1. <legend id='3kvJR'><style id='3kvJR'><dir id='3kvJR'><q id='3kvJR'></q></dir></style></legend><tfoot id='3kvJR'></tfoot>
    2. <i id='3kvJR'><tr id='3kvJR'><dt id='3kvJR'><q id='3kvJR'><span id='3kvJR'><b id='3kvJR'><form id='3kvJR'><ins id='3kvJR'></ins><ul id='3kvJR'></ul><sub id='3kvJR'></sub></form><legend id='3kvJR'></legend><bdo id='3kvJR'><pre id='3kvJR'><center id='3kvJR'></center></pre></bdo></b><th id='3kvJR'></th></span></q></dt></tr></i><div id='3kvJR'><tfoot id='3kvJR'></tfoot><dl id='3kvJR'><fieldset id='3kvJR'></fieldset></dl></div>

      <small id='3kvJR'></small><noframes id='3kvJR'>

          <bdo id='3kvJR'></bdo><ul id='3kvJR'></ul>

        无法从 Java 获得与 AD 的连接

        时间:2024-05-10

          <tbody id='0KpSa'></tbody>
          <bdo id='0KpSa'></bdo><ul id='0KpSa'></ul>
          <tfoot id='0KpSa'></tfoot>

            <small id='0KpSa'></small><noframes id='0KpSa'>

            <legend id='0KpSa'><style id='0KpSa'><dir id='0KpSa'><q id='0KpSa'></q></dir></style></legend>

              1. <i id='0KpSa'><tr id='0KpSa'><dt id='0KpSa'><q id='0KpSa'><span id='0KpSa'><b id='0KpSa'><form id='0KpSa'><ins id='0KpSa'></ins><ul id='0KpSa'></ul><sub id='0KpSa'></sub></form><legend id='0KpSa'></legend><bdo id='0KpSa'><pre id='0KpSa'><center id='0KpSa'></center></pre></bdo></b><th id='0KpSa'></th></span></q></dt></tr></i><div id='0KpSa'><tfoot id='0KpSa'></tfoot><dl id='0KpSa'><fieldset id='0KpSa'></fieldset></dl></div>

                • 本文介绍了无法从 Java 获得与 AD 的连接的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我正在尝试从 MS AD 中检索一些信息:特定分支的成员、部门名称、职位、等.

                  我使用了很多示例,包括 Apache Directory LDAP API 和 UnboundID,但我无法与 AD 建立连接.

                  RDN:

                  C:UsersAleksey>哇/fqdnCN=我这里的通用名,OU=我这里的组织单位,OU=此处的组织单元 2,OU=此处的组织单元 1,OU=这里的主要组织单位,DC=.my 域在这里,DC=这里的域 2,DC=这里的主域

                  对于搜索,我使用以下过滤器:

                  公共类 LdapRetriever {公共静态无效主要(字符串[]参数){哈希表环境 = 新哈希表();env.put(上下文.INITIAL_CONTEXT_FACTORY,com.sun.jndi.ldap.LdapCtxFactory");env.put(Context.PROVIDER_URL, "ldap://" +这里是域控制器的ip"+:389");env.put(Context.SECURITY_AUTHENTICATION, "简单");//我也尝试使用以下 SECURITY_PRINCIPAL://我的登录名,我的域我的登录名env.put(Context.SECURITY_PRINCIPAL, "我在这里登录" + "@" +我的域here.domain 2 here.main domain here");env.put(Context.SECURITY_CREDENTIALS, "我的密码在这里");尝试 {DirContext ctx = new InitialLdapContext(env,null);字符串返回Atts[]={"sn","title","department","givenName"};SearchControls searchCtls = new SearchControls();searchCtls.setReturningAttributes(returnedAtts);searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);String searchFilter = "(&(objectClass=user)(cn=*))";字符串搜索基础 =这里 DC=我的域,这里 DC=域 2,这里 DC=主域";NamingEnumeration 答案 = ctx.search(searchBase,searchFilter, searchCtls);...

                  当我使用 env 中的数据创建目录上下文时,出现异常:

                  线程主"javax.naming.AuthenticationException 中的异常:[LDAP:错误代码 49 - 80090308:LdapErr:DSID-0C090334,注释:AcceptSecurityContext 错误,数据 531,vece

                  如果没有指定密码,我会得到以下异常:

                  问题搜索目录:javax.naming.NamingException:[LDAP:错误代码 1 - 00000000:LdapErr:DSID-0C090627,评论:为了执行此操作,必须完成成功的绑定在连接上.,数据0,vece];剩下的名字'这里的 DC=我的域,这里的 DC=域 2,这里的 DC=主域'

                  我已确认我的帐户没有被锁定.

                  根据常见活动目录LDAP绑定错误列表:

                  <块引用>

                  525 找不到用户52e 无效凭证530 此时不允许登录531 不允许在此工作站登录532 密码过期533 账号被禁用701账号已过期773 用户必须重设密码775 用户帐号被锁定

                  就我而言,这意味着:不允许在此工作站登录",但我可以使用相同的凭据登录到域.

                  可能是什么原因?

