12 Replies Latest reply on Dec 10, 2007 1:50 AM by 702619

    利用LDAP实现BEA Portal用户验证的实现方法

    702619
      以下是我们项目中用到的利用LDAP实现BEA Portal用户验证的实现方法,现贴出来,供大家参考。
        • 2. Re: 利用LDAP实现BEA Portal用户验证的实现方法
          702619
          LDAP怎么用啊
          我想用LDAP和Portal联系起来实现用户验证,但我不会用LDAP不知道怎么安装,配置!
          • 3. Re: 利用LDAP实现BEA Portal用户验证的实现方法
            702619
            to xinguangduan
            你的贴子中在weblogic console中配置iPlanet LDAP时其中的委托人那一项应该对应着sun one LDAP中的什么呀,我不知道该怎么添,一直和sun one LDAP配置不上,请帮帮忙!
            • 4. Re: 利用LDAP实现BEA Portal用户验证的实现方法
              702619
              我还是不知道对应着LDAP中的哪一项
              你说的ldap中的用户的根uid=amadmin,ou=people,dc=digitalchina,dc=com
              该在哪配置呢?是Bind DN 这一项吗?我在这写的还是连不上!
              • 5. Re: 利用LDAP实现BEA Portal用户验证的实现方法
                702619
                你说得ldap中得DN是哪一项啊是在Bind DN 中添得吗?我得是这样添的
                uid=admin,ou=people,dc=iis,dc=com
                我试了很多次了,还是不对!
                • 7. Re: 利用LDAP实现BEA Portal用户验证的实现方法
                  702619
                  8错,正需要!

                  谢谢了!
                  • 11. Re: 利用LDAP实现BEA Portal用户验证的实现方法
                    702619
                    楼主,请教个问题。我在使用active directory做验证时,发现一个奇怪的问题。当在ad服务器端更改用户密码后,再使用验证程序进行验证。结果,新旧密码在半小时之内都可以使用。旧密码半小时后才过期。
                    最先我怀疑是wls安全领域配置问题,所以在一台没有wls环境的PC上进行验证,结果依然如旧。

                    不知何解



                    ------------------------------------------------以下是程序-----------------------------------------------------------
                    /**
                    * ldapfastbind.java
                    *
                    * Sample JNDI application to use Active Directory LDAP_SERVER_FAST_BIND connection control
                    *
                    */

                    import java.util.Hashtable;

                    import javax.naming.AuthenticationException;
                    import javax.naming.Context;
                    import javax.naming.NamingException;
                    import javax.naming.ldap.Control;
                    import javax.naming.ldap.InitialLdapContext;
                    import javax.naming.ldap.LdapContext;

                    class FastBindConnectionControl implements Control {
                         /**
                         *
                         */
                         private static final long serialVersionUID = 1L;

                         public byte[] getEncodedValue() {
                              return null;
                         }

                         public String getID() {
                              return "1.2.840.113556.1.4.1781";
                         }

                         public boolean isCritical() {
                              return true;
                         }
                    }

                    public class LdapFastBind {
                         public Hashtable env = null;

                         public LdapContext ctx = null;

                         public Control[] connCtls = null;

                         public LdapFastBind(String ldapurl) {
                              env = new Hashtable();
                              env.put(Context.INITIAL_CONTEXT_FACTORY,
                                        "com.sun.jndi.ldap.LdapCtxFactory");
                              env.put(Context.SECURITY_AUTHENTICATION, "simple");
                              env.put(Context.PROVIDER_URL, ldapurl);
                              connCtls = new Control[] { new FastBindConnectionControl() };
                              // first time we initialize the context, no credentials are supplied
                              // therefore it is an anonymous bind.
                              try {
                                   ctx = new InitialLdapContext(env, connCtls);
                              } catch (NamingException e) {
                                   System.out.println("Naming exception " + e);
                              }
                         }

                         public boolean Authenticate(String username, String password) {
                              try {
                                   ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
                                   ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
                                   ctx.reconnect(connCtls);
                                   System.out.println(username + " is authenticated");
                                   return true;
                              } catch (AuthenticationException e) {
                                   System.out.println(username + " is not authenticated");
                                   return false;
                              } catch (NamingException e) {
                                   System.out.println(username + " is not authenticated");
                                   return false;
                              }
                         }

                         public void finito() {
                              try {
                                   ctx.close();
                                   System.out.println("Context is closed");
                              } catch (NamingException e) {
                                   System.out.println("Context close failure " + e);
                              }
                         }
                    }
                    ----------------------------------------------这是客户端程序--------------------------------------
                    /**
                    * fastbindclient.java
                    *
                    * Sample JNDI application to use LDAP_SERVER_FAST_BIND connection control
                    *
                    * This is just a test harness to invoke the ldapfastbind methods
                    */
                    import com.sun.jndi.ldap.*;
                    class FastBindClient {
                         public static void main(String[] args) {
                              // Could also use ldaps over port 636 to protect the communication to
                              // the
                              // Active Directory domain controller. Would also need to add
                              // env.put(Context.SECURITY_PROTOCOL,"ssl") to the "server" code
                              String ldapurl = "ldap://10.192.174.36:389";
                              boolean IsAuthenticated = false;
                              LdapFastBind ctx = new LdapFastBind(ldapurl);
                              IsAuthenticated = ctx
                                        .Authenticate("HL\\test", "qwerqwer");
                              IsAuthenticated = ctx
                              .Authenticate("hl\\test", "123456");
                              ctx.finito();
                         }
                    }

                    结果都为true


                    该帖由 pythons 在 Dec 8, 2007 3:28 PM 编辑过
                    • 12. Re: 利用LDAP实现BEA Portal用户验证的实现方法
                      702619
                      是个奇怪的问题,我在没有wls的环境下,写了个应用测试,还是有这个问题。莫名了