1

我正在创建一个能够使用 OpenDJ Client SDK 登录到 LDAP 服务器的 Java 应用程序,但我只有Domain NameUser Name(也称为 SAMAccountName )和Password。如果您不知道域登录,请参阅此图像:

在此处输入图像描述

您以以下格式输入用户名字段:DOMAIN_NAME\USER_NAME 而不是简单的 USER_NAME。域名示例为:corp.fabrikam.com。


现在我需要知道如何将域名转换为专有名称 (DN)?因为 OpenDJ 需要专有名称才能连接到 LDAP。

例如:corp.fabrikam.com 的专有名称是:dc=corp、dc=fabrikam、dc=com。

看来我只需要用“。”拆分它,但我听说有一个叫做不相交域的东西:
http ://technet.microsoft.com/en-us/library/cc731125%28v=ws.10%29.aspx

所以这里的分裂技巧可能不可靠。

此外,LDAP 中的用户可以在组织单位 (OU)下。假设用户john属于经理OU,因此 john 的完整用户 DN 将如下所示:

uid=john,ou=manager,dc=corp,dc=fabrikam,dc=com

4

1 回答 1

2

You should always refer to the RootDSE entry of the ldap server to get information about the environment you are connecting to. The RootDSE entry is readable by anyone upon an anonymous bind ( or a particular user, it does not really matter, as long as you are bound ). It contains a lot of interesting stuff, the one you are looking for is defaultNamingContext.

Once bound, perform an ldap read operation on the DN of an empty string: ''. If the framework of your choice provides some API to read the rootDSE, try to use that. It might be much more simple.

This might help you to get a kickstart: http://opendj.forgerock.org/opendj-ldap-sdk/apidocs/index.html I did not find any mention of the defaultNamingContext on the opendj documentation pages, but you might just get the information you are looking for via getNamingContexts() method.

Note that rootDSE is an ldap feature, it's not implementation-specific.

于 2013-04-15T16:37:44.607 回答