问题
I want to fetch data from an Active Directory using Java and JNDI from my EJB. Doing this search I need to define a user and a password. I was thinking of creating a service account (for my server) in the AD.
I will also be using Kerberos protocol and WebLogic Server. As I understand it now, I need to create a keytab file that will contain this service account's credentials. This keytab file will then be configured in the WebLogic Server?
So, this means that I will have to state the username/password both for the keytab file and in my EJB (to fetch the data from the AD using JNDI). What is the best approach for this? Can the keytab file be defined dynamically? Which would simplify changing the password and only doing this at one place.
回答1:
Have your machine join the domain, start you WebLogic server with the machine account or give access to the machine keytab, create a JDNI resource with the DirContextSourceFactory and you are able to access the AD as you wish.
来源:https://stackoverflow.com/questions/15173149/java-jndi-active-directory-kerberos-weblogic-server-password-configura