- 浏览: 307311 次
- 性别:
- 来自: 杭州
文章分类
最新评论
-
wst0350:
点赞,有空深入讲解下原理
Servlet、Filter 和 Listener 调用顺序、生命周期的实验分析 -
tuspark:
Eclipse中高亮设置内容还有很多细节选项可以设置的,可以看 ...
Eclipse 设置匹配代码高亮 -
xichao1929:
这个时候,怎么启动发布的项目呢?????
JBoss设置为Windows服务 -
xiaozi7:
非常感谢,楼主的英语水平不一般那
WebSphere MQ Version 7 发布订阅相关配置 -
qtlkw:
slave没玩过
Hudson: java.lang.OutOfMemoryError: Java heap space error
用LDAP牵涉到的几个概念,Context,entry/object,filter.Attribute
Context:上下文,我的理解是相当与文件系统的中的目录(JNDI的Naming Service是可以用操作系统的文件系统的).
entry/object:一个节点,相当与文件系统中的目录或文件.
filter:查询/过滤条件是一个字符串表达式如:(&(objectClass=top)(cn=*))查询出objectClass属性为top,cn属性为所有情况的entry.
Attribute:entry/object的属性可以理解成JAVA对象的属性,不同的是这个属性可以多次赋值.
测试方法:
search()方法的第一个参数是一个上下文执行时在这个上下文下进行查找,第二个参数是一个Filter字串意思是符合objectClass=top并且cn属性为任意值的entry,第三个属性是一个SearchControls对象在这个对象中设置一些参数用于控制查找,如controls.setSearchScope(SearchControls.SUBTREE_SCOPE); 这个方法中有三个值,SUBTREE_SCOPE为查找给定上下文(第一个参数)下以及所有下级上下文下的所有entry,而 ONELEVEL_SCOPE只查找给定上下文下的entry,OBJECT_SCOPE只查找一个entry。 controls.setCountLimit(100); 是设置查找返回的最大结果,如果查询的结果超过了这个值那么就会抛出一个异常。还有一个设置超时时间的方法setTimeout()。
Context:上下文,我的理解是相当与文件系统的中的目录(JNDI的Naming Service是可以用操作系统的文件系统的).
entry/object:一个节点,相当与文件系统中的目录或文件.
filter:查询/过滤条件是一个字符串表达式如:(&(objectClass=top)(cn=*))查询出objectClass属性为top,cn属性为所有情况的entry.
Attribute:entry/object的属性可以理解成JAVA对象的属性,不同的是这个属性可以多次赋值.
import java.util.HashMap; import java.util.Properties; import java.util.LinkedList; import java.util.List; import java.util.Map; import javax.naming.Context; import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.AttributeInUseException; import javax.naming.directory.Attributes; import javax.naming.directory.BasicAttribute; import javax.naming.directory.BasicAttributes; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.ModificationItem; import javax.naming.directory.NoSuchAttributeException; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; public class LDAPManager { /** The OU (organizational unit) to add users to */ private static final String USERS_OU = "ou=People,dc=ibm,dc=com"; /** The OU (organizational unit) to add groups to */ private static final String GROUPS_OU = "ou=Group,dc=ibm,dc=com"; /** The OU (organizational unit) to add permissions to */ private static final String PERMISSIONS_OU = "ou=Permission,dc=ibm,dc=com"; /** The default LDAP port */ private static final int DEFAULT_PORT = 389; /** The LDAPManager instance object */ private static Map instances = new HashMap(); /** The connection, through a <code>DirContext</code>, to LDAP */ private DirContext context; /** The hostname connected to */ private String hostname; /** The port connected to */ private int port; protected LDAPManager(String hostname, int port, String username, String password) throws NamingException { context = getInitialContext(hostname, port, username, password); // Only save data if we got connected this.hostname = hostname; this.port = port; } public static LDAPManager getInstance(String hostname, int port, String username, String password) throws NamingException { // Construct the key for the supplied information String key = new StringBuffer() .append(hostname) .append(":") .append(port) .append("|") .append((username == null ? "" : username)) .append("|") .append((password == null ? "" : password)) .toString(); if (!instances.containsKey(key)) { synchronized (LDAPManager.class) { if (!instances.containsKey(key)) { LDAPManager instance = new LDAPManager(hostname, port, username, password); instances.put(key, instance); return instance; } } } return (LDAPManager)instances.get(key); } public static LDAPManager getInstance(String hostname, int port) throws NamingException { return getInstance(hostname, port, null, null); } public static LDAPManager getInstance(String hostname) throws