Java Active Directory查询返回不完整的用户列表
作者:互联网
我想用Java列出所有AD用户.我正在使用此代码:
String ldapUri = "ldap://" + serverName;
LdapContext ctx = null;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
//it can be <domain\\userid> something that you use for windows login
//it can also be
env.put(Context.SECURITY_PRINCIPAL, adminName);
try {
env.put(Context.SECURITY_CREDENTIALS, adminPass.getBytes("UTF8"));
env.put(Context.REFERRAL, "follow");
} catch (java.io.UnsupportedEncodingException e) {
log.error("Non-Fatal exception : ", e);
/* ignore */
}
//in following property we specify ldap protocol and connection url.
//generally the port is 389
env.put(Context.PROVIDER_URL, ldapUri);
log.info("AD Server: " + ldapUri + ", admin " + adminName);
ctx = new InitialLdapContext(env, null);
DirContext ctx1 = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
String[] attrIDs = {"distinguishedName", "cn", "name", "uid",
"sn",
"name",
"memberOf",
"displayName",
"userPrincipalName"};
ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration answer = ctx1.search(searchPath, "(&(objectClass=user)(objectCategory=person))", ctls);
while (answer.hasMoreElements()) {
// Process user
SearchResult rslt = (SearchResult) answer.next();
}
该代码在大多数环境中都可以正常工作,但是有一个客户报告说一些用户丢失了.我试图对其进行故障排除,但未列出用户,但使用Active Directory管理员或Active Directory资源管理器列出了用户.
有任何想法吗?
解决方法:
我认为您使用的帐户具有足够的权限.据我所知,默认情况下,任何域控制器实例都将返回1000个对象.您很可能会遇到这种情况.您必须使用LDAP分页才能解决此问题.看一下JNDI页面控件-https://docs.oracle.com/javase/tutorial/jndi/newstuff/paged-results.html.
另外,查看Java论坛https://community.oracle.com/thread/1157644?tstart=0的JNDI代码示例.
希望这可以帮助.
标签:active-directory,java 来源: https://codeday.me/bug/20191119/2036690.html