My specific problem is that when I attempt to bind with t开发者_开发知识库he following full dn, all is well
new LDAPConnection().bind(LDAPConnection.LDAP_V3,
"uid=me@wherever.com,ou=Lev1,ou=Lev2,o=Company", "secret".getBytes());
however, when I attempt to bind with an incomplete dn, I am getting an Invalid Credentials exception.
new LDAPConnection().bind(LDAPConnection.LDAP_V3,
"uid=me@wherever.com,ou=Lev1,o=Company", "secret".getBytes());
Is their some form of wildcarding that is possible, such as "uid=me@wherever.com,ou=Lev1,ou=*,o=Company"?
No. It sounds like you might be confusing bind() with search(). bind() is authentication against the directory, like logging in. Binding with a wildcarded dn would be like having a login with a wildcarded username. Doesn't really make sense.
To do a wildcard like this you have to do a search first and select which one you want to perform the bind. This may mean you need to bind with an id which can perform the search. ;)
No, the use of wildcards is not possible in the way you describe. However, SASL provides a mechanism to accomplish the desired behavior. Your directory server administrator may be able to configure the directory server to map identities to an authorization ID wherein the client need not know the distinguished name of the identity with which to authenticate the LDAP connection. Professional-quality directory server software will provide a variety of identity mapping capabilities.
精彩评论