1
我们有一个关系数据库,其中包含用户信息和散列密码,我希望使用LDAP进行单点登录,并且MyVD似乎能够完成我们所需的一切。我的第一步是让搜索无需任何身份验证即可正常工作,并且我已经为用户及其属性准备好了LDAP记录,因此我现在要回过头来为身份验证机制创建自己的自定义插入这将基本上散列绑定请求的密码,并尝试将其匹配到我们数据库中的散列密码。MyVD的自定义LDAP绑定插入
关于如何实现插入操作的特定细节(关于通常创建插入有一个相当好的概述),几乎没有文档,所以我一直试图从现有的源代码中去掉MyVD项目作为我的代码的基础。现在,我不断得到下面的异常,我已经通过该项目的代码追溯,仍然想不通为什么它正在发生:
LDAPException: Could not bind to any services (49) Invalid Credentials
LDAPException: Server Message: [email protected],o=RBD,c=us
at net.sourceforge.myvd.router.Router.bind(Router.java:164)
at net.sourceforge.myvd.chain.BindInterceptorChain.nextBind(BindInterceptorChain.java:52)
at net.sourceforge.myvd.inserts.routing.MasterReplicaRouter.bind(MasterReplicaRouter.java:109)
at net.sourceforge.myvd.chain.BindInterceptorChain.nextBind(BindInterceptorChain.java:49)
at net.sourceforge.myvd.inserts.DumpTransaction.bind(DumpTransaction.java:142)
at net.sourceforge.myvd.chain.BindInterceptorChain.nextBind(BindInterceptorChain.java:49)
at net.sourceforge.myvd.protocol.ldap.BindHandler.messageReceived(BindHandler.java:153)
at net.sourceforge.myvd.protocol.ldap.LDAPOperation.messageReceived(LDAPOperation.java:84)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:141)
at net.sourceforge.myvd.protocol.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:402)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:180)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Thread.java:662)
正如你将与下面的插入类,我看米只是检查密码是123,我可以从日志文件中看到,那是什么东西被发送到类:
[2013-10-08 16:21:24,198][MyVD-2] DEBUG DBAuthenticator - USER: [email protected]
[2013-10-08 16:21:24,198][MyVD-2] DEBUG DBAuthenticator - PASSWORD: 123
所以我处于亏损状态,这就是为什么我现在发布这个问题;)这是我的自定义插入类,实现Insert接口:
package com.foobar.myvd;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Properties;
import net.sourceforge.myvd.chain.AddInterceptorChain;
import net.sourceforge.myvd.chain.BindInterceptorChain;
import net.sourceforge.myvd.chain.CompareInterceptorChain;
import net.sourceforge.myvd.chain.DeleteInterceptorChain;
import net.sourceforge.myvd.chain.ExetendedOperationInterceptorChain;
import net.sourceforge.myvd.chain.ModifyInterceptorChain;
import net.sourceforge.myvd.chain.PostSearchCompleteInterceptorChain;
import net.sourceforge.myvd.chain.PostSearchEntryInterceptorChain;
import net.sourceforge.myvd.chain.RenameInterceptorChain;
import net.sourceforge.myvd.chain.SearchInterceptorChain;
import net.sourceforge.myvd.core.NameSpace;
import net.sourceforge.myvd.inserts.Insert;
import net.sourceforge.myvd.types.Attribute;
import net.sourceforge.myvd.types.Bool;
import net.sourceforge.myvd.types.DistinguishedName;
import net.sourceforge.myvd.types.Entry;
import net.sourceforge.myvd.types.ExtendedOperation;
import net.sourceforge.myvd.types.Filter;
import net.sourceforge.myvd.types.Int;
import net.sourceforge.myvd.types.Password;
import net.sourceforge.myvd.types.Results;
import org.apache.log4j.Logger;
import com.novell.ldap.LDAPConstraints;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPModification;
import com.novell.ldap.LDAPSearchConstraints;
import com.novell.ldap.util.RDN;
public class DBAuthenticator implements Insert {
Logger logger = Logger.getLogger(DBAuthenticator.class);
String name;
@Override
public void add(AddInterceptorChain arg0, Entry arg1, LDAPConstraints arg2)
throws LDAPException {
arg0.nextAdd(arg1, arg2);
}
@Override
public void bind(BindInterceptorChain chain, DistinguishedName dn,
Password password, LDAPConstraints constraints)
throws LDAPException {
String user = ((RDN) dn.getDN().getRDNs().get(0)).getValue();
String passwordString = null;
try {
passwordString = new String(password.getValue(), "UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
logger.debug("USER: " + user);
logger.debug("PASSWORD: " + passwordString);
if (!passwordString.equals("123"))
throw new LDAPException("Manual Invalid Credentials",
LDAPException.INVALID_CREDENTIALS,
"Manual Invalid Credentials");
logger.debug("NO THROW");
chain.nextBind(dn, password, constraints);
logger.debug("nextBind CALLED.");
}
@Override
public void compare(CompareInterceptorChain arg0, DistinguishedName arg1,
