您的位置:

java链接ldap读取数据(java访问ldap)

本文目录一览:

java 连接 ldap 报错

应该是用户名写的不对,env.put(Context.SECURITY_PRINCIPAL,"cn=" + username);

这里面应该写用户的全路径名,比如cn=xxxxx,dc=combatelecom,dc=com

说白了就是你怎么从根节点找到的用户,把用户节点的dn拷贝出来就行了

另外那个URL部分写成env.put(Context.PROVIDER_URL,"ldap://10.10.0.13:389")

用java操作ldap是报错,求大神解救

出自

1. error code 53

===========================================================================

问题:创建新用户时出现数据后端异常

在 WebSphere Portal Express 中,您可以设置密码的最短和最长长度。如果设置的密码长度与 LDAP 服务器的策略不相同,则在创建用户时您可能会看到以下异常:

EJPSG0015E: Data Backend Problem com.ibm.websphere.wmm.exception.WMMSystemException:

The following Naming Exception occurred during processing:

"javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D:

SvcErr: DSID-031A0FBC, problem 5003 (WILL_NOT_PERFORM), data 0

]; remaining name 'cn=see1anna,cn=users,dc=wps510,dc=rtp,dc=raleigh,dc=ibm,dc=com';

resolved object com.sun.jndi.ldap.LdapCtx@7075b1b4".

原因:这是由于“密码不能满足密码策略的要求”导致

解决方案:

1. 打开域安全策略-安全设置-账户策略-密码策略-密码必须符合复杂性要求。定义这个策略设置为:已禁用。/ 密码长度最小值:定义这个策略设置为0。

2. 打开域控制器安全策略-安全设置-账户策略-密码策略-密码必须符合复杂性要求。定义这个策略设置为:已禁用。/ 密码长度最小值:定义这个策略设置为0。

3. 最后运行刷新组策略命令为:gpupdate /force

===========================================================================

2. Need to specify class name

===========================================================================

javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial

原因:LdapContext在处理完上个环节被close(),LdapContext=null;

解决方案:不close;

3. error code 50

===========================================================================

javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

4. error code 68

===========================================================================

javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000524: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0

原因:创建的用户已经存在了

7. No trusted certificate

===========================================================================

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

1.cas机器A,A上a,b,c服务运行良好

2.website 位于B机器,cas可以截获请求,跳转javax.net.ssl.SSLHandshakeException

将A上生生成的客户端密钥,导入B

A运行

sudo keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600

$ keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass changeit

$ sudo keytool -import -trustcacerts -alias tomcat -file server.cer -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

B运行最后一句即可

建立信任关系,客户,服务密钥,客户多处

8. error code 1

===========================================================================

javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090AE2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

原因:新增域用户的时候,ctx没有绑定管理员用户

解决方法:ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());

ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);

9. error code 50

==========================================================================

javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)

原因:新建域用户时候,ctx绑定到一个普通用户(该用户没有新建用户的权限)

解决方法:使用管理员用户进行绑定:

ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());

ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);

10. error code 19

==========================================================================

javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1:

0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE)

原因:这个最大的可能是不满足域安全策略:如密码复杂性、密码最短使用期限、强制密码历史。即长度、包含的字符、多久可以修改密码、是否可以使用历史密码等。

11. LDAP: error code 50

==========================================================================

javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS)

原因:这个是最初代码使用的replace操作,这个在AD里对应的是密码重设(普通用户默认没有这个权限,管理员可以操作),另外remove操作时提供的旧密码错误也可能报这个异常

12. RSA premaster secret error

==========================================================================

javax.naming.CommunicationException: simple bind failed: 172.18.20.4:636 [Root exception is javax.net.ssl.SSLKeyException: RSA premaster secret error]

原因:Tomcat 配置的JDK与添加证书的的JDK不一致。如:证书存放路径为C:/Java/jdk1.6.0_10/jre/lib/cacerts 而Tomcat 配置的JDK为C:/Java/jre6 ,使得两者路径不一致,SSL验证的时候,找不到证书

13.No trusted certificate found

==========================================================================

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

原因:信任证书库文件路径不正确

解决方法:将正确工程中 /WEB-INF/classes目录下

14. error code 49

==========================================================================

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

希望可以帮到你

如何使用java链接ldap数据库

public static void main(String[] args) {

String url = "ldap://10.0.0.10:389/";

String domain = "dc=dtas,dc=com";

String user = "cn=administrator,cn=users";

String password = "111111";

