问题
How do I query the active directory in Java using the current logged on user in windows?
This is possible using C++ with ldap_bind_s and passing null in the credential. It lets you bind to the AD with the current logged on user and query AD but I could not find its equivalent in Java.
I saw at other places that I can use kerberos but kerberos forces me to generate a keytab file for the user and uses it to communicate with AD using GSSAPI. I want to avoid asking users to generate keytab file.
I see that NTLMLoginModule lets you login without asking for any kind of keytab file or credential but then again there is no java library for binding to AD using the NTLMLoginModule.
Again, I am looking for a solution only for AD and not a generic LDAP solution. I know that a generic LDAP solution will not work this way.
回答1:
I'm going off of this guy's post. You can go with the commercial Jespa library, which uses NTLMv2. Or you can go with the open source com4j project that uses ADSI, created by Kohsuke Kawaguchi.
来源:https://stackoverflow.com/questions/16969472/query-active-directory-in-java-using-a-logged-on-user-on-windows