NamingException { return getInstance(hostname, DEFAULT_PORT, null, null); } public void addUser(String username, String firstName, String lastName, String password) throws NamingException { // Create a container set of attributes Attributes container = new BasicAttributes(); // Create the objectclass to add Attribute objClasses = new BasicAttribute("objectClass"); objClasses.add("top"); objClasses.add("person"); objClasses.add("organizationalPerson"); objClasses.add("inetOrgPerson"); // Assign the username, first name, and last name String cnValue = new StringBuffer(firstName) .append(" ") .append(lastName) .toString(); Attribute cn = new BasicAttribute("cn", cnValue); Attribute givenName = new BasicAttribute("givenName", firstName); Attribute sn = new BasicAttribute("sn", lastName); Attribute uid = new BasicAttribute("uid", username); // // Attribute att = new BasicAttribute("memberof"); // if(username.startsWith("dev")){ // String memberOf = new StringBuilder("cn=dev,").append(GROUPS_OU).toString(); // att.add(memberOf); // }else if(username.startsWith("qa")){ // String memberOf = new StringBuilder("cn=qa,").append(GROUPS_OU).toString(); // att.add(memberOf); // }else{ // String memberOf = new StringBuilder("cn=dev,").append(GROUPS_OU).toString(); // att.add(memberOf); // // memberOf = new StringBuilder("cn=qa,").append(GROUPS_OU).toString(); // att.add(memberOf); // } // container.put(att); // Add password Attribute userPassword = new BasicAttribute("userpassword", password); // Add these to the container container.put(objClasses); container.put(cn); container.put(sn); container.put(givenName); container.put(uid); container.put(userPassword); // Create the entry context.createSubcontext(getUserDN(username), container); } public void deleteUser(String username) throws NamingException { try { context.destroySubcontext(getUserDN(username)); } catch (NameNotFoundException e) { // If the user is not found, ignore the error } } public boolean isValidUser(String username, String password) throws UserNotFoundException { try { DirContext context = getInitialContext(hostname, port, getUserDN(username), password); return true; } catch (javax.naming.NameNotFoundException e) { throw new UserNotFoundException(username); } catch (NamingException e) { // Any other error indicates couldn't log user in return false; } } public void addGroup(String name, String description, String[] memberOfGroup) throws NamingException, Throwable { if(memberOfGroup != null && memberOfGroup.length > 0){ // Create a container set of attributes Attributes container = new BasicAttributes(); // Create the objectclass to add Attribute objClasses = new BasicAttribute("objectClass"); objClasses.add("top"); objClasses.add("groupOfUniqueNames"); // objClasses.add("groupOfNames"); // Assign the name and description to the group Attribute cn = new BasicAttribute("cn", name); Attribute desc = new BasicAttribute("description", description); // StringBuilder sb = new StringBuilder(); // int count = 0; // for(String member : memberOfGroup){ // if(count > 0){ // sb.append(","); // } // sb.append("uid=").append(member); // count ++; // } // String memberAttribute = sb.append(",").append(USERS_OU).toString(); // Attribute groupmember = new BasicAttribute("member", memberAttribute); // container.put(groupmember); Attribute memberAttributes = new BasicAttribute("uniquemember"); for(String member : memberOfGroup){ String memberAttribute = new StringBuilder("uid=").append(member).append(",").append(USERS_OU).toString(); // Attribute groupmember = new BasicAttribute("member", memberAttribute); memberAttributes.add(memberAttribute); } container.put(memberAttributes); // Add these to the container