HashtableString, String env = new HashtableString, String();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // LDAP 工厂

env.put(Context.SECURITY_AUTHENTICATION, "simple"); // LDAP访问安全级别

env.put(Context.PROVIDER_URL, url);

env.put(Context.SECURITY_PRINCIPAL, user+","+domain); // 填DN

env.put(Context.SECURITY_CREDENTIALS, password); // AD Password

env.put("java.naming.ldap.attributes.binary", "objectSid objectGUID");

LdapContext ldapCtx = null;

try {

ldapCtx = new InitialLdapContext(env , null);

queryGroup(ldapCtx);

//queryUser(ldapCtx);

} catch (NamingException e) {

e.printStackTrace();

} finally {

if(ldapCtx != null) {

try {

ldapCtx.close();

} catch (NamingException e) {

}

}

}

}

private static void queryGroup(LdapContext ldapCtx) throws NamingException {

SearchControls searchCtls = new SearchControls();

searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

String searchFilter = "objectClass=organizationalUnit";

String searchBase = "ou=myDeptSubDept,ou=myDept,dc=DS-66,dc=com";

String returnedAtts[] = {"distinguishedName", "objectGUID", "name"};

searchCtls.setReturningAttributes(returnedAtts);

NamingEnumerationSearchResult answer = ldapCtx.search(searchBase, searchFilter, searchCtls);

while (answer.hasMoreElements()) {

SearchResult sr = answer.next();

Attributes Attrs = sr.getAttributes();

if (Attrs != null) {

NamingEnumeration? ne = Attrs.getAll();

while(ne.hasMore()) {

Attribute Attr = (Attribute)ne.next();

String name = Attr.getID();

Enumeration? values = Attr.getAll();

if (values != null) { // 迭代

while (values.hasMoreElements()) {

String value = "";

if("objectGUID".equals(name)) {

value = UUID.nameUUIDFromBytes((byte[]) values.nextElement()).toString();

} else {

value = (String)values.nextElement();

}

System.out.println(name + " " + value);

}

}

}

System.out.println("=====================");

}

}

}

用JAVA取LDAP数据库中的信息

Context.SECURITY_PRINCIPAL这个相当于账号。不给你你怎么登陆ldap服务器。估计你能给出客户给了哪些信息吗。不需要你全部给出。

Java获取Ldap叶子节点

使用netscape的ldap工具包。使用其它的工具包,写法类似。

注:必须知道base dn,以下假定ou=admin为base dn。若有明确的base dn,那写法比如:ou=admin,o=test1

源代码如下:

==========================

import netscape.ldap.*;

public class SearchTest {

public static void main(String[] args) {

LDAPConnection lc = null;

LDAPEntry findEntry = null;

int status = -1;

try {

// lc = ConnectionPool.

lc = new LDAPConnection();

/* Connect to server */

String MY_HOST = "localhost";

int MY_PORT = 389;

lc.connect(MY_HOST, MY_PORT);

System.out.println("1=========" +lc.isConnected());

lc.authenticate("cn=Directory Manager","password");

System.out.println("2=========" +lc.isConnected());

/* search for all entries with surname of Jensen */

String MY_FILTER = "(objectclass=*)";

String MY_SEARCHBASE = "ou=admin";

LDAPSearchConstraints cons = lc.getSearchConstraints();

cons.setBatchSize(0);

cons.setMaxResults(5);

MY_FILTER = "(objectclass=*)" ;

LDAPSearchResults res = lc.search(MY_SEARCHBASE,

LDAPConnection.SCOPE_ONE,

MY_FILTER,

null,

false,

cons);

while (res.hasMoreElements()) {

LDAPEntry cLDAPEntry = res.next() ;

System.out.println("" + cLDAPEntry.getDN());

System.out.println("" + cLDAPEntry.toString());

}

status = 0;

} catch (LDAPException e) {

System.out.println("Error: " + e.toString());

e.printStackTrace();

}

/* Done, so disconnect */

if ((lc != null) lc.isConnected()) {

try {

lc.disconnect();

System.out.println("3=========" +lc.isConnected());

} catch (LDAPException e) {

System.out.println("Error: " + e.toString());

}

}

System.out.println("4=========" +lc.isConnected());

System.exit(status);

}

}

java 访问ldap服务器,把dn下的树目录全部读取出来

拿到一个 InitialContext 之后 list(""); 就得到了一个集合,然后遍历这个 Enumeration 对象得到每个 Binding,它有 key 和 value,如果 value 是一个 Context 就是子目录了,再用 context.list("") 得到下面的子条目。递归你熟练吧。

在 InitialContext 中要先得到你的 root context,比如你可以先找公司的 Active X 域服务器练习一下,或安装一个 OpenLDAP 来练习。在 Active X 中,你能从自己的账户名看出规律的。