Attribute arg2, LDAPConstraints arg3) throws LDAPException {
arg0.nextCompare(arg1, arg2, arg3);
}
@Override
public void configure(String name, Properties arg1, NameSpace arg2)
throws LDAPException {
this.name = name;
}
@Override
public void delete(DeleteInterceptorChain arg0, DistinguishedName arg1,
LDAPConstraints arg2) throws LDAPException {
arg0.nextDelete(arg1, arg2);
}
@Override
public void extendedOperation(ExetendedOperationInterceptorChain arg0,
ExtendedOperation arg1, LDAPConstraints arg2) throws LDAPException {
arg0.nextExtendedOperations(arg1, arg2);
}
@Override
public String getName() {
return this.getClass().getSimpleName();
}
@Override
public void modify(ModifyInterceptorChain arg0, DistinguishedName arg1,
ArrayList<LDAPModification> arg2, LDAPConstraints arg3)
throws LDAPException {
arg0.nextModify(arg1, arg2, arg3);
}
@Override
public void postSearchComplete(PostSearchCompleteInterceptorChain arg0,
DistinguishedName arg1, Int arg2, Filter arg3,
ArrayList<Attribute> arg4, Bool arg5, LDAPSearchConstraints arg6)
throws LDAPException {
}
@Override
public void postSearchEntry(PostSearchEntryInterceptorChain arg0,
Entry arg1, DistinguishedName arg2, Int arg3, Filter arg4,
ArrayList<Attribute> arg5, Bool arg6, LDAPSearchConstraints arg7)
throws LDAPException {
arg0.nextPostSearchEntry(arg1, arg2, arg3, arg4, arg5, arg6, arg7);
}
@Override
public void rename(RenameInterceptorChain arg0, DistinguishedName arg1,
DistinguishedName arg2, Bool arg3, LDAPConstraints arg4)
throws LDAPException {
arg0.nextRename(arg1, arg2, arg3, arg4);
}
@Override
public void rename(RenameInterceptorChain arg0, DistinguishedName arg1,
DistinguishedName arg2, DistinguishedName arg3, Bool arg4,
LDAPConstraints arg5) throws LDAPException {
arg0.nextRename(arg1, arg2, arg3, arg4, arg5);
}
@Override
public void search(SearchInterceptorChain arg0, DistinguishedName arg1,
Int arg2, Filter arg3, ArrayList<Attribute> arg4, Bool arg5,
Results arg6, LDAPSearchConstraints arg7) throws LDAPException {
arg0.nextSearch(arg1, arg2, arg3, arg4, arg5, arg6, arg7);
}
@Override
public void shutdown() {
}
}
这里是我目前myvd.conf文件配置服务器:
#Listen on port 389
server.listener.port=10389
#Listen on 636 using SSL
#server.secure.listener.port=636
#server.secure.keystore=/var/keystores/myvd.ks
#server.secure.keypass=secret
#Cnfigure global chains
server.globalChain=LogAllTransactions,router
server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction
server.globalChain.LogAllTransactions.config.logLevel=info
server.globalChain.LogAllTransactions.config.label=Global
server.globalChain.router.className=net.sourceforge.myvd.inserts.routing.MasterReplicaRouter
server.globalChain.router.config.specifyToInclude=false
server.globalChain.router.config.readOnly=Rbdconnect
#Configure namespaces
server.nameSpaces=Root,Readusers
#Define RootDSE
server.Root.chain=RootDSE
server.Root.nameSpace=
server.Root.weight=0
server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE
server.Root.RootDSE.config.namingContexts=o=RBD,c=us
#Define rbdconnect namespace
server.Readusers.chain=dbauth,db
server.Readusers.nameSpace=o=RBD,c=us
server.Readusers.weight=100
server.Readusers.db.className=net.sourceforge.myvd.inserts.jdbc.JdbcInsert
server.Readusers.db.config.driver=org.postgresql.Driver
server.Readusers.db.config.url=jdbc:postgresql://localhost:5432/foo
server.Readusers.db.config.user=bar
server.Readusers.db.config.pass=bat
server.Readusers.db.config.rdn=uid
server.Readusers.db.config.mapping=uid=username,ou=ou,cn=employee_name,givenName=firstname,sn=lastname,mail=email,active=active
server.Readusers.db.config.objectClass=inetOrgPerson
server.Readusers.db.config.sql=SELECT ad_user.isactive AS active, username, ad_user.name AS employee_name, firstname, lastname, email, CASE WHEN ad_role.name IS NULL THEN 'Unknown' ELSE ad_role.name END AS ou FROM ad_user LEFT OUTER JOIN ad_role ON ad_user.default_ad_role_id = ad_role.ad_role_id
server.Readusers.dbauth.className=com.retailingwireless.myvd.DBAuthenticator
我希望有人来开导我,什么我缺少的,因为我一直在盯着这几个小时现在,和(按照我惯常的方式),这可能是简单而恰到好处的。感谢您抽出宝贵的时间!
工作就像一个魅力!你是我的英雄! –