEARCHNAME;
@Value("${principle}")
private String PRINCIPLE;
@Autowired
private LDAPUtil ldapUtil;
public Map<String, Object> getUser(String uid, String pwd) {
Map<String, Object> map = new HashMap<String, Object>();
try {
//连接LDAP
LdapContext ctx = connetLDAP();
//过滤条件
String filter = "(&(objectClass=*)(uid=" + uid + "))";
//要获取的字段信息
String[] attrPersonArray = { "uid", "userPassword", "displayName", "cn", "sn", "mail", "description" };
SearchControls searchControls = new SearchControls();//搜索控件
searchControls.setSearchScope(2);//搜索范围
searchControls.setReturningAttributes(attrPersonArray);
//1.要搜索的上下文或对象的名称;2.过滤条件,可为null,默认搜索所有信息;3.搜索控件,可为null,使用默认的搜索控件
NamingEnumeration<SearchResult> answer = ctx.search("ou=People,dc=uestc,dc=edu,dc=cn", filter.toString(),searchControls);
while (answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
NamingEnumeration attrs = result.getAttributes().getAll();
while (attrs.hasMore()) {
Attribute attr = (Attribute) attrs.next();
log.debug(attr.getID() + "=" + attr.get());
map.put(attr.getID(), attr.get());
}
}
// 在校研究生
boolean flag = ldapUtil.connectLDAP(uid, pwd, GSTUDENTSEARCHNAME);
if (!flag) {
// 在校本科生
flag = ldapUtil.connectLDAP(uid, pwd, STUDENTSEARCHNAME);
if (!flag) {
// 在校教职工
flag = ldapUtil.connectLDAP(uid, pwd, STAFFSEARCHNAME);
}
}
map.put("flag", Boolean.valueOf(flag));
} catch (Exception e) {
log.error("===认证失败===");
}
return map;
}
public LdapContext connetLDAP() throws NamingException {
log.debug("====管理员开始连接====");
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.SECURITY_PRINCIPAL, PRINCIPLE);//用户名
env.put(Context.SECURITY_CREDENTIALS, PASSWORD);//密码
env.put(Context.PROVIDER_URL, URL);//LDAP的地址:端口
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");//LDAP工厂类
env.put(Context.SECURITY_AUTHENTICATION, "simple");//认证类型
LdapContext ctxTDS = new InitialLdapContext(env, null);//连接
return ctxTDS;
}
}
这个是我的配置文件:
#project
project.name=
project.packageName=
#ldap
Host=xxxxxx
Port=389
BaseDN=dc=xx,dc=xx,dc=xxx
principle=uid=xxxx,ou=xxxx,dc=xxx,dc=xxx,dc=xxx
pwd=xxx
ldapUrl=LDAP://xxxxxxxxx:389/
#搜索属性
#在校教职工所在ou:
#其实就是所在目录
staffSearchName=ou=xxx,ou=People,dc=uestc,dc=edu,dc=cn
#在校本科生所在ou:
studentSearchName=ou=xxx,ou=People,dc=uestc,dc=edu,dc=cn
#在校研究生所在ou:
gstudentSearchName=ou=xxx,ou=People,dc=uestc,dc=edu,dc=cn
LADP工具类:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import com.alibaba.fastjson.JSONObject;
/**
* ldap连接
*
* @version:
* @Description:
* @author: huyw
* @date: 2018年12月24日 上午11:27:38
*/
public class LdapUtils {
/**
* 管理员连接
*
* @Description:
* @param principle
* @param password
* @param url
* @return
*/
public static LdapContext connectLdapAdmin(String principle, String password, String url) {
LdapContext ctxTDS = null;
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.SECURITY_PRINCIPAL, principle);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.PROVIDER_URL, url);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
try {
ctxTDS = new InitialLdapContext(env, null);
} catch (NamingException e) {
e.printStackTrace();
}
return ctxTDS;
}
/**
* ldap
*/
public static boolean connectLdap(String userName, String password, String SearchName, String ldapUrl,
String baseDN) {
Hashtable<String, String> env = new Hashtable<String, String>();
boolean result = false;
env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + SearchName);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.PROVIDER_URL, ldapUrl + baseDN);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
try {
new InitialLdapContext(env, null);
result = true;
} catch (NamingException e) {
System.out.println("userName:" + userName + ",SearchName:" + SearchName + "登录失败");
}
return result;
}
public static void main(String[] args) {
String certId = "";
String password = "";
String principle = "";
String passwordLdap = "";
String url = "";
String teacherSearch = "";
String studentSearch = "";
String baseDN = "";
try {
LdapContext ctx = LdapUtils.connectLdapAdmin(principle, passwordLdap, url);
String filter = "(&(objectClass=*)(uid=" + certId + "))";
String[] attrPersonArray = { "uid", "employeeType", "displayName"};
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(2);
searchControls.setReturningAttributes(attrPersonArray);
NamingEnumeration<SearchResult> answer = ctx.search("ou=Users,dc=test,dc=edu,dc=cn", filter.toString(),
searchControls);
JSONObject resultJson = new JSONObject();
while (answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
NamingEnumeration attrs = result.getAttributes().getAll();
while (attrs.hasMore()) {
Attribute attr = (Attribute) attrs.next();
resultJson.put(attr.getID(), attr.get());
}
}
// 在校学生
boolean studentFlag = LdapUtils.connectLdap(certId, password, studentSearch, url, baseDN);
if (studentFlag) {
System.out.println("ldap用户信息:" + resultJson.toJSONString());
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
