I have a JNDI-Connection to a LDAP server (Active Directory in this case). I also ctx.extendedOperation( new StartTlsRequest() )
to get a secure connection.
On this connec开发者_开发百科tion I need to validate credentials. I CAN login using
ctx.addToEnvironment( Context.SECURITY_AUTHENTICATION, "simple" );
ctx.addToEnvironment( Context.SECURITY_PRINCIPAL, principal );
ctx.addToEnvironment( Context.SECURITY_CREDENTIALS, credentials );
However the "bindRequest" command is only issued over ldap upon the next action performed on the JNDI context. Yet there is nothing I want to do with it. I just need to check the credentials. Is there any way to enforce the "bindRequest"?
Otherwise, action should I use as my own NOP? A search for a non-existent object or should I query some attribute of some object that exists or ...? It needs to be fast, it should not create any work on the server side and it should use as few bandwidth as possible. (Because in fact that action should never be nessessary in the first place...)
Regards, Steffen
LdapContext.reconnect() performs an LDAP Bind.
For your NO-OP action you could just search for the root DSE. That should be in memory on the server. If you have access to the BIND request and response, you could include the authorization identity request control in the BIND request. If the server supports this request control (in which case it will be listed in the root DSE), the server will include authorization identity response control in the BIND response. That response control will be the authentication identity of the connection.
As Far as I understand a solution is just to look for the principal in the directory, making a search with a filter like :
(&(objectCategory=person)(sAMAccountName=principal))
If principal is in the form : "user1"
(&(objectCategory=person)(userPrincipalName=principal))
If principal is in the form : "user1@dom.fr"
精彩评论