container.put(objClasses); container.put(cn); container.put(desc); // Create the entry context.createSubcontext(getGroupDN(name), container); }else{ throw new Throwable("Error occurs, not assign members into this group."); } } public void deleteGroup(String name) throws NamingException { try { context.destroySubcontext(getGroupDN(name)); } catch (NameNotFoundException e) { // If the group is not found, ignore the error } } public void addPermission(String name, String description) throws NamingException { // Create a container set of attributes Attributes container = new BasicAttributes(); // Create the objectclass to add Attribute objClasses = new BasicAttribute("objectClass"); objClasses.add("top"); objClasses.add("ibmPermission"); // Assign the name and description to the group Attribute cn = new BasicAttribute("cn", name); Attribute desc = new BasicAttribute("description", description); // Add these to the container container.put(objClasses); container.put(cn); container.put(desc); // Create the entry context.createSubcontext(getPermissionDN(name), container); } public void deletePermission(String name) throws NamingException { try { context.destroySubcontext(getPermissionDN(name)); } catch (NameNotFoundException e) { // If the permission is not found, ignore the error } } public void assignUser(String username, String groupName) throws NamingException { try { ModificationItem[] mods = new ModificationItem[1]; Attribute mod = new BasicAttribute("uniqueMember", getUserDN(username)); mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod); context.modifyAttributes(getGroupDN(groupName), mods); } catch (AttributeInUseException e) { // If user is already added, ignore exception } } public void removeUser(String username, String groupName) throws NamingException { try { ModificationItem[] mods = new ModificationItem[1]; Attribute mod = new BasicAttribute("uniqueMember", getUserDN(username)); mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, mod); context.modifyAttributes(getGroupDN(groupName), mods); } catch (NoSuchAttributeException e) { // If user is not assigned, ignore the error } } public boolean userInGroup(String username, String groupName) throws NamingException { // Set up attributes to search for String[] searchAttributes = new String[1]; searchAttributes[0] = "uniqueMember"; Attributes attributes = context.getAttributes(getGroupDN(groupName), searchAttributes); if (attributes != null) { Attribute memberAtts = attributes.get("uniqueMember"); if (memberAtts != null) { for (NamingEnumeration vals = memberAtts.getAll(); vals.hasMoreElements(); ) { if (username.equalsIgnoreCase( getUserUID((String)vals.nextElement()))) { return true; } } } } return false; } public List getMembers(String groupName) throws NamingException { List members = new LinkedList(); // Set up attributes to search for String[] searchAttributes = new String[1]; searchAttributes[0] = "uniqueMember"; Attributes attributes = context.getAttributes(getGroupDN(groupName), searchAttributes); if (attributes != null) { Attribute memberAtts = attributes.get("uniqueMember"); if (memberAtts != null) { for (NamingEnumeration vals = memberAtts.getAll(); vals.hasMoreElements(); members.add( getUserUID((String)vals.nextElement()))) ; } } return members; } public List getGroups(String username) throws NamingException { List groups = new LinkedList(); // Set up criteria to search on String filter = new StringBuffer() .append("(&") .append("(objectClass=groupOfIBMNames)") .append("(uniqueMember=") .append(getUserDN(username)) .append(")") .append(")") .toString(); // Set up search constraints SearchControls cons = new