java LDAP分页查询 解决1000条限制

最新推荐文章于 2024-05-25 14:11:40 发布
最新推荐文章于 2024-05-25 14:11:40 发布
阅读量8.2k 收藏 2
点赞数 3
分类专栏: java 文章标签: LDAP AD JAVA 1000条 
三种解决方法:第一种不好用,希望有高手回帖。第三种没测试,希望有心人帮测。

1、 batch size

Batch Size 

When you invoke list(), listBindings(), or any of the search() methods, 
the LDAP service provider interacts with the LDAP server to retrieve the
 results and returns them in the form of a NamingEnumeration. The LDAP s
ervice provider can collect all the results before returning the NamingE
numeration, or it can return each result as the caller invokes NamingEnu
meration.next() or NamingEnumeration.nextElement(). You can control how 
the LDAP service provider behaves in this respect by using the Context.B
ATCHSIZE ("java.naming.batchsize") environment property. This property c
ontains the string representation of a decimal integer. The LDAP service
 provider uses its value to determine how many results to read from the 
server before unblocking--this number of results is called the batch siz
e--and allowing the client program to get the results by using next() or
 nextElement(). When the client program exhausts the batch, the LDAP ser
vice provider fetches another batch so that the client program can conti
nue with the enumeration. If the batch size is zero, then the service pr
ovider will block until all results have been read. If this property was
 not set, then the default batch size is 1. 

When you invoke search(), for example by using a batch size of n, the LD
AP provider will block until it reads n results from the server before r
eturning. So, setting the batch size to a smaller number allows the prog
ram to unblock sooner. However, some overhead attaches to processing eac
h batch. If you are expecting a large number of results, then you might 
want to use a larger batch size to lower the number of context switches 
between the provider and your code. On the other hand, having a large ba
tch also means that you need more memory to hold the results. These are 
the trade-offs that you'll need to consider when choosing a batch size. 


Here's an example that sets the batch size to 10. 

// Set the batch size to 10

env.put("java.naming.batchsize", "10");

// Create the initial context

DirContext ctx = new InitialDirContext(env);

// Perform the list

NamingEnumeration answer = ctx.list("ou=People"); 

Relationship to SearchControls.setCountLimit()

Note that the Context.BATCHSIZE environment property does not in any way
 affect how many results are returned or the order in which they are ret
urned. It is completely unrelated to SearchControls.setCountLimit().

经过实验,发现这种方法好象没用,不清楚为什么,等有空的时候需要研究一下。


2、paged search

A few other problems that developers come across are queries that return
 either a large number of results, or query that returns a multi-valued 
attribute that contains a large number of values.

Active Directory incorporates a number of controls, that are designed to
 ensure optimim performance of the server and to mitigate denial of serv
ice attacks.

First of all paging. By default, Active Directory restricts the total nu
mber of results that are returned from a LDAP Search to 1000. While this
 limit can be changed by modifying the LDAP Query policy, the recomended
 approach is to use paged results. Note that this ample, which queries f
or all users that have a value for the mail attribute. uses a page size 
of 10, not really an optimal use of either the server or of the network,
 but merely just to demonstrate paging.

Also, the usual security comments apply, you shouldn't hardcode credenti
als in an application, authentication should either use Kerberos (JAAS &
 GSSAPI) or if using simple authentication, secured using SSL or TLS, an
d and any sensitive information communicated between the client and the 
server should also take place over SSL or TLS.

.

/**

 * paged.java

 * 5 July 2001

 * Sample JNDI application that performs a paged search.

