近期,因接入集团登录系统,需要通过LDAP实现登录。
什么是LDAP
LDAP是轻量目录访问协议,英文全称是Lightweight Directory Access Protocol,一般都简称为LDAP。它是基于X.500标准的,但是简单多了并且可以根据需要定制。与X.500不同,LDAP支持TCP/IP,这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。 ----【百度百科】
连接LDAP
String ldapUrl = "ldap://*******:389"; // LDAP 访问地址
String ldapFactory = "com.sun.jndi.ldap.LdapCtxFactory";
String ldapAccount = "***";
String ldapPwd = "****"; //密码
public LdapContext connetLDAP() throws NamingException{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory);
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapAccount);
env.put(Context.SECURITY_CREDENTIALS, ldapPwd);
LdapContext ctxTDS = new InitialLdapContext(env,null);
return ctxTDS;
}
LDAP查询
public void findUser(String umAccount) throws NamingException{
LdapContext ctx = connetLDAP();
String userinfo = "";
int flag = 0;
// 设置搜索过滤条件
String filter = "(sAMAccountName="+umAccount+")";
// 定制返回属性
String[] attrPersonArray = {"Nickname","mobile","mail","department"};
SearchControls searchControls = new SearchControls();
// 设置搜索范围
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setTimeLimit(3000);
searchControls.setReturningAttributes(attrPersonArray);
NamingEnumeration<SearchResult> answer = ctx.search(dn, filter.toString(), searchControls);
String[] a = searchControls.getReturningAttributes();
while(answer.hasMoreElements()) {
SearchResult result = answer.next();
NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
// 读取属性值
while(attrs.hasMoreElements()) {
Attribute attr = attrs.next();
if(attrPersonArray.length != flag) {
flag = flag +1;
userinfo = userinfo + attr.get()+",";
}
}
}
System.out.println(userinfo);
}
关闭LDAP连接
LdapContext ctx = connetLDAP();
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
System.out.println("NamingException in close():" + e);
}
}