SearchControls(); cons.setSearchScope(SearchControls.ONELEVEL_SCOPE); // cons.setSearchScope(SearchControls.SUBTREE_SCOPE); // cons.setCountLimit(10000); NamingEnumeration results = context.search(GROUPS_OU, filter, cons); while (results.hasMore()) { SearchResult result = (SearchResult)results.next(); groups.add(getGroupCN(result.getName())); } return groups; } public void assignPermission(String groupName, String permissionName) throws NamingException { try { ModificationItem[] mods = new ModificationItem[1]; Attribute mod = new BasicAttribute("uniquePermission", getPermissionDN(permissionName)); mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod); context.modifyAttributes(getGroupDN(groupName), mods); } catch (AttributeInUseException e) { // Ignore the attribute if it is already assigned } } public void revokePermission(String groupName, String permissionName) throws NamingException { try { ModificationItem[] mods = new ModificationItem[1]; Attribute mod = new BasicAttribute("uniquePermission", getPermissionDN(permissionName)); mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, mod); context.modifyAttributes(getGroupDN(groupName), mods); } catch (NoSuchAttributeException e) { // Ignore errors if the attribute doesn't exist } } public boolean hasPermission(String groupName, String permissionName) throws NamingException { // Set up attributes to search for String[] searchAttributes = new String[1]; searchAttributes[0] = "uniquePermission"; Attributes attributes = context.getAttributes(getGroupDN(groupName), searchAttributes); if (attributes != null) { Attribute permAtts = attributes.get("uniquePermission"); if (permAtts != null) { for (NamingEnumeration vals = permAtts.getAll(); vals.hasMoreElements(); ) { if (permissionName.equalsIgnoreCase( getPermissionCN((String)vals.nextElement()))) { return true; } } } } return false; } public List getPermissions(String groupName) throws NamingException { List permissions = new LinkedList(); // Set up attributes to search for String[] searchAttributes = new String[1]; searchAttributes[0] = "uniquePermission"; Attributes attributes = context.getAttributes(getGroupDN(groupName), searchAttributes); if (attributes != null) { Attribute permAtts = attributes.get("uniquePermission"); if (permAtts != null) { for (NamingEnumeration vals = permAtts.getAll(); vals.hasMoreElements(); permissions.add( getPermissionCN((String)vals.nextElement()))) ; } } return permissions; } private String getUserDN(String username) { return new StringBuffer() .append("uid=") .append(username) .append(",") .append(USERS_OU) .toString(); } private String getUserUID(String userDN) { int start = userDN.indexOf("="); int end = userDN.indexOf(","); if (end == -1) { end = userDN.length(); } return userDN.substring(start+1, end); } private String getGroupDN(String name) { return new StringBuffer() .append("cn=") .append(name) .append(",") .append(GROUPS_OU) .toString(); } private String getGroupCN(String groupDN) { int start = groupDN.indexOf("="); int end = groupDN.indexOf(","); if (end == -1) { end = groupDN.length(); } return groupDN.substring(start+1, end); } private String getPermissionDN(String name) { return new StringBuffer() .append("cn=") .append(name) .append(",") .append(PERMISSIONS_OU) .toString(); } private String getPermissionCN(String permissionDN) { int start = permissionDN.indexOf("="); int end = permissionDN.indexOf(","); if (end == -1) { end = permissionDN.length(); } return permissionDN.substring(start+1, end); } private DirContext getInitialContext(String hostname, int port, String username, String password) throws NamingException { String providerURL = new StringBuffer("ldap://") .append(hostname) .append(":") .append(port) .toString(); Properties props = new