@[toc]
背景
亲测可用,之前搜索了很多博客,啥样的都有,就是不介绍报错以及配置用处,根本不懂照抄那些配置是干啥的,稀里糊涂的按照博客搭完也跑不起来,因此记录这个。
项目背景:公司项目当前采用 http 协议+shiro+mysql 的登录认证方式,而现在想支持 ldap 协议认证登录然后能够访问自己公司的项目网站。
举例说明:假设我们公司有自己的门户网站,现在我们收购了一家公司,他们数据库采用 ldap 存储用户数据,那么为了他们账户能登陆我们公司项目所以需要集成,而不是再把他们的账户重新在 mysql 再创建一遍,万一人家有 1W 个账户呢,不累死了且也不现实啊。
需要安装 openldap+kerberos,且 ldap 和 kerberos 安装在同一台服务器上,当前版本如下:
另外介绍下我的 Spring 各个版本:
Spring Security:4.2.3.RELEASE
Spring Version:4.3.9.RELEASE
SpringBoot Version:1.4.7.RELEASE
注意点1:我之所以选这么旧的版本,是因为我最后要在自己项目集成,我们项目就是上面版本附近的,所以不能选太高版本,这点请注意各版本之间的兼容性问题。详情可看这篇博客介绍兼容版本:https://zhuanlan.zhihu.com/p/652895555
注意点2:如果里面的某些配置不知道在哪或者不知道干啥的,可以看我的前面的博客,详细介绍了安装配置等,可以大致了解参数。
报错
完整错误
org.springframework.ldap.InvalidNameException: [LDAP: error code 34 - invalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:136) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:363) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:147) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:166) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:361) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:332) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:608) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:598) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:486) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:502) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:518) at com.ldap.LdapTest.listUsers(LdapTest.java:31) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:74) at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:84) at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75) at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86) at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97) at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70) at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at org.junit.runners.ParentRunner.run(ParentRunner.java:413) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190) at org.junit.runner.JUnitCore.run(JUnitCore.java:137) at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69) at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:33) at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:220) at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:53)Caused by: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3095) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:351) ... 41 more
复制代码
代码长这样:
application.properties
spring.ldap.urls=ldap://10.110.38.162:389spring.ldap.username=adminspring.ldap.password=123456spring.ldap.base=dc=node3,dc=com
复制代码
LdapTest
@Testpublic void listUsers() throws NoSuchAlgorithmException { AndFilter filter = new AndFilter(); filter.and(new EqualsFilter("objectClass", "inetOrgPerson"));
List<LdapUser> users = ldapTemplate.search("ou=People,dc=hdp", filter.encode(), new LdapUserAttributeMapper()); for (LdapUser user: users ) { System.out.println("user: " + user); System.out.println("userPassword:" + user.getUserPassword()); System.out.println(verifySHA(user.getUserPassword(), "123456")); }}
复制代码
错误原因:配置文件中 spring.ldap.username 这里错了,因为我创建了 admin 管理员账户,但是这里我不知道是输入 admin 啊还是输入完整 dn
解决方案:此处应该输入完整 dn:spring.ldap.username=cn=admin,dc=node3,dc=com
本人其他相关文章链接
1.Centos7.9安装openldap2.Centos7.9安装kerberos3.Openldap集成Kerberos4.Centos7.9安装phpldapadmin5.java连接ldap实现用户查询功能6.java连接kerberos用户认证7.javax.security.auth.login.LoginException: Unable to obtain password from user8.javax.security.auth.login.LoginException: null (68)9.javax.security.auth.login.LoginException: Message stream modified (41)10.javax.security.auth.login.LoginException: Checksum failed11.javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication info12.javax.security.auth.login.LoginException: Cannot locate KDC13.javax.security.auth.login.LoginException: Receive timed out14.java: 无法访问org.springframework.context.ConfigurableApplicationContext15.LDAP: error code 34 - invalid DN16.LDAP: error code 32 - No Such Object17.java: 无法访问org.springframework.ldap.core.LdapTemplate
![[LDAP: error code 34 - invalid DN]_人工智能_刘大猫_InfoQ写作社区](https://static001.infoq.cn/static/infoq/img/logo-121-75.yuij86g.png){kind=logo}
评论