2

我正在尝试对位于目录根目录的许多不同 OU 执行 LDAP 搜索。

上下文初始化:

Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_CREDENTIALS, "somePassword");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_PRINCIPAL, "MYDOMAIN\\\\myUsername");
env.put(Context.PROVIDER_URL, "ldap://myLdapServer:389");
searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctx = new InitialDirContext(env);

所以为了搜索我打电话的用户

ctx.search("OU=OrgUnitOne,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)

或者

ctx.search("OU=OrgUnitTwo,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)

并且工作正常。但由于我想搜索 DA 根目录中的所有 OU,我必须使用另一个 baseDN 进行搜索,但我没有找到。我已经尝试了以下但似乎没有一个工作......

没有 OU:

ctx.search("DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=mysite,DC=com'

searchBase字符串:

ctx.search("", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:'']; remaining name ''

绝望的通配符 *

ctx.search("OU=\*,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'DC=mysite,DC=com']; remaining name 'OU=*,DC=mysite,DC=com'

绝望的通配符 %

ctx.search("OU=%,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'DC=mysite,DC=com']; remaining name 'OU=%,DC=mysite,DC=com'

绝望的 OR 运算符 |

ctx.search("OU=OrgUnitOne|OrgUnitTwo,DC=mysite,DC=com", "(sAMAccountName=someUserName)", searchControls)
//output:
//javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'DC=mysite,DC=com'];

剩下的名字'OU=OrgUnitOne|OrgUnitTwo,DC=mysite,DC=com'

有没有办法在所有根 OU 上实现这种搜索?

4

2 回答 2

3

这对我有用:

Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL,  "ldap://ldapHost");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, "CN=Administrator,CN=Users,DC=domain,DC=com");
ldapEnv.put(Context.SECURITY_CREDENTIALS, "secret");
ldapContext = new InitialDirContext(ldapEnv);
// Create the search controls         
SearchControls searchCtls = new SearchControls();
// Specify the attributes to return
String returnedAtts[]={"sn","givenName", "samAccountName"};
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = "(&(samAccountName=userName))";
// Specify the Base for the search
String searchBase = "dc=domain,dc=com";
// initialize counter to total the results
int totalResults = 0;
// Search for objects using the filter
NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, searchFilter, searchCtls);
// Loop through the search results
while (answer.hasMoreElements()) {
    SearchResult sr = (SearchResult)answer.next();
    totalResults++;
    System.out.println(">>>" + sr.getName());
    Attributes attrs = sr.getAttributes();
    System.out.println(">>>>>>" + attrs.get("samAccountName"));       
}
System.out.println("Total results: " + totalResults);
ldapContext.close();
于 2015-03-26T10:20:21.927 回答
0

使用所需的基本对象、 的搜索范围sub、将返回的条目限制为所需条目的过滤器以及请求的属性列表来构造搜索请求。使用 UnboundID LDAP SDK:

SearchRequest req = new SearchRequest("dc=mysite,dc=com",
       SearchScope.SUB,"samAccountName=someUserName","1.1");
SearchResult searchResult = ldapConnection.search(req);

如果服务器允许1.1,此搜索将返回其中 samAccounName 属性包含值“someUserName”(使用匹配规则执行值匹配)的所有条目(意味着不返回属性,将其替换为所需的属性列表) 。在某些情况下,服务器管理员可能不允许此搜索,因为它遍历整个目录服务器数据库。此外,连接的授权状态必须允许检查. 请注意,搜索可能会成功(结果代码 SUCCESS,整数 0),但不会返回任何条目。samAccountName

  • 可分辨名称的 is 没有“或”运算符。
  • 专有名称中没有“通配符”运算符
于 2013-06-26T13:25:32.437 回答