Properties(); props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); props.put(Context.PROVIDER_URL, providerURL); if ((username != null) && (!username.equals(""))) { props.put(Context.SECURITY_AUTHENTICATION, "simple"); props.put(Context.SECURITY_PRINCIPAL, username); props.put(Context.SECURITY_CREDENTIALS, ((password == null) ? "" : password)); } return new InitialDirContext(props); } } public class UserNotFoundException extends RuntimeException{ private static final long serialVersionUID = 1L; public UserNotFoundException(String message) { super(message); } public UserNotFoundException(Throwable cause) { super(cause); } public UserNotFoundException(String message, Throwable cause) { super(message, cause); } }
测试方法:
import org.junit.BeforeClass; import org.junit.Test; public class LDAPManagerTest { private static LDAPManager ldapManager; @BeforeClass public static void initEnv() throws Exception{ ldapManager = LDAPManager.getInstance("10.2.9.110", 389, "cn=manager,dc=ibm,dc=com", "secret"); } @Test public void addGroup() throws Throwable{ try{ String[] str1 = {"test1", "test2", "test3", "test4", "test5"}; String[] str2 = {"test1", "test7", "test9"}; ldapManager.addGroup("dev", "All people in dev team", str1); ldapManager.addGroup("qa", "All people in dev team", str2); ldapManager.assignUser("test5", "qa"); }catch(Exception e){ e.printStackTrace(); } } @Test public void addUser() throws Exception{ for(int i=1; i<234000; i++){ ldapManager.addUser("test"+i, "first"+i, "last"+i, "123"); } } }
search()方法的第一个参数是一个上下文执行时在这个上下文下进行查找,第二个参数是一个Filter字串意思是符合objectClass=top并且cn属性为任意值的entry,第三个属性是一个SearchControls对象在这个对象中设置一些参数用于控制查找,如controls.setSearchScope(SearchControls.SUBTREE_SCOPE); 这个方法中有三个值,SUBTREE_SCOPE为查找给定上下文(第一个参数)下以及所有下级上下文下的所有entry,而 ONELEVEL_SCOPE只查找给定上下文下的entry,OBJECT_SCOPE只查找一个entry。 controls.setCountLimit(100); 是设置查找返回的最大结果,如果查询的结果超过了这个值那么就会抛出一个异常。还有一个设置超时时间的方法setTimeout()。
import java.util.Hashtable; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.SizeLimitExceededException; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; /** * Demonstrates how to perform a search and limit the number of results * returned. * * usage: java SearchCountLimit */ class SearchCountLimit { static int expected = 1; public static void printSearchEnumeration(NamingEnumeration srhEnum) { int count = 0; try { while (srhEnum.hasMore()) { SearchResult sr = (SearchResult) srhEnum.next(); System.out.println(">>>" + sr.getName()); ++count; } System.out.println("number of answers: " + count); } catch (SizeLimitExceededException e) { if (count == expected) System.out.println("number of answers: " + count); else e.printStackTrace(); } catch (NamingException e) { e.printStackTrace(); } } public static void main(String[] args) { // Set up the environment for creating the initial context Hashtable<String, Object> env = new Hashtable<String, Object>(11); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial"); try { // Create initial context DirContext ctx = new InitialDirContext(env); // Set search controls to limit count to 'expected' SearchControls ctls = new SearchControls(); ctls.setCountLimit(expected); // Search for objects with those matching attributes NamingEnumeration answer = ctx.search("ou=People", "(sn=M*)", ctls); // Print the answer printSearchEnumeration(answer); // Close the context when we're done ctx.close(); } catch (Exception e) { System.err.println(e); } } }
相关推荐
**LDAP(轻量级目录访问协议)搜索过滤器的字符串表示**是RFC1558文档的核心主题。此文档旨在提供一种人类可读的字符串格式,以便于在与LDAP服务器进行交互时描述和传递搜索过滤器。以下是关于该主题的详细说明: 1...
LDAP的研究及其在统一身份认证系统中的应用 LDAP的研究与在校园网统一身份认证中的应用 基于LDAP的统一身份认证的设计与实现 基于LDAP的统一身份认证系统的实现 基于LDAP的校园网统一身份认证系统设计 基于LDAP和...
《基于LDAP统一用户管理系统的研究与应用》 在信息化时代的今天,用户管理是企业信息系统的核心环节。随着企业IT架构的日益复杂,多应用系统的并存使得用户管理变得愈发困难。为了解决这一问题,基于LDAP...
