java 查询 AD 报错,请高手解决,急急急急
小弟最近在做一个系统的登录验证,要求从Windows 的 AD中验证,登录名为AD中的sAMAccountName的值,自己配了一台服务器,验证是没有问题的,但访问正式服务器时却抛出异常,请教各位高手,代码如下;
import java.util.Hashtable;
import java.util.List;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
/**
* 验证用户登录
* @throws NamingException
*/
public String validateLogin() throws AMSException, NamingException {
String flag = "";
String responseMsg = "";
// 获取用户名,密码
String userName = this.getParameter("userName");
String password = this.getParameter("password");
String verifyCode = this.getParameter("verifyCode");// 文本框填写的验证码
Control[] connCtls = null;
String userDN = "";
if(null==userName){
flag = "login";
responseMsg = "1";
}else if(null==password){
flag = "login";
responseMsg = "2";
}else if(null==verifyCode){
flag = "login";
responseMsg = "3";
}else{
ServletActionContext.getRequest().setAttribute("userName", userName);
verifyCode = verifyCode.toLowerCase();
AcitiveDirectoryConfig adConfig =new AcitiveDirectoryConfig();
//activedirectory ip
String activedirectoryIP=adConfig.getADConifg("AD_IP");
//activedirectory port
String activedirectoryPort=adConfig.getADConifg("AD_PORT");
String activedirectoryRoot=adConfig.getADConifg("AD_ROOT");
String verifyCodeConfirm=ServletActionContext.getRequest().getSession().getAttribute("random").toString();//servlet生成的验证码
String ad_username = adConfig.getADConifg("AD_USERNAME");
String ad_bindpassword = adConfig.getADConifg("AD_BINDPASSWORD");
Hashtable<String, String> env = new Hashtable<String, String>();
DirContext ctx;
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://"+activedirectoryIP+":"+activedirectoryPort+"/"+activedirectoryRoot);//LDAP server
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ad_username);
env.put(Context.SECURITY_CREDENTIALS, ad_bindpassword);
try{
ctx = new InitialLdapContext(env,connCtls);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
System.out.println("*************************");
NamingEnumeration en = ctx.search("", "sAMAccountName="+userName, constraints);---就这句报异常
ctx.close();
if(en == null){
flag = "login";
responseMsg = "4";
System.out.println("11111111");
}
if(!en.hasMoreElements()){
flag = "login";
responseMsg = "4";
System.out.println("222222222222");
}else{
while (en != null && en.hasMoreElements()){//maybe more than one element
Object obj = en.nextElement();
if(obj instanceof SearchResult){
SearchResult si = (SearchResult) obj;
userDN += si.getName();
userDN += "," + activedirectoryRoot;
System.out.println("userDN==========================="+userDN);
try {
Hashtable<String, String> env1 = new Hashtable<String, String>();
DirContext ctx1;
env1.put(Context.PROVIDER_URL, "ldap://"+activedirectoryIP+":"+activedirectoryPort+"/"+activedirectoryRoot);
env1.put(Context.SECURITY_AUTHENTICATION, "simple");
env1.put(Context.SECURITY_PRINCIPAL, userDN);
env1.put(Context.SECURITY_CREDENTIALS, password);
env1.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
ctx1 = new InitialDirContext(env1);
ctx1.close();
ServletActionContext.getRequest().getSession().setAttribute("LoginUserName", userName);
flag = "validateLogin";
}catch (AuthenticationException e) {
System.out.println("33333333333333333");
flag = "login";
responseMsg = "4";
}catch (NamingException e) {
System.out.println("44444444444444444");
flag = "login";
responseMsg = "5";
}
}
else{
System.out.println("5555555555555555");
flag = "login";
responseMsg = "4";
}
}
}
}catch(AuthenticationException e){
System.out.println("666666666666666");
flag = "login";
responseMsg = "4";
}catch (NamingException e) {
logger.info("NamingException:"+e);
System.out.println("77777777777777777");----这里抛出
flag = "login";
responseMsg = "5";
}
}
ServletActionContext.getRequest().setAttribute("responseMsg", responseMsg);
ServletActionContext.getRequest().getSession().setAttribute("computerinfo", userProcess.getCorp());
return flag;
}
我的做法是先以管理员账号登录进去(好像不容许匿名登录),根据输入的用户名(即sAMAccountName)查到匹配的那条记录(如果有这条记录),得到该用户的cn后,再次连接AD,如果成功,则登录正确,请各位大大指教错误,异常如下
*************************
11-06-10 15:48:40 [INFO ] org.apache.log4j.Logger {UserAction.java:219} - Naming
Exception:javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr:
DSID-031007DB, problem 5012 (DIR_ERROR), data 0
77777777777777777
说明:测试服务器为2003 正式服务器为2008 (不知道有影响没)
在线等结果,急
[解决办法]
我也报这个错 不知道解决没
