ldapsearch

ldapsearch

关注
发信
关注(28)粉丝(399)

java - ldapsearch返回namingContexts,但JNDI不返回

如果使用ldapsearch在特定的LDAP服务器上搜索基本级别的命名上下文,则搜索可以正常进行。

$ ldapsearch -h myhealthisp.com -p 10389 -x -s base -b "" namingContexts
# extended LDIF
#
# LDAPv3
# base <> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=myhealthisp,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1`


但是,使用JNDI,我们得到以下响应:

No Results for: myhealthisp.com.Problem: [LDAP: error code 32 - No Such Object] null

这是我们的代码:

private Attribute getCertFromLdap(SRVRecord srvRec, CertificateInfo certInfo) throws CertLookUpException{
    env.put(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    sc1 = new SearchControls();
    sc1.setSearchScope(SearchControls.ONELEVEL_SCOPE);

try {
        env.put(DirContext.PROVIDER_URL, "ldap://" + targetDomain + ":" + srvRec.getPort());
        System.out.println("ldap://" + targetDomain + ":" + srvRec.getPort());

        DirContext dc = new InitialDirContext(env);
        NamingEnumeration directoryNE = null;

        System.out.println("Got HERE!");
        directoryNE= dc.search("", "objectClass=*", sc1);

        System.out.println("SC1 :" + sc1);
        while (directoryNE.hasMore()){
                        SearchResult result1 = (SearchResult) directoryNE.next();

            // print DN of entry
            System.out.println("Result.getNameInNamespace: " + result1.getName());
            Attribute foundMail = findMailAttribute(result1.getNameInNamespace());

            if(foundMail != null){
                return foundMail;
            }
        }
        dc.close();
} catch (NamingException e) {
    System.out.println("No Results for: " + targetDomain + "\nProblem: " +     e.getLocalizedMessage() + "  " + e.getCause());
} return null;

}


我们能够为myhealthisp.com返回基本目录的唯一方法是将目录名称(dc = myhealthisp,dc = com)硬编码到基本目录搜索过滤器中(有关我们将代码基于的内容,请参见此内容)。 :http://directory.apache.org/apacheds/manuals/basic-user-guide-1.5.8-SNAPSHOT/html/ch03s03.html#LDAP操作搜索)

当我们的代码搜索onctest.org LDAP服务器时,我们将获得每个namingContexts。

这是onctest.org服务器和myhealthisp.com服务器到Eclipse控制台的输出:

ldap://onctest.org.:10389
Got HERE!
SC1 :javax.naming.directory.SearchControls@4c408bfc
Result.getNameInNamespace: ou=config
Result.getNameInNamespace: dc=example,dc=com
Result.getNameInNamespace: ou=system
Search Result: cn=dts556: null:null:{mail=mail: [email protected],     usercertificate=userCertificate: [B@35e06ba6, objectclass=objectClass: organizationalPerson,     person, inetOrgPerson, top, o=o: onctest, sn=sn: Test Case, cn=cn: dts556}

Service Record: _ldap._tcp.onctEst.org. 86400   IN  SRV 0 0 10389 onctest.org.
ldap://myhealthisp.com.:10389
Got HERE!
No Results for: myhealthisp.com.
Problem: [LDAP: error code 32 - No Such Object]  null
Unable to find certificate at LDAP for: [email protected]
_ldap._tcp.myhealthisp.com. 3600    IN  SRV 0 0 10389 myhealthisp.com.


我们认为是导致以下问题的原因:


JDNI无法对OpenLDAProotDSE objectClass目录进行基本搜索。

最佳答案

通常,匿名绑定没有特权在根目录上执行ldap搜索。每个目录都具有OOTB特权,用于匿名绑定和搜索根目录。对于apache DS,可以通过ldap查询来搜索命名上下文

ldapsearch -h localhost -p 10389 -s base -b“”“(objectclass = *)” namingContexts

但是,子树搜索的一级搜索,例如

ldapsearch -h localhost-p 10389 -s一个-b“” -D“ uid = admin,ou = system” -w secret“(objectclass = *)”

得到以下结果:这是您在jndi程序中所做的:
ldap_search:没有这样的对象
ldap_search:附加信息:NO_SUCH_OBJECT:SearchRequest失败
        baseDn:''
        过滤器:'(2.5.4.0 = *)'
        范围:单级
        typesOnly:假
        大小限制:无限制
        时间限制:无限制
        取消引用别名:从不取消引用别名
        属性:
: 空值

第一个ldapsearch命令的JNDI代码:


import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class SampleLDAPSearch {

  private Attribute getCertFromLdap() {
      String targetDomain = "localhost";
      String port = "10389";

      Hashtable env = new Hashtable();
      env.put(DirContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      SearchControls sc1 = new SearchControls();
      sc1.setSearchScope(SearchControls.OBJECT_SCOPE);
      sc1.setReturningAttributes(new String[] { "namingContexts" });

      try {
          env.put(DirContext.PROVIDER_URL, "ldap://" + targetDomain + ":" + port);

          System.out.println("ldap://" + targetDomain + ":" + port);

          DirContext dc = new InitialDirContext(env);
          NamingEnumeration directoryNE = null;

          System.out.println("Got HERE!");
          directoryNE = dc.search("", "objectclass=*", sc1);

          System.out.println("SC1 :" + sc1);
          while (directoryNE.hasMore()) {
              SearchResult result1 = (SearchResult) directoryNE.next();

              // print DN of entry
              System.out.println("Result.getNameInNamespace: " + result1.getName());
              Attributes attrs = result1.getAttributes();
              Attribute attr = attrs.get("namingContexts");
              System.out.println(attr);

          }
          dc.close();
      } catch (NamingException e) {
          System.out.println("No Results for: " + targetDomain + "\nProblem: " + e.getLocalizedMessage() + "  "
                  + e.getCause());
      }
      return null;

  }

  public static void main(String[] args) {
      SampleLDAPSearch sls = new SampleLDAPSearch();
      sls.getCertFromLdap();
  }
}

10-08 13:02
Powered by LMLPHP ©2024 ldapsearch 0.027203