我正在尝试从 LDAP 获取当前用户的所有组和角色。 这是我的应用程序。 如果用户登录,我需要获取其角色和组
我查了很多帖子,但没有找到答案
@Override
public void run(String... args) throws Exception {
String searchbase = "dc=springframework,dc=org";
Hashtable<String, String> environment = new Hashtable<>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, "ldap://localhost:8389");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, "uid=bob,ou=people,dc=springframework,dc=org");
environment.put(Context.SECURITY_CREDENTIALS, "bobspassword");
// trying to connect LDAP server
LdapContext ctx = new InitialLdapContext(environment, null);
System.out.println("Connected!");
SearchControls controls = new SearchControls();
String[] attributes = {"cn","ou"};
controls.setReturningAttributes(attributes);
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<?> answer = ctx.search(searchbase, "(&(objectclass=groupOfUniqueNames))", controls);
while(answer.hasMore()) {
SearchResult rslt = (SearchResult) answer.next();
Attributes attrs = rslt.getAttributes();
String groupsCN = attrs.get("cn").toString();
String groupsOU = attrs.get("ou").toString();
String [] groupname = groupsCN.split(":");
String userGroup = groupname[1];
System.out.println(attrs.get("cn"));
String [] groupnameOU = groupsOU.split(":");
String userGroupOU = groupnameOU[1];
System.out.println(attrs.get("ou"));
}
System.out.println("Listed!");
ctx.close();
System.exit(1);
}
和我的 LDAP 服务器。它是 Spring Boot 中的嵌入式 LDAP 服务器
dn: dc=springframework,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: subgroups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: password
dn: uid=bob,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Hamilton
sn: Hamilton
uid: bob
userPassword: bobspassword
dn: cn=developers,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: developers
ou: developer
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
dn: cn=managers,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: managers
ou: manager
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: submanagers
ou: submanager
uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
我需要获取用户的角色和组。现在我得到了所有的组和角色。过滤器有问题吗?
最佳答案
您过滤“(&(objectclass=groupOfUniqueNames))”只是请求所有组。
如果您需要用户(Ben)的组,则需要在用户是成员时过滤组:"(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=ben,ou=people,dc=springframework ,dc=org))"
关于java - 从 LDAP 获取当前用户的所有组和角色,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55757648/