 * 

 */

 

import java.util.Hashtable;

import java.util.Enumeration;

 

import javax.naming.*;

import javax.naming.directory.*;

import javax.naming.ldap.*;

import com.sun.jndi.ldap.ctl.*;

 

class paged {

 

public static void main(String[] args) {

 

 

        Hashtable env = new Hashtable();

        String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";

        String adminPassword = "XXXXXXXX";

        String searchBase = "DC=antipodes,DC=com";

        String searchFilter = "(&(objectClass=user)(mail=*))";

        

        
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFact
ory");

 

        //set security credentials, note using simple cleartext 
authentication


        env.put(Context.SECURITY_AUTHENTICATION,"simple");

        env.put(Context.SECURITY_PRINCIPAL,adminName);

        env.put(Context.SECURITY_CREDENTIALS,adminPassword);

                

        //connect to my domain controller

        env.put(Context.PROVIDER_URL, "ldap://mydc.antipodes.com:389");

        try {

 

            // Create the initial directory context

            LdapContext ctx = new InitialLdapContext(env,null);

        

            // Create the search controls       

            SearchControls searchCtls = new SearchControls();

        

            //Specify the attributes to return

            String returnedAtts[]={"sn","givenName","mail"};

            searchCtls.setReturningAttributes(returnedAtts);

        

            //Specify the search scope

            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

 

            //Set the page size and initialize the cookie that we pass back 
in su
bsequent pages

            int pageSize = 10;

            byte[] cookie = null;

 

            //Request the paged results control

            Control[] ctls = new Control[]{new 
PagedResultsControl(pageSize)};

            ctx.setRequestControls(ctls);

 

            //initialize counter to total the results

            int totalResults = 0;

 

            // Search for objects using the filter

 

            do {

                NamingEnumeration results = ctx.search(searchBase, 
searchFilter, sea
rchCtls);

 

                    // loop through the results in each page

 

                    while (results != null && results.hasMoreElements()) {

                SearchResult sr = (SearchResult)results.next();

 

                //print out the name 

                System.out.println("name: " + sr.getName());

 

                //increment the counter

                totalResults++; 

 

                    }

    

    

            // examine the response controls

            cookie = parseControls(ctx.getResponseControls());

 

                    // pass the cookie back to the server for the next page

            ctx.setRequestControls(new Control[]{new 
PagedResultsControl(pageSize
, cookie, Control.CRITICAL) });

 

            } while ((cookie != null) && (cookie.length != 0));

 

    

            ctx.close();

 

            System.out.println("Total entries: " + totalResults);

 

 

            } 

        catch (NamingException e) {

            System.err.println("Paged Search failed." + e);

            }   

        catch (java.io.IOException e) {

            System.err.println("Paged Search failed." + e);

            } 

    }

 

    static byte[] parseControls(Control[] controls) throws NamingException 
{

 

        byte[] cookie = null;

 

        if (controls != null) {

 

                for (int i = 0; i < controls.length; i++) {

                if (controls[i] instanceof PagedResultsResponseControl) {

                    PagedResultsResponseControl prrc = 
(PagedResultsResponseControl)con
trols[i];

                    cookie = prrc.getCookie();

                    System.out.println(">>Next Page \n");

                }

                }

        }

 

        return (cookie == null) ? new byte[0] : cookie;

        }

}

经测试,这种方法可以解决问题

3、range search

Note that if we had requested a multi-valued attribute instead of the su
rname (sn), firstname (givenName) and e-mail (mail) attributes, and if t
hat multi-valued had more than 1000 values, then only the first 1000 val
ues would have been returned, irrespective of whether paged results had 
ben used.

Range retrieval is more evident when retrieving the list of members from
 a group. The list of members in a group is contained in the member attr
ibute. If there are more than 1000 values in the member attribute, then 
you must use range retrieval to return all the members.

Information on range retrieval can be found at http://msdn.microsoft.com
/library/default.asp?url=/library/en-us/adsi/adsi/attribute_range_retrie
val.asp

The following JNDI sample illustrates the retrieval of members from a gr
oup, using range retrieval. In this case querying for the list of member
s of a group called "All Research" in the Active Directory.

