windows-server-2008 – 如何获取ActiveDirectory的LDAP连接字符串

前端之家收集整理的这篇文章主要介绍了windows-server-2008 – 如何获取ActiveDirectory的LDAP连接字符串前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试使用Grails LDAP插件来使用我的Active Directory.

这个插件需要很多我不熟悉的东西,因为我对Active Directory知之甚少.

以下是插件所需的内容

// LDAP config
grails.plugins.springsecurity.ldap.context.managerDn = '[distinguishedName]'
grails.plugins.springsecurity.ldap.context.managerPassword = '[password]'
grails.plugins.springsecurity.ldap.context.server = 'ldap://[ip]:[port]/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugins.springsecurity.ldap.search.base = '[the base directory to start the search.  usually something like dc=mycompany,dc=com]'
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail','displayName'] // extra attributes you want returned; see below for custom classes that access this data
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider'] // specify this when you want to skip attempting to load from db and only use LDAP

// role-specific LDAP config
grails.plugins.springsecurity.ldap.useRememberMe = false
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='[the base directory to start the search.  usually something like dc=mycompany,dc=com]'
// If you don't want to support group membership recursion (groups in groups),then use the following setting
// grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}' // Active Directory specific
// If you wish to support groups with group as members (recursive groups),use the following
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})' // Active Directory specific

我正在使用Windows 2008 Server并知道以下内容

IP = 10.10.10.90
Name = bold.foo.bar (This is what I see under Active Directory Users and Computers)
Domain =`BOLD`
Group = `MANAGERS`
Users = USERA (part of MANAGERS group) and USERB (not part of MANAGERS group)

我可以获得一些填写所需的部分/大部分配置的帮助吗?我可以访问服务器管理器中的Active Directory域服务,因此如果大部分信息都来自那里,我就可以获得它.

PS:我没有Sys Admin的豪华帮助我.所以我是开发人员留下填补两个角色:)

Microsoft Windows Sysinternals套件中的 Active Directory Explorer (AdExplorer)实用程序可以帮助您查找所需的DN和搜索库信息.

但最好是获得一些LDAP概念以获得更多控制,例如,您希望在搜索结果添加更多search.filter获取更多属性(search.attributesToReturn)(您也希望获得用户的phoneNumber).有用的链接

> Wikipedia: Lightweight Directory Access Protocol
> MSDN: Lightweight Directory Access Protocol (Windows)

猜你在找的Windows相关文章