java获取活动目录RootDSE

本文介绍了java获取活动目录RootDSE的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试使用 java 获取 Active Directory rootDSE.这是我迄今为止尝试过的:

I am trying to get Active Directory rootDSE using java. Here is what I have attempted so far:

public class RootDSE {

    public DirContext context;
    public Attributes attributes;
    public NamingEnumeration enumerations;

    public RootDSE()
    {
        try {
            this.context = new InitialDirContext();
            this.attributes = context.getAttributes(
                "ldap://192.168.122.115", new String[]{"*"}
            );
            this.enumerations = this.attributes.getIDs();
            while(this.enumerations != null && this.enumerations.hasMore()) {
                String nextAttribute = (String)this.enumerations.next();
                System.out.println(attributes.get(nextAttribute));
            }
            context.close();
        } catch (NamingException e) {
            e.printStackTrace();
        }
    }
}

(我已经注释了 import 以使阅读更容易.我只是通过创建 RootDSE 对象来启动代码:

(I have commented the imports to make the reading easier.I launch the code by just creating the RootDSE object:

RootDSE dse = new RootDSE();
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090728, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580

我已经执行了经过身份验证的 ldap 请求，因此已授予网络连接和对目录服务的访问权限.而且，rootDSE 请求应该是匿名的吗?不需要执行successful bind"来获取它?

I have already performed authenticated ldap requests, so the network connectivity and access to directory service is granted. Moreover, rootDSE requests should be anonymous? It shouldn't be necessary to perform a "successful bind" to get it?

谁能解释为什么我会收到这个错误，以及如何解决它?

Can someone explain why am I getting this error, and how to solve it?

非常感谢！

推荐答案

这是 AD 特有的问题，并且与 Java 的 JNDI LDAP 实现有冲突，Java 的 JNDI LDAP 实现在默认情况下假定 LDAPv3 服务器支持 RFC3296，但 AD 不支持.这导致报告的 - 也许不是那么直观 - 来自 AD 的错误消息.

This is a problem specific to AD and a clash with Java's JNDI LDAP implementation which kinda by default assumes that an LDAPv3 server supports RFC3296, yet AD doesn't. This results in the reported - perhaps not that intuitive - error message from AD.

解决方案:根据此答案，您需要在上下文.

Resolution: as per this answer you need to set Context.REFERRAL property on the context.

因此，像这样初始化你的上下文:

Therefore, initialize your context like this:

Properties props = new Properties();
props.setProperty(Context.REFERRAL, "throw");  // any other allowed value than the default ('ignore') will do
this.context = new InitialDirContext(props);

这篇关于java获取活动目录RootDSE的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！