/**

 * range.java

 * December 2004

 * Sample JNDI application to demonstrate range retrieval 

 * 

 */

 

import java.util.Hashtable;

import javax.naming.*;

import javax.naming.ldap.*;

import javax.naming.directory.*;

import com.sun.jndi.ldap.ctl.*;

 

//if we were going to do this properly, should check that the server sup
ports

//the range retrieval control 1.2.840.113556.1.4.802 !

 

public class range  {

    public static void main (String[] args) {

    

        Hashtable env = new Hashtable();

        String adminName = "CN=Administrator,CN=Users,DC=ANTIPODES,DC=COM";

        String adminPassword = "XXXXXX";

        

        
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFact
ory");

        //set security credentials, note using simple cleartext 
authentication


        env.put(Context.SECURITY_AUTHENTICATION,"simple");

        env.put(Context.SECURITY_PRINCIPAL,adminName);

        env.put(Context.SECURITY_CREDENTIALS,adminPassword);

                

        //connect to my domain controller

        env.put(Context.PROVIDER_URL,"ldap://mydc.antipodes.com:389");

        

        try {

 

            // Create the initial directory context

            LdapContext ctx = new InitialLdapContext(env,null);

        

            // Create the search controls       

            SearchControls searchCtls = new SearchControls();

        

            //Specify the search scope

            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

 

            //specify the LDAP search filter

            String searchFilter = "(&(objectClass=group)(CN=All Research))";

 

            //Specify the Base for the search

            String searchBase = "DC=antipodes,DC=com";

 

            //initialize counter to total the group members and range values

            int totalResults = 0;

            int Start = 0;

            int Step = 10;

            int Finish = 9;

            boolean Finished = false;

            String Range;

 

            //loop through the query until we have all the results

            while (!Finished) {     

            

                //Specify the attributes to return

                Range = Start + "-" + Finish;

                String returnedAtts[]={"member;Range=" + Range};

                searchCtls.setReturningAttributes(returnedAtts);

        

                //Search for objects using the filter

                NamingEnumeration answer = ctx.search(searchBase, 
searchFilter, sear
chCtls);

 

                //Loop through the search results

                while (answer.hasMoreElements()) {

                    SearchResult sr = (SearchResult)answer.next();

 

                    System.out.println(">>>" + sr.getName());

 

                    //Print out the members

 

                    Attributes attrs = sr.getAttributes();

                    if (attrs != null) {

 

                        try {

                            for (NamingEnumeration ae = 
attrs.getAll();ae.hasMore();) {

                                Attribute attr = (Attribute)ae.next();

 

                                //check if we are finished

                                if (attr.getID().endsWith("*")) {

                                    Finished=true;

                                }

 

                                System.out.println("Attribute: " + 
attr.getID());

                                for (NamingEnumeration e = 
attr.getAll();e.hasMore();totalResult
s++) {

 

                                    System.out.println("   " + totalResults 
+ ". " + e.next());

                                }

                            }

 

                        }    

                        catch (NamingException e)   {

                            System.err.println("Problem printing 
attributes: " + e);

                        }

                

                        Start = Start + Step;

                        Finish = Finish + Step;

 

                    }

                }

            }

 

            System.out.println("Total members: " + totalResults);

            ctx.close();

 

        } 

        catch (NamingException e) {

            System.err.println("Problem searching directory: " + e);

