3

我正在尝试使用spring ldap 1.3.1.RELEASE连接到windows server 2008上的ldap 活动目录 ,ldap 配置如下:

  • ldap 网址是:ldap://dc.fabrikam.com
  • 用户名:管理员
  • 密码:123456

- spring ldap配置如下:

    <bean id="contextSource" 
    class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://dc.fabrikam.com" />
    <property name="base" value="dc=fabrikam,dc=com" />     
    <property name="userDn" value="CN=administrator,CN=Users,DC=fabrikam,DC=com" />     
    <property name="password" value="123456" />


    <property name="baseEnvironmentProperties">
    <map>
        <entry key="java.naming.referral">
            <value>follow</value>
        </entry>
    </map>
    </property>

</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>
  • LDAPContactDAO:

    @Service
    public class LDAPContactDAO implements ContactDAO {
    
    @Autowired
    private LdapTemplate ldapTemplate;
    
    public List getAllContactNames() {
        return ldapTemplate.search("", "(objectclass=person)",
                new AttributesMapper() {
                    public Object mapFromAttributes(Attributes attrs)
                            throws NamingException {
                        return attrs.get("cn").get();
                    }
                });
    }
    
    }
    

- 异常前的调试:

2012-12-31/15:50:36.425 [localhost-startStop-1] DEBUG AuthenticationSource not set - using default implementation
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Not using LDAP pooling
2012-12-31/15:50:36.428 [localhost-startStop-1] DEBUG Trying provider Urls: ldap://192.168.1.118/dc=fabrikam,dc=com
2012-12-31/15:50:37.558 [http-bio-8080-exec-5] DEBUG Got Ldap context on server 'ldap://192.168.1.118/dc=fabrikam,dc=com'

尝试使用 getAllContactNames 方法时,出现以下异常:

org.springframework.ldap.CommunicationException: fabrikam.com.com:389; nested exception is javax.naming.CommunicationException: fabrikam.com.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:529)
    at java.net.Socket.connect(Socket.java:478)
    at java.net.Socket.<init>(Socket.java:375)
    at java.net.Socket.<init>(Socket.java:189)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
    at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
    at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
    at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1838)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:253)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:451)
    at com.xeno.advancedphonedirectory.LDAPContactDAO.getAllContactNames(LDAPContactDAO.java:20)
    at com.xeno.advancedphonedirectory.web.IndexController.get(IndexController.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

请指教。

更新:

我设法使用以下配置使用jxplorer连接到活动目录:

  1. 主持人: dc.fabrikam.com
  2. 端口: 389
  3. 基础 DN: dc=fabrikam,dc=com
  4. 用户 DN: CN=administrator,CN=Users,DC=fabrikam,DC=com
  5. 密码:秘密

但我仍然通过spring ldap连接超时。

更新2:

现在问题已缩小到 spring ldap,因为我尝试使用 JNDI 进行上述配置,并且与 ldap 的连接工作正常,如此处所述:

ldap 搜索很慢

我认为推荐属性可能是问题所在。

4

4 回答 4

5

我们发现此问题是由于 DNS 中不存在域控制器造成的。如果您使用的是域名而不是 IP,请执行 NSLOOKUP 以显示该域指向的所有 IP:

NSLOOKUP fabrikam.com

确保来自 NSLOOKUP 的所有 IP 在端口 389 上都可以访问:

Test-NetConnection 172.30.2.1 -port 389
于 2017-10-09T23:51:21.003 回答
1

连接到远程资源时,可能会出现一千件事。要缩小原因范围,请执行以下操作:

  • 检查 Windows 日志(使用事件查看器)
  • 如果启用,请禁用 dc.fabrikam.com 上的 Windows 防火墙(然后确保端口 389 已打开)
  • 尝试从您手动运行 Java 应用程序的主机连接到 LDAP,例如telnet dc.fabrikam.com 389
  • 如果可能的话,将您的 Java 应用程序部署在同一主机 dc.fabrikam.com 上以排除连接问题
于 2012-12-31T13:59:42.377 回答
0

要解决这个问题,您需要在您的计算机上添加一个LDAP DNS 配置,以允许与 LDAP 服务器建立弹簧 连接。

  • Linux:/etc/hosts

  • Windows:C:\Windows\System32\drivers\etc\hosts

打开 cmd使用NSLOOKUP命令查看LDAP地址,然后将 ldap 服务器地址添加到 windows hosts 文件中:<server IP> <server host name>

例子:

192.168.1.123 ldap.atlassian.com

于 2019-01-15T09:55:23.970 回答
-1

您遇到的问题是您只需将这些 aumetnar 渗入基础的连接进行分组,例如您的配置是:

<property name="base" value="dc=fabrikam,dc=com" />

改成:

<property name="base" value="ou=grupo,dc=fabrikam,dc=com" />
于 2013-11-25T14:27:53.797 回答