0

我需要一些有关 LDAP 身份验证的进一步帮助

.

LDAP 服务器信息:

支持的LDAP版本(2):3;2;

支持的SASL机制(4):GSSAPI;GSS-SPNEGO;外部的; 文摘-MD5;

.

首先,我能够使用用户名和密码成功连接、绑定和搜索 LDAP 服务器。但是我想在不提示或硬编码凭据的情况下进行身份验证..

经过多次尝试,我能够使用 GSSAPI 进行身份验证。但是我现在的问题如下:

更新的问题:我输入了 KLIST 并没有找到 Kerberos 缓存。所以我输入了“KINIT”并提供了密码来创建 Kerberos 缓存并对其进行身份验证。

但是,在 java 中有没有办法创建缓存,还是必须先通过 KINIT cmd 完成?

如果 KINIT 是唯一的选择,那么我的另一个问题是:Windows 是否可以在登录时自动创建 Kerberos 缓存(无需再次重新提供相同的密码)?

*如果编码很糟糕,我深表歉意,我对编码还很陌生,对指针感到非常高兴:)

package LDAP;

import com.unboundid.ldap.sdk.*;

public class LdapConnection {

public static void main(String[] args) throws LDAPException {

        try {

            // CREATE LDAP OPTIONS
            LDAPConnectionOptions ldapOptions = new LDAPConnectionOptions();
            ldapOptions.setUseSynchronousMode(true);
    
            // CREATE LDAP CONNECTION
            LDAPConnection connection = null;
            connection = new LDAPConnection(ldapOptions, "server.ca", 3268);
            System.out.println(connection);
            System.out.println(" ");
   
            // KERBEROS BIND TO LDAP SERVER 
            GSSAPIBindRequestProperties gssapiProperties = new GSSAPIBindRequestProperties("username", (byte[]) null);
            gssapiProperties.setKDCAddress("server");
            gssapiProperties.setRealm("realm");
            GSSAPIBindRequest bindRequest = null;
            bindRequest = new GSSAPIBindRequest(gssapiProperties);
            connection.bind(bindRequest);
    
            // CREATE VARIABLE TO SEARCH FOR
            String AD_Group = "Guests";

            // CREATE SEARCH REQUEST
            String baseDN = "dc=Company,dc=CA";
            Filter searchFilter = Filter.createEqualityFilter("SamAccountName", AD_Group);
            SearchRequest searchRequest = new SearchRequest(baseDN, SearchScope.SUB, searchFilter, "*");

            // PERFORM SEARCH
            SearchResult searchQueryResults = connection.search(searchRequest);

            // DISPLAY SEARCH RESULTS
            System.out.println(searchQueryResults);
            for (SearchResultEntry entry : searchQueryResults.getSearchEntries()) {
                String SamAccountName = entry.getAttributeValue("SamAccountName");
                String DistinguishedName = entry.getAttributeValue("DistinguishedName");

                System.out.println(SamAccountName);
                System.out.println(DistinguishedName);
                System.out.println(" ");
            }

            // TOSS ERROR IF 0 ENTRIES
            if (searchQueryResults.getEntryCount() == 0) {
                System.out.println("No Search Results Found");
                System.out.println(" ");
            }
        }
        catch (Exception e) {
            System.out.println(" ");
            System.out.println("Catch Activated");
            System.out.println(e);
        }
    }
}
4

0 回答 0