java如何调用ldap协议【LdapContext】

背景：

做了个系统需要用集团的用户id登录。而集团用户系统是用ldap做的。

关键知识点

1. 设置连接
ctx = new InitialLdapContext(env, connCtls);

2.设置url和查询的子路径
env.put(Context.PROVIDER_URL, URL);// LDAP server
env.put(Context.SECURITY_PRINCIPAL, SEARCHDN);

3. 设置密码
env.put(Context.SECURITY_CREDENTIALS, "password");

4.取得返回值属性
if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
Attributes userInfo = si.getAttributes();
userDN += userInfo.toString();
userDN += "," + BASEDN;
}

5.不需要下载任何第三方办，什么ldapjdk.jar不用的
背景知识：

LDAP是轻量目录访问协议，英文全称是Lightweight Directory Access Protocol，一般都简称为LDAP。它是基于X.500标准的，但是简单多了并且可以根据需要定制。与X.500不同，LDAP支持TCP/IP，这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义，所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到

附源码如下:

package com.domain;

import java.util.Hashtable;

import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class UserAuthenticate {
private String URL = "ldap://localhost:389";
private String SEARCHDN = "CN=alimailfad,OU=service,DC=hz,DC=ali,DC=com";
private String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private String BASEDN = "DC=hz,DC=ali,DC=com";
private LdapContext ctx = null;
private Hashtable env = null;
private Control[] connCtls = null;

private void LDAP_connect() {
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
env.put(Context.PROVIDER_URL, URL);// LDAP server
env.put(Context.SECURITY_PRINCIPAL, SEARCHDN);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_CREDENTIALS, "password");
// 此处若不指定用户名和密码,则自动转换为匿名登录

try {
ctx = new InitialLdapContext(env, connCtls);
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

private String getUserDN(String email) {
String userDN = "";

LDAP_connect();

try {
String filters = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=elbert.chenh))";
String[] returnedAtts = { "distinguishedName",
"userAccountControl", "displayName", "employeeID" };
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

if (returnedAtts != null && returnedAtts.length > 0) {
constraints.setReturningAttributes(returnedAtts);
}
NamingEnumeration en = ctx.search(BASEDN, filters, constraints);
if (en == null) {
System.out.println("Have no NamingEnumeration.");
}
if (!en.hasMoreElements()) {
System.out.println("Have no element.");
} else {
while (en != null && en.hasMoreElements()) {
Object obj = en.nextElement();

if (obj instanceof SearchResult) {
SearchResult si = (SearchResult) obj;
Attributes userInfo = si.getAttributes();
userDN += userInfo.toString();
userDN += "," + BASEDN;
} else {
System.out.println(obj.toString());
}
System.out.println(userDN);
}
}
} catch (Exception e) {
System.out.println("Exception in search():" + e);
}

return userDN;
}

public boolean authenricate(String ID, String password) {
boolean valide = false;
String userDN = getUserDN(ID);
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
System.out.println(userDN + " is authenticated");
valide = true;
} catch (AuthenticationException e) {
System.out.println(userDN + " is not authenticated");
System.out.println(e.toString());
valide = false;
} catch (NamingException e) {
System.out.println(userDN + " is not authenticated");
valide = false;
}

return valide;
}
}