另一种方法是使用未绑定ID https://www.unboundid.com/products/ldap-sdk/。它的 api 非常易读且简短
创建 LDAP 连接
public static LDAPConnection getConnection() throws LDAPException {
// host, port, username and password
return new LDAPConnection("com.example.local", 389, "[email protected] /cdn-cgi/l/email-protection", "admin");
}
获取筛选结果
public static List<SearchResultEntry> getResults(LDAPConnection connection, String baseDN, String filter) throws LDAPSearchException {
SearchResult searchResult;
if (connection.isConnected()) {
searchResult = connection.search(baseDN, SearchScope.ONE, filter);
return searchResult.getSearchEntries();
}
return null;
}
获取所有组织单位和容器
String baseDN = "DC=com,DC=example,DC=local";
String filter = "(&(|(objectClass=organizationalUnit)(objectClass=container)))";
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
获取特定的组织单位
String baseDN = "DC=com,DC=example,DC=local";
String dn = "CN=Users,DC=com,DC=example,DC=local";
String filterFormat = "(&(|(objectClass=organizationalUnit)(objectClass=container))(distinguishedName=%s))";
String filter = String.format(filterFormat, dn);
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
获取组织部门下的所有用户
String baseDN = "CN=Users,DC=com,DC=example,DC=local";
String filter = "(&(objectClass=user)(!(objectCategory=computer)))";
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
获取组织单位下的特定用户
String baseDN = "CN=Users,DC=com,DC=example,DC=local";
String userDN = "CN=abc,CN=Users,DC=com,DC=example,DC=local";
String filterFormat = "(&(objectClass=user)(distinguishedName=%s))";
String filter = String.format(filterFormat, userDN);
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
显示结果
for (SearchResultEntry e : results) {
System.out.println("name: " + e.getAttributeValue("name"));
}