如何使用 Windows 身份验证调用 Active Directory,而不提示输入用户名/密码?
您可以在以下帖子中查看使用 Java 中的 InitialLdapContext
类访问 LDAP 的示例:
http://forums.sun.com/thread.jspa?threadID=603815
http://forums.devshed.com/ldap-programming-76/active-directory-services-using-java-api-89586 .html
这需要传入登录名和密码(即使运行java进程的服务帐户或用户已经登录才能运行)。
由于用户或服务帐户已经登录 - 他们已经可以运行如下所示的 Active Directory 命令,而无需用户名或密码:
dsquery user -samid "login" |dsget user -samid -email -display
那么,如果 Windows 已经可以使用此查询,为什么 Java 需要登录密码呢? Kosuke 暗示,在这篇博文的结论中不需要这样做:
https://community.oracle.com/blogs/kohsuke/2008/06/12/more-active-directory-integration-java
我们如何在 Java 中调用 Active Directory,而不
- 使用 :登录名或密码(在已登录的帐户下运行)?
- 在命令行上执行命令?
You can see an example of accessing LDAP using the InitialLdapContext
class in Java in the following posts:
http://forums.sun.com/thread.jspa?threadID=603815
http://forums.devshed.com/ldap-programming-76/active-directory-services-using-java-api-89586.html
This requires a login and password to be passed in (even though the service account or user running the java process has already logged in to be able to run).
As the user or service account is already logged in - they can already run active directory commands like the following without a user name or password:
dsquery user -samid "login" |dsget user -samid -email -display
So why does Java need the login password if this query is already available to Windows? Kosuke hints that it is not required in this blog post under conclusion:
https://community.oracle.com/blogs/kohsuke/2008/06/12/more-active-directory-integration-java
How can we call Active Directory in Java without:
- using a login or password (running under an account that is already logged in)?
- executing a command on the command line?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
发生这种情况可能是因为
当 Windows 在您运行需要 AD 的应用程序时对您进行身份验证时,除了您的实际密码之外,它还会提供一些其他凭据集。 这些凭证在 Java 中不可用,或者至少 LDAP 通信器的提供商都没有提供检索它的方法。
在他关于该主题的其他博客文章中 Kohsuke 进一步阐述了为什么 Java 领域的 Active Directory 是这样的。
This probably occurs because
When Windows authenticates you against AD as you run applications that require it, it presents some other set of credentials besides your actual password. These credentials are not available in Java, or at least none of the providers of LDAP communicators have provided a way to retrieve it.
In his other blog post on the subject Kohsuke expands a bit more on why things are the way they are in Java-land when it comes to Active Directory.