java - 使用 AD 和 Apache shiro 从 LDAP 服务器检索全名或显示名称

Question

我正在尝试针对 LDAP 服务器验证一组凭据，并且能够成功验证它们。现在我尝试获取登录服务器的用户的全名或显示名称。我无法得到相同的。作为 LDAP 概念的新手，我无法找到一种方法来获取用户的完整显示名称。请有人帮助我如何获取登录用户的完整显示名称。

下面是正在使用的 shiro.ini 文件:

[main]
activeDirectoryRealm = 
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
activeDirectoryRealm.systemUsername = adminusername
activeDirectoryRealm.systemPassword = adminpswd
activeDirectoryRealm.searchBase = "OU=User Accounts,DC=dmn,DC=net"
activeDirectoryRealm.url = ldaps://localhost:389

我的Java代码如下:

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ExampleActiveDirectory {


public static final String userName = "myusername";
public static final String password = "mypassword";

public static void main(String[] args)
{
    //Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\auth.ini");
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\shiro.ini");
    SecurityManager securityManager = factory.getInstance();
    SecurityUtils.setSecurityManager( securityManager );
    System.out.println( "userName is  : " +userName);
    System.out.println( "password is  : " +password);
    UsernamePasswordToken token = new UsernamePasswordToken( userName,password );
    Subject currentUser = SecurityUtils.getSubject();
    try
    {
        //currentUser.login( token ) ;
        securityManager.login(currentUser,token).isAuthenticated();
        System.out.println( "We've authenticated! :)" );
    }
    catch ( AuthenticationException e )
    {
        System.out.println( "We did not authenticate :(" );
        e.printStackTrace();
    }

   }
}

Answer 1

谢谢你的信息。 链接-http://www.deepakgaikwad.net/index.php/2009/09/24/retrieve-basic-user-attributes-from-active-directory-using-ldap-in-java.html

找到解决方案如下:

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

import org.apache.shiro.web.tags.UserTag;

public class RetrieveUserAttributes {

public static void main(String[] args) {
    RetrieveUserAttributes retrieveUserAttributes = new RetrieveUserAttributes();
    retrieveUserAttributes.getUserBasicAttributes("username", retrieveUserAttributes.getLdapContext());
}

public LdapContext getLdapContext(){
    LdapContext ctx = null;
    try{
        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.SECURITY_AUTHENTICATION, "Simple");
        env.put(Context.SECURITY_PRINCIPAL, "adminusername");
        env.put(Context.SECURITY_CREDENTIALS, "adminpswrd");
        env.put(Context.PROVIDER_URL, "ldaps://localhost:389");
        ctx = new InitialLdapContext(env, null);
        System.out.println("Connection Successful.");
    }catch(NamingException nex){
        System.out.println("LDAP Connection: FAILED");
        nex.printStackTrace();
    }
    return ctx;
}

UserTag getUserBasicAttributes(String username, LdapContext ctx) {
    UserTag user=null;
    try {

        SearchControls constraints = new SearchControls();
        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        String[] attrIDs = { "distinguishedName",
                "sn",
                "givenname",
                "mail",
                "telephonenumber"};
        constraints.setReturningAttributes(attrIDs);
        //First input parameter is search bas, it can be "CN=Users,DC=YourDomain,DC=com"
        //Second Attribute can be uid=username
        NamingEnumeration answer = ctx.search("DC=domain,DC=com", "sAMAccountName="
                + "username", constraints);
        if (answer.hasMore()) {
            Attributes attrs = ((SearchResult) answer.next()).getAttributes();
            System.out.println("distinguishedName "+ attrs.get("distinguishedName"));
            System.out.println("givenname "+ attrs.get("givenname"));
            System.out.println("sn "+ attrs.get("sn"));
            System.out.println("mail "+ attrs.get("mail"));
            System.out.println("telephonenumber "+ attrs.get("telephonenumber"));
        }else{
            throw new Exception("Invalid User");
        }

    } catch (Exception ex) {
        ex.printStackTrace();
    }
    return user;
}

}