                  解决方案

                  错误代码 531 很可能与 AD 的配置有关.在某些情况下,用户只能从一个工作站登录,例如您的工作电脑.
                  这是在用户的 userWorkstations 字段中配置的.
                  当您无法使用 RDP 登录您的 AD 时,您需要您的 AD 管理员检查您的帐户是否有此字段,以及 AD 服务器是否包含在您的 userWorkstations 中,或者该字段已被完全删除.

                  I'm trying retrieve some information from MS AD: members of the specific branch, department names, positions, etc.

                  I used a lot of examples, including Apache Directory LDAP API and UnboundID, but I can't get the connection with AD.

                  RDNs:

                  C:UsersAleksey> whoami /fqdn
                         CN=my common name here,
                         OU=my organization unit here,
                         OU=organization unit 2 here,
                         OU=organization unit 1 here,
                         OU=main organization unit here,
                         DC=.my domain here,
                         DC=domain 2 here,
                         DC=main domain here
                  

                  For searching, I use the following filter:

                  public class LdapRetriever {
                      public static void main (String[] args) {
                          Hashtable env = new Hashtable();
                  
                          env.put(Context.INITIAL_CONTEXT_FACTORY, 
                              "com.sun.jndi.ldap.LdapCtxFactory");
                          env.put(Context.PROVIDER_URL, "ldap://" + 
                              "ip of domain controller here" + ":389");
                          env.put(Context.SECURITY_AUTHENTICATION, "simple");
                          // Also I try to use the following SECURITY_PRINCIPAL: 
                          // my login only, my domain my login
                          env.put(Context.SECURITY_PRINCIPAL, "my login here" + "@" + 
                              "my domain here.domain 2 here.main domain here");
                          env.put(Context.SECURITY_CREDENTIALS, "my password here");
                  
                          try {           
                              DirContext ctx = new InitialLdapContext(env,null);
                              String returnedAtts[]={"sn","title","department","givenName"};
                  
                              SearchControls searchCtls = new SearchControls();  
                              searchCtls.setReturningAttributes(returnedAtts);  
                              searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                  
                              String searchFilter = "(&(objectClass=user)(cn=*))";
                              String searchBase = 
                                  "DC=my domain here,DC=domain 2 here,DC=main domain here";
                  
                              NamingEnumeration answer = ctx.search(searchBase, 
                                  searchFilter, searchCtls);
                              ...
                  

                  When I create the directory context by using data from the env I get an exception:

                  Exception in thread "main" javax.naming.AuthenticationException: 
                  [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
                  AcceptSecurityContext error, data 531, vece
                  

                  If the password is not specified, I get the following exception:

                  Problem searching directory: 
                  javax.naming.NamingException:[LDAP:error code 1 - 00000000: 
                  LdapErr: DSID-0C090627, comment: 
                  In order to perform this operation a successful bind must be completed 
                  on the connection., data 0, vece]; remaining name 
                  'DC=my domain here,DC=domain 2 here,DC=main domain here'
                  

                  I have verified that my account is not locked.

                  According the list of common active directory LDAP bind errors:

                  525  user not found 
                  52e  invalid credentials 
                  530  not permitted to logon at this time
                  531  not permitted to logon at this workstation
                  532  password expired 
                  533  account disabled 
                  701  account expired 
                  773  user must reset password 
                  775  user account locked
                  

                  In my case it means: "not permitted to logon at this workstation", but with the same credentials I can logon to the domain.

                  What could be the reason?

                  解决方案

                  The Error Code 531 is most likely related to a configuration of the AD. In some cases a user is restricted to login from only one workstation for example your working pc.
                  This is configured in the userWorkstations field of the user.
                  When you can't login to your AD using RDP you need your AD admin to check your account for this field and that the AD Server is included in your userWorkstations or the field is removed completly.

                  这篇关于无法从 Java 获得与 AD 的连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:如何访问此 LDAP 对象的属性? 下一篇:在容器请求 LDAP 用户角色的过程中挂钩

                  相关文章

                  <tfoot id='Oy2Md'></tfoot>
                  <i id='Oy2Md'><tr id='Oy2Md'><dt id='Oy2Md'><q id='Oy2Md'><span id='Oy2Md'><b id='Oy2Md'><form id='Oy2Md'><ins id='Oy2Md'></ins><ul id='Oy2Md'></ul><sub id='Oy2Md'></sub></form><legend id='Oy2Md'></legend><bdo id='Oy2Md'><pre id='Oy2Md'><center id='Oy2Md'></center></pre></bdo></b><th id='Oy2Md'></th></span></q></dt></tr></i><div id='Oy2Md'><tfoot id='Oy2Md'></tfoot><dl id='Oy2Md'><fieldset id='Oy2Md'></fieldset></dl></div>

                    <small id='Oy2Md'></small><noframes id='Oy2Md'>

                  1. <legend id='Oy2Md'><style id='Oy2Md'><dir id='Oy2Md'><q id='Oy2Md'></q></dir></style></legend>

                      • <bdo id='Oy2Md'></bdo><ul id='Oy2Md'></ul>