差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
java:ldap [2016/03/30 10:15] tony [Test Spring API] |
java:ldap [2023/06/25 09:48] (目前版本) |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| + | {{tag>ldap}} | ||
| ====== LDAP & AD ====== | ====== LDAP & AD ====== | ||
| LDAP & AD都算是老東西了,會開始寫些教學是因為遇到與它的整合。內容隨著我的學習會慢慢增加,如果我有空寫的話~XD。 | LDAP & AD都算是老東西了,會開始寫些教學是因為遇到與它的整合。內容隨著我的學習會慢慢增加,如果我有空寫的話~XD。 | ||
| 行 28: | 行 29: | ||
| ./keytool -delete -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -alias tonytest | ./keytool -delete -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -alias tonytest | ||
| </code> | </code> | ||
| - | ===== TLS already started ===== | + | 修改密碼: |
| - | 在透過Spring Security使用TLS後,會發生TLS already started的例外。經過trace並從網路上[[http://www.openldap.org/faq/data/cache/1063.html|文章]]中發現,這是由於connection pool造成的。目前只要設定LdapContextSource以下內容,即可取消connection pool暫時解決: | + | <code bash> |
| - | <code java> | + | keytool -keystore "C:\Program Files\Java\jre1.8.0_66\lib\security\cacerts" -storepasswd -new newpasswd -storepass changeit |
| - | ldapContextSource.setCacheEnvironmentProperties(false); | + | |
| - | ldapContextSource.setPooled(false); | + | |
| </code> | </code> | ||
| - | 會出現這問題,也有可能你是使用ldaps+636 port去做存取而產生的。(reference [[http://forum.spring.io/forum/spring-projects/data/ldap/19764-tls-and-setupauthenticatedenvironment|link]]) | ||
| - | ===== Test Spring API ===== | ||
| - | <code java> | ||
| - | public class Tester { | ||
| - | public static void main(String[] args) { | ||
| - | try { | ||
| - | LdapContextSource contextSource = new LdapContextSource(); | ||
| - | //contextSource.setUrl("ldap://superserver.tony.org:389"); | ||
| - | //contextSource.setUrl("ldap://superserver.tony.org:389"); | ||
| - | contextSource.setUrl("ldap://10.134.15.131:389"); | ||
| - | contextSource.setBase("DC=tony,DC=org"); | ||
| - | contextSource.setUserDn("CN=admin,DC=tony,DC=org"); | ||
| - | contextSource.setPassword("123456"); | ||
| - | contextSource.afterPropertiesSet(); | ||
| - | |||
| - | DefaultTlsDirContextAuthenticationStrategy strategy = new DefaultTlsDirContextAuthenticationStrategy(){ | ||
| - | @Override | ||
| - | protected void applyAuthentication(LdapContext ctx, String userDn, String password) | ||
| - | throws NamingException { | ||
| - | super.applyAuthentication(ctx, userDn, password); | ||
| - | ctx.addToEnvironment("com.sun.jndi.ldap.read.timeout", "20000"); | ||
| - | } | ||
| - | }; | ||
| - | |||
| - | strategy.setHostnameVerifier(new HostnameVerifier() { | ||
| - | |||
| - | @Override | ||
| - | public boolean verify(String paramString, SSLSession paramSSLSession) { | ||
| - | System.out.println("ignore verify"); | ||
| - | return true; | ||
| - | } | ||
| - | }); | ||
| - | |||
| - | contextSource.setAuthenticationStrategy(strategy); | ||
| - | |||
| - | |||
| - | LdapTemplate ldapTemplate = new LdapTemplate(contextSource); | ||
| - | ldapTemplate.afterPropertiesSet(); | ||
| - | |||
| - | |||
| - | Filter filter = new EqualsFilter("uid", "tonylin"); | ||
| - | |||
| - | boolean authed = ldapTemplate.authenticate("ou=supermicro", filter.encode(), "123456"); | ||
| - | |||
| - | System.out.println("Authenticated: " + authed); | ||
| - | } catch (Exception e) { | ||
| - | e.printStackTrace(); | ||
| - | } finally { | ||
| - | ThreadUtil.sleep(15000); | ||
| - | } | ||
| - | } | ||
| - | |||
| - | } | ||
| - | </code> | ||
| - | <code java> | ||
| - | Hashtable<String, Object> env = new Hashtable<String, Object>(); | ||
| - | env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); | ||
| - | env.put(Context.PROVIDER_URL, "ldap://10.134.15.131:389/dc=tony,dc=org"); | ||
| - | |||
| - | // Authenticate as C. User and password "mysecret" | ||
| - | //env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); | ||
| - | env.put(Context.SECURITY_AUTHENTICATION, "simple"); | ||
| - | env.put(Context.SECURITY_PRINCIPAL, | ||
| - | "cn=admin,dc=tony,dc=org"); | ||
| - | env.put(Context.SECURITY_CREDENTIALS, "123456"); | ||
| - | |||
| - | // Create the initial context | ||
| - | DirContext ctx = new InitialDirContext(env); | ||
| - | |||
| - | NamingEnumeration<SearchResult> srs = ctx.search("", null); | ||
| - | while( srs.hasMore() ){ | ||
| - | SearchResult sr = srs.next(); | ||
| - | System.out.println(sr); | ||
| - | } | ||
| - | |||
| - | ctx.close(); | ||
| - | </code> | ||
| - | <code java> | ||
| - | DirContext ctx = new InitialDirContext(); | ||
| - | try { | ||
| - | Attributes attrs = ctx.getAttributes("ldap://10.134.15.131:389/", new String[]{"supportedSASLMechanisms"}); | ||
| - | System.out.println(attrs); | ||
| - | } finally { | ||
| - | ctx.close(); | ||
| - | } | ||
| - | </code> | ||
| - | <code> | ||
| - | {supportedsaslmechanisms=supportedSASLMechanisms: DIGEST-MD5, CRAM-MD5, NTLM} | ||
| - | </code> | ||
| ===== Articles ===== | ===== Articles ===== | ||
| * [[java:ldap:openldap|OpenLDAP]] | * [[java:ldap:openldap|OpenLDAP]] | ||
| + | * [[java:ldap:jndi|JNDI API]] | ||
| + | * [[java:ldap:spring|Spring API]] | ||
| + | * [[java:dalp:ad:enable_certificate|Enable SSL/TLS on Windows AD]] | ||
| ===== Reference ===== | ===== Reference ===== | ||
| ==== Auth & Security ==== | ==== Auth & Security ==== | ||
| 行 141: | 行 54: | ||
| ==== Integration ==== | ==== Integration ==== | ||
| * [[http://media.community.dell.com/en/dtc/attach/idrac6_directoryservices.pdf|Dell iDRAC6]] | * [[http://media.community.dell.com/en/dtc/attach/idrac6_directoryservices.pdf|Dell iDRAC6]] | ||
| + | |||
| + | ===== ===== | ||
| + | ---- | ||
| + | \\ | ||
| + | ~~DISQUS~~ | ||
