ldap

问题 I add users through LDAP for a certain application, made with spring. While this works for most of the cases, in some cases, it does not work... The retrieve the users I use: public class LdapUserServiceImpl implements ILdapUserService { @Override public List<LdapUserVO> getUserNamesByQuery(String query) { return ldapTemplate.search( query().countLimit(15) .where("objectClass").is("user") .and("sAMAccountName").isPresent() .and(query() .where("sAMAccountName").like("*" + query + "*") .or(

问题 I am obtaining a kerberos ticket with the following code: String client = "com.sun.security.jgss.krb5.initiate"; LoginContext lc = new LoginContext(client, new CallbackHandler() { @Override public void handle(Callback[] arg0) throws IOException, UnsupportedCallbackException { System.out.println("CB: " + arg0); } }); lc.login(); System.out.println("SUBJ: " + lc.getSubject()); This code works fine, I get a subject that shows my user ID. The problem I'm having is now I need to know whether the

问题 I am parsing XML, with simplexml_load_string() , and using the data within it to update Active Directory (AD) objects, via LDAP. Example XML (simplified): <?xml version="1.0" encoding="UTF-8"?> <users> <user>Bìlbö Bággįnš</user> <user>Gãńdåłf Thê Gręât</user> <user>Śām Wīšë</user> </users> I firstly run an ldap_search() to find a single user and then proceed to change their attributes. Pumping the above values straight into AD, using LDAP, will result in some pretty mangled characters showing

问题 So, when running: sudo apt-get install krb5-user You are asked to enter the AD/LDAP domain. The problem is that I want this to be able to be run as a startup script for my machines. Is there any way to either pass the domain in as a parameter or disable the interaction and set up krb5-user after? Thanks 回答1: For an unattended installation try setting DEBIAN_FRONTEND variable to noninteractive with: export DEBIAN_FRONTEND=noninteractive And pass the -y flag to apt-get: apt-get install -y krb5

问题 Here is my scenario. I have an MVC 5 application that uses Owin as an authentication mechanism. The default template calls the SignInManager.PasswordSignInAsync in the Login action which I would like to overwrite to use LDAP to validate the user instead of looking into the database. I am able to do the validation via: PrincipalContext dc = new PrincipalContext(ContextType.Domain, "domain.com", "DC=domain,DC=com", "user_name", "password"); bool authenticated = dc.ValidateCredentials(userName,

问题 I am trying to simulate Active Directory's memberOf attribute in Apache Directory. I have added the following entry for memberOf to my LDIF file: dn: m-oid=1.3.6.1.4.1.18060.0.4.3.2.1,ou=attributeTypes,cn=other,ou=schema m-usage: USER_APPLICATIONS m-equality: distinguishedNameMatch objectClass: metaAttributeType objectClass: metaTop objectClass: top m-name: memberOf m-oid: 1.3.6.1.4.1.18060.0.4.3.2.1 m-obsolete: FALSE m-noUserModification: FALSE m-syntax: 1.3.6.1.4.1.1466.115.121.1.27 When I

问题 I'm trying to make an LDAP query, to get a list from all my groups/members. I can't figure out how can i do this. All my tries were unsuccesfull. My "AD tree": mydomain.local/Mybusiness/Distribution Groups/ here are my groups I tried with somethin' like this: (objectCategory=user) (memberOf=CN=Distribution Groups,OU=Mybusiness,DC=mydomain.local,DC=com) I appreciate if somebody could help me to write an ldap query, which gives a list with my groups and the members of this groups. Thank you.

问题 I am trying to get all the groups that a certain user is a member of. I have the following structures in ldap: o=myOrganization ou=unit1 cn=admin cn=guess and ou=users cn=ann cn=bob cn=carla myOrganization is an instance of Organization unit1 is an instance of OrganizationUnit admin and guess are both GroupOfNames and have everyone as a member ann , bob , and carla are instances of Person Currently, I am using the ldap module on python and this is what I have: import ldap l = ldap.initialize(

问题 This question already has answers here : Associate Ldap user to a group with Java (4 answers) Closed 2 years ago . I am trying to add an user into Active Directory. Having in mind: Using SSL Certificate ok Password works fine With out group association, the user is correctly created. When I try to associate the user to a group I get the following error: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0

问题 I need to set up SSL over Active Directory. I googled a lot but could not found a decent write up about how to do this. Please if you know some good resources about this let me know. Thanks! 回答1: Sounds easy - but I ran into quite a few problems getting trusted connections with SSL working in our environment. The article was about ADAM but is just as applicable for AD. In our environment I couldn't install domain-related services like cert-server, nor act as domain-admin. I blogged about how