Here is the code I use:
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.SECURITY_PRINCIPAL, "Administrator@ABC");
environment.put(Context.SECURITY_CREDENTIALS, "testing123");
environment.put(Context.PROVIDER_URL, "ldap://192.168.64.222");
DirContext dirContext = new InitialDirContext(environment);
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration searchResults = dirContext.search("cn=users,dc=ABC,dc=DEF,dc=COM", "(&(objectClass=user))", searchControls);
while (searchResults.hasMore()) {
SearchResult searchResult = (SearchResult) searchResults.next();
Attributes attributes = searchResult.getAttributes();
System.out.println(attributes.get("userPassword"));
}
dirContext.close();
And the result I get:
null
userPassword: [B@开发者_如何学Python13a328f
userPassword: [B@1cd8669
userPassword: [B@337838
null
...
null
userPassword: [B@18a47e0
null
...
The answer is because it's certainly not provisioned.
The explanation is that userPassword
attribute is not the native attribute to put password in Active-Directory. The native attribute is unicodePwd which is a special attribute you CAN write thru LDAPS, but you CAN'T read thru LDAP.
According to Microsft documentation about userPassword this attribute can behave as a normal attribute or behave like unicodePwd attribute, all depends on the configuration of your Active-Directory or your Lightweight Directory Service (LDS).
As far as I know, by default dSHeuristics is false and most of the time it's not set at all, you can see it in :
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,Root domain in forest
So that's why I think that userPassword is just not set by some provisionning in your infrastructure.
精彩评论