如果使用 ldapsearch 在特定 LDAP 服务器中搜索基本级别的命名上下文,则搜索工作正常。
$ ldapsearch -h myhealthisp.com -p 10389 -x -s base -b "" namingContexts
# extended LDIF
#
# LDAPv3
# base <> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=myhealthisp,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1`
然而,使用 JNDI,我们得到以下响应:
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object] null
这是我们的代码:
private Attribute getCertFromLdap(SRVRecord srvRec, CertificateInfo certInfo) throws CertLookUpException{
env.put(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
sc1 = new SearchControls();
sc1.setSearchScope(SearchControls.ONELEVEL_SCOPE);
try {
env.put(DirContext.PROVIDER_URL, "ldap://" + targetDomain + ":" + srvRec.getPort());
System.out.println("ldap://" + targetDomain + ":" + srvRec.getPort());
DirContext dc = new InitialDirContext(env);
NamingEnumeration directoryNE = null;
System.out.println("Got HERE!");
directoryNE= dc.search("", "objectClass=*", sc1);
System.out.println("SC1 :" + sc1);
while (directoryNE.hasMore()){
SearchResult result1 = (SearchResult) directoryNE.next();
// print DN of entry
System.out.println("Result.getNameInNamespace: " + result1.getName());
Attribute foundMail = findMailAttribute(result1.getNameInNamespace());
if(foundMail != null){
return foundMail;
}
}
dc.close();
} catch (NamingException e) {
System.out.println("No Results for: " + targetDomain + "\nProblem: " + e.getLocalizedMessage() + " " + e.getCause());
} return null;
}
我们能够返回 myhealthisp.com 的基本目录的唯一方法是将目录名称 (dc=myhealthisp,dc=com) 硬编码到基本目录搜索过滤器中(请参阅此内容了解我们的代码基于:http ://directory.apache.org/apacheds/manuals/basic-user-guide-1.5.8-SNAPSHOT/html/ch03s03.html#LDAP操作搜索)
当我们的代码搜索 onctest.org LDAP 服务器时,我们会返回每个命名上下文。
以下是 onctest.org 服务器和 myhealthisp.com 服务器的 Eclipse 控制台输出:
ldap://onctest.org.:10389
Got HERE!
SC1 :javax.naming.directory.SearchControls@4c408bfc
Result.getNameInNamespace: ou=config
Result.getNameInNamespace: dc=example,dc=com
Result.getNameInNamespace: ou=system
Search Result: cn=dts556: null:null:{mail=mail: dts556@onctest.org, usercertificate=userCertificate: [B@35e06ba6, objectclass=objectClass: organizationalPerson, person, inetOrgPerson, top, o=o: onctest, sn=sn: Test Case, cn=cn: dts556}
Service Record: _ldap._tcp.onctEst.org. 86400 IN SRV 0 0 10389 onctest.org.
ldap://myhealthisp.com.:10389
Got HERE!
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object] null
Unable to find certificate at LDAP for: steve.tripp@myhealthisp.com
_ldap._tcp.myhealthisp.com. 3600 IN SRV 0 0 10389 myhealthisp.com.
我们认为导致问题的原因如下:
- JDNI 无法对 OpenLDAProotDSE objectClass 目录进行基本搜索。