LDAP 初試

LDAP (Lightweight Directory AccessProtocol) 輕量級目錄訪問協議 

LDAP目錄是一樹狀的層次結構存儲數據。

LDAP

目錄記錄的標識名（Distinguished Name） DN  用來讀取單個記錄，以及回溯到樹在頂部。

基準DN baseDN LDAP目錄樹在最頂部的根。 有兩種表現形式：一、用公司域名做爲基準DN；二、用DNS域名在不一樣部分組成部分基準DN。

DN是LDAP記錄項在名字。在LDAP目錄中在全部記錄項都要有一個惟一在「Distinguished Name」。每一個DN由兩部分組成：相對DN（RDN）和記錄在LDAP目錄中的位置。

LDAP目錄能夠定製成存儲任何二進制數據，以一系列「屬性對」的形式來存儲記錄項，每個記錄項包括屬性類型和屬性值。

屬性在值的保存時是保留大小寫的，但在默認狀況下搜索是不區分大小寫。注：有些特殊的屬性（如：password）在搜索時是須要區分大小寫。

關鍵知識點

1. 設置鏈接

ctx = new InitialLdapContext(env, connCtls);

2.設置url和查詢的子路徑

env.put(Context.PROVIDER_URL, URL);// LDAP server
env.put(Context.SECURITY_PRINCIPAL, SEARCHDN);

3. 設置密碼

env.put(Context.SECURITY_CREDENTIALS, "password");

 

4.取得返回值屬性

if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
Attributes userInfo = si.getAttributes();
userDN += userInfo.toString();
userDN += "," + BASEDN;
}

 

具體代碼：

import java.io.IOException;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.SortControl;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;


/**
 * LDAP Connector 
 */
public class LDAPConnector {
    protected final Log log = LogFactory.getLog(getClass());
    private static LDAPConnector instance;
    private String url = "ldap://IP:389";
    private String baseDN = "DC=soft,DC=com";
    private String bindDN = "XX";
    private String bindPassword = "111111";
    private final Hashtable<String, String> env = new Hashtable<String, String>();
    private final Control[] sortConnCtls = new SortControl[1];
    private final String[] returnedAtts = { "distinguishedName",
            "userAccountControl", "displayName", "employeeID" };

    {
        try {
            sortConnCtls[0] = new SortControl("sAMAccountName", Control.CRITICAL);
        } catch (IOException ex) {
        }
    }

    private LDAPConnector() {
        try {
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, url);
            env.put(Context.SECURITY_PRINCIPAL, bindDN);
            env.put(Context.SECURITY_CREDENTIALS, bindPassword);
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put("java.naming.batchsize", "50");
            env.put("com.sun.jndi.ldap.connect.timeout", "3000");
            env.put("com.sun.jndi.ldap.connect.pool", "true");
            env.put("com.sun.jndi.ldap.connect.pool.maxsize", "3");
            env.put("com.sun.jndi.ldap.connect.pool.prefsize", "1");
            env.put("com.sun.jndi.ldap.connect.pool.timeout", "300000");
            env.put("com.sun.jndi.ldap.connect.pool.initsize", "1");
            env.put("com.sun.jndi.ldap.connect.pool.authentication", "simple");

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static LDAPConnector getInstance() {
        if (instance == null)
            instance = new LDAPConnector();
        return instance;
    }

    public boolean validateUser(String username, String password) {
        boolean passed = false;
        LdapContext dirContext = null;
        try {
            dirContext = new InitialLdapContext(env, sortConnCtls);
            dirContext.setRequestControls(sortConnCtls);
            SearchControls controls = new SearchControls();
            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            if (returnedAtts != null && returnedAtts.length > 0) {
                controls.setReturningAttributes(returnedAtts);
            }
            String filter = "(sAMAccountName=" + username + ")";
            NamingEnumeration<?> answer = dirContext.search(baseDN, filter, controls);
            String userDN = null;
            
            if (!answer.hasMoreElements()) {
                System.out.println("Have no element.");
            } else {
                while (answer.hasMoreElements()) {
                    userDN = ((NameClassPair) answer.nextElement()).getName();
                }
                
                System.out.println(userDN);
                Hashtable<String, String> env = new Hashtable<String, String>();
                env.put(Context.PROVIDER_URL, url);
                env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
                env.put(Context.SECURITY_CREDENTIALS, password);
                env.put(Context.SECURITY_AUTHENTICATION, "simple");
                env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                DirContext context = new InitialDirContext(env);
                passed = true;
                context.close();
            }
            
        } catch (NamingException e) {
             //e.printStackTrace();
        } finally {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e) {
                    e.printStackTrace();
                }
            }

        }
        System.out.println(passed);
        return passed;
    }
    
    public static void main(String[] args) {
        LDAPConnector ldapConnector = new LDAPConnector();
//        ldapConnector.validateUser("XXX", "12345");
        ldapConnector.validateUser("XX", "111111");
    }
}