public class LDAPAuthentication {
private final String URL = "ldap://ldapserver:389/";
private final String BASEDN = "ou=people,o=xxx.com.cn";
private final String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private LdapContext ctx = null;
private final Control[] connCtls = null;
private void LDAP_connect() {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
env.put(Context.PROVIDER_URL, URL + BASEDN);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
// 此处若不指定用户名和密码,则自动转换为匿名登录
try {
ctx = new InitialLdapContext(env, connCtls);
} catch (javax.naming.AuthenticationException e) {
System.out.println("验证失败:" + e.toString());
} catch (Exception e) {
e.printStackTrace();
}
}
private String getUserDN(String uid) {
String userDN = "";
LDAP_connect();
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> en = ctx.search("", "uid=" + uid, constraints);
if (en == null || !en.hasMoreElements()) {
System.out.println("未找到该用户");
}
// maybe more than one element
while (en != null && en.hasMoreElements()) {
Object obj = en.nextElement();
if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
userDN += si.getName();
userDN += "," + BASEDN;
} else {
System.out.println(obj);
}
}
} catch (Exception e) {
System.out.println("查找用户时产生异常。");
e.printStackTrace();
}
return userDN;
}
public boolean authenricate(String UID, String password) {
boolean valide = false;
String userDN = getUserDN(UID);
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
System.out.println(userDN + " 验证通过");
valide = true;
} catch (AuthenticationException e) {
System.out.println(userDN + " 验证失败");
System.out.println(e.toString());
valide = false;
} catch (NamingException e) {
System.out.println(userDN + " 验证失败");
valide = false;
}
return valide;
}
public static void main(String[] args) {
String uid = "username", password = "password";
LDAPAuthentication _this = new LDAPAuthentication();
_this.authenricate(uid, password);
}
}