从简单介绍X.500协议出发,介绍LDAP的起源,简要比较LDAP与X.500协议的区别,概述LDAP框架模型;从应用目录服务角度,简述了LDAP目录服务功能模块和工作流程;介绍分析LDAP目录服务发展现状;最后预测其发展方向。
标题中的“修改ldap密码源代码”表明我们即将探讨的是与LDAP(轻量级目录访问协议)相关的编程实践,特别是涉及到用户密码的修改...同时,如果有任何疑问,可以参考www.pudn.com.txt提供的资料来源进行更深入的研究。
这几天在研究LDAP安装,上网找了一大圈还是没整明白,经过无数次的失败和N小时的尝试中终于研究的差不多了。 下面简要说一下流程吧,希望对大家有所帮助: 主要参考:...
【基于Linux的LDAP应用环境研究与目录服务实现】 在信息技术领域,目录服务是管理和存储组织信息的一种高效方式,尤其在大型网络环境中。轻量级目录访问协议(LDAP)作为目录服务的标准,因其轻便和高效而被广泛...
通过深入研究“mozldap-6.0.5”的源码,开发者不仅可以学习到如何在C语言环境中实现一个功能完备的LDAP客户端,还能提升跨平台开发的能力,并对网络编程、目录服务和软件工程实践有更深入的理解。
本研究提出的XML-LDAP数据转换模型主要包含三个核心组件: 1. LDAP数据模型的建立:解决XML数据模型与LDAP模型之间的差异性,将XML的数据结构映射成LDAP能够识别和处理的格式。这一步骤是关键,因为它直接影响到...
对基于LDAP统一身份认证架构下的802.1x的无线接入认证整合进行研究。提出并建立了一套保障信息安全的全局身份认证管理系统,在采用RC4安全加密技术的基础上,实现了基于RADIUS的无线802.1x/EAP接入认证和基于LDAP的...
LDAP协议,全称Lightweight Directory Access Protocol,即轻量目录访问协议,是一种用于访问和维护分布式目录信息服务的应用协议。它起源于20世纪80年代的X.500标准,随着网络的普及和应用领域的拓展,LDAP因其较高...
基于LDAP目录服务的研究与应用.nh 基于LDAP目录服务的研究与应用.nh 基于LDAP目录服务的研究与应用.nh 基于LDAP目录服务的研究与应用.nh 基于LDAP目录服务的研究与应用.nh 基于LDAP目录服务的研究与应用.nh
10. **案例研究与最佳实践**:通过真实的企业应用场景,展示IBM LDAP的实施步骤和最佳实践,帮助读者更好地理解和应用。 IBM LDAP文档还会包含详细的命令行工具用法、图形界面管理工具的使用指南,以及对不同版本的...
通过研究这些例子,你可以更好地理解如何将LDAP API应用到实际项目中。 总之,"ldap_sdk_c_winnt"提供了一个学习和实践C语言中LDAP编程的平台,特别是针对Windows环境。掌握这些技能后,你就能构建能够高效管理和...
### LDAP的研究及其在统一身份认证系统中的应用 #### 引言 随着信息技术的快速发展和互联网应用的广泛普及,网络环境下的各种服务系统如雨后春笋般涌现出来。这些服务系统大多数采用B/S(浏览器/服务器)架构,各自...
LDAP数据访问优化研究关注的是提高LDAP服务器的性能,特别是数据访问速度的提升,因为随着系统处理数据量的增加,响应速度会受到影响。文章中提出的优化措施主要包括基于hash表的内存缓存设计与实现、索引的合理使用...
通过研究这些示例代码,你可以深入理解如何在VC环境下集成和使用LDAP进行实际的数据操作。 总的来说,掌握LDAP的使用对于系统管理员、软件开发者以及任何涉及身份管理和数据检索的角色都十分关键。通过这个"ldap...
目录服务则通过信息的集中存储解决了现实中面临的管理和维护的...为了在实际中应用和部署LDAP,本文讨论了LDAP应用部署的详细过程,并简要介绍了三种LDAP编程模型LDAPCAPI、ADSI、JNDI。文章的后面是LDAP应用方案实例。