        }

    }

}
哈根达斯VIP
关注
  • 3
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 7
    评论
专栏目录
LDAP查询分页,基于迭代器的查询分页
xueliang59211的专栏
08-25 1628
      LDAP服务器端可以支持分页查询,但是有个前提件,需要客户端先发送按关键字排序的指令后,才能执行分页查询。排序的过程是比较耗费时间的,需要对服务器做很多优化的操作。       我的方法是在迭代结果集的时候实现分页,见代码:   package ldap.page; import java.util.ArrayList; import java.util.Enumera...
java ldap 分页_java LDAP分页查询 解决1000限制
weixin_34395361的博客
02-12 973
三种解决方法:第一种不好用,希望有高手回帖。第三种没测试,希望有心人帮测。1、 batch sizeBatch SizeWhen you invoke list(), listBindings(), or any of the search() methods,the LDAP service provider interacts with the LDAP server to retrieve ...
java连接ldap实现用户查询功能
最新发布
刘大猫
05-25 734
我们公司原项目是Spring或者SpringBoot项目,现在假设收购了一家公司(人家所有账户信息都保存在ldap数据库中),现在需要把它集成进来,最终实现项目支持两种方式认证:必须先创建组,然后才能创建组下用户,不然cn=ldapUser1,ou=Develop,ou=Hytera,dc=yaobili,dc=com这么写是非法的 我创建了2个账户,ldapUser1账户1密码未加密Eadmin123456,ldapUser2账户2密码加密了设置的{SSHA}J3NuHvl3O8LdPuV2QFYc2pP
JPA中动态SQL查询件值为列表,其中列表长度大于1000时 报错处理
PiaoYoung's blog of CSDN
04-24 1538
JPA中动态SQL的查询件为in中的长度大于1000时 报错处理逻辑: 测试方法: @Test public void contextLoads2() { Integer pageNum = 1; // 当前页 Integer pageSize = 100; // 页大小 // 模拟构造参数 List<String> paramList = Lists.newArrayList(); ...
C#解决Ldap查询1000限制
chenwei0731的博客
12-19 1822
C# LDAP查询解决默认1000限制 最近有个项目需要获取指定ou下的AD用户,作为一个小白,刚接触ldap查询,不知道其中的水深。以为可以使用ldap查询(如下代码)可以直接查出ou下的所有用户。 private const string domainName = "**.com"; private const string adAdmin = "administra...
Java 读取AD域用户,解决只能最大查询到1000(MaxPageSize)记录数问题
m0_37817986的博客
02-02 2011
Java使用LdapContext查询AD域用户,发现只能查询到1000个(实际2000多)。查询资料发现这是受AD域设置的MaxPageSize参数影响,解决办法有两种。 方式一:直接扩大AD域的MaxPageSize,比如设置成10000。参考操作文档及说明。 方式二:方法一官方不推荐使用,若可以修改程序代码,推荐可以使用方法二。进行分页读取,关键代码如下: //初始化LdapContext对象 LdapContext ldapCtx = new InitialLdapContext(env, null
Java学习笔记:限制查询数及排重
薛定谔的猫
10-01 309
名的学生”、“检索工资水平排在第3位到第7位的员工信息”、分页查询。快速生成多行,将查询到的结果又插入到新行中。从第2行(0开始)取最多3数据。1、说“检索成绩排前三。从第二开始获取4
java 找到ad uo,突破AD查询1000限制
weixin_39992312的博客
03-20 289
在测试中,常遇到需要测试我们系统的AD/LDAP大用户量展现和下载功能,但win2003server似乎限制该查询数量为1000,使用包括ldap browser在内的工具,也不能将我们AD server上面的10000用户展现完全。其实这个问题在微软的网站已经给出了解决方案,在微软网站搜索“ad 1000“就能找到:其原因是windows2003server出于性能负荷的考虑,将LDAP查询的数...
Ldap 分页问题
08-04
标题中的“Ldap 分页问题”指的是在使用 Lightweight Directory Access Protocol (LDAP) 进行数据检索时遇到的分页查询挑战。LDAP 是一种用于访问和管理分布式目录服务的标准协议,常用于存储用户账户、组信息和其他...
LDAP.rar_java ldap_ldap_ldap java
09-19
5. **启动与测试**:启动SUN LDAP服务器,并使用`ldapsearch`或Java LDAP API进行测试查询,确保服务器工作正常。 6. **安全管理**:配置访问控制策略,设置用户权限和认证机制。 **使用Java与SUN LDAP交互** 在...
Java LDAP Server-开源
07-10
通过Java LDAP Server,开发者可以构建自己的目录服务系统,为组织提供灵活的身份验证和数据检索解决方案。 首先,让我们深入了解一下LDAPLDAP的核心功能是作为一个中央存储库,用于存储和检索用户账户、组、权限...
java连接LDAP的jar包和实例
04-09
下面是一个简单的使用jLDAP进行SSL连接并查询LDAP目录的Java代码示例: ```java import com.novell.ldap.*; public class LDAPSSLExample { public static void main(String[] args) { String ldapUrl = "ldaps:...
java类实现大规模数据的分页
luckygll的专栏
07-12 4444
今天上班,遇到分页的难题,我的工作到目前为止,只实现了一个关于海量数据的分页提取,就是这样(List)getSqlMapClientTemplate().queryForList("testquestion.listTestquestionByTitle",param, **,
SpringJPA 做分页件查询
TaoShao521的博客
03-24 1157
相信小伙伴们的项目很多都用到SpringJPA框架的吧,对于单表的增删改查利用jpa是很方便的,但是对于件查询并且分页 是不是很多小伙伴不经常写到. 今天我整理了一下在这里分享一下.@Autowired@Service@Autowired//创建一个Pageable对象,其中包含了请求的页码(productInstParams.getPageNo()),每页大小(productInstParams.getPageSize()),排序规则以及排序字段名。
AD查询1000限制解决方案
哈特中尉
03-30 549
  公司的一个项目要从AD上取数据,为了测试性能,批量在AD上创建了2000多个用户。但是用java程序获取所有用户的时候会报错或者只能取到1000数据。   用com.novell.ldap.LDAPConnection.search()方法查询的时候最多返回1000数据。 用org.springframework.ldap.core.LdapTemplate.search()方法的...
LDAP超过1000数量的数据查询
weixin_40620337的博客
01-09 812
LDAP超过1000数量的数据查询
【已解决】Navicat for mysql只显示1000记录
Sevieryang/FinTech/Statistics/Quant
12-20 7420
原因是navicat分页,一页只能显示1000行,超出1000行就在下一页显示,点击右下角的向左向右箭头就可以看到其他部分的数据了。 也可以通过工具–&amp;gt;选项–&amp;gt;数据&amp;amp;网格–&amp;gt;限制记录,来修改默认值。调整一页显示的行数数量。 ...
Java ldap 根据ip 查询信息
05-13
要根据 IP 查询 LDAP 中的信息,需要进行以下步骤: 1. 确定 LDAP 服务器的地址和端口号。 2. 使用 JavaLDAP API 连接 LDAP 服务器。 3. 构造一个 LDAP 查询对象,设置查询件为 IP。 4. 发送查询请求,并获得结果集。 5. 遍历结果集,获取相应的信息。 以下是一个基本的示例代码: ```java import javax.naming.*; import javax.naming.directory.*; public class LdapQuery { public static void main(String[] args) { String ldapUrl = "ldap://ldap.example.com:389"; // LDAP 服务器地址和端口号 String baseDn = "dc=example,dc=com"; // LDAP 根节点 String ip = "192.168.1.1"; // 要查询的 IP try { // 连接 LDAP 服务器 DirContext ctx = new InitialDirContext(); ctx.addToEnvironment(Context.PROVIDER_URL, ldapUrl); // 构造查询件 String filter = "(ipAddress=" + ip + ")"; // 发送查询请求 NamingEnumeration<SearchResult> results = ctx.search(baseDn, filter, null); // 遍历结果集 while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); Attribute attr = attrs.get("cn"); // 假设要获取 cn 属性 String value = (String) attr.get(); System.out.println(value); } // 关闭 LDAP 连接 ctx.close(); } catch (NamingException e) { e.printStackTrace(); } } } ``` 注意,上述代码仅供参考,具体实现需要根据自己的 LDAP 服务器和数据结构进行调整。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 7
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值