LDAP search in java: DN contains ,

2019-08-14 15:38发布

问题:

I'm currently running into issues when searching for entries where the DN contains a comma:

StringTokenizer st = new StringTokenizer(dn, "=");
Attributes searchAttributes = new BasicAttributes(st.nextToken(), st.nextToken());
Enumeration results = ctx.search(baseDn, searchAttributes);

if (results.hasMoreElements()) {
  // ...
}

I tested both dn=first,second as well as dn=first\,second, and although the search runs correctly, I never get any results back. The same baseDn and dn works correctly in Eclipse/Apache Directory Studio LDAP Browser.

回答1:

depends of libraries, for example by using Novell ldap.jar is constuctor

searchResults = lc.search(searchBase, searchScope, searchFilter, null, false);
//private String searchFilter = "(objectClass=*)"; 

again depends or libraries, because maybe Directory Studio LDAP Browser has own driver, and some methods are implemented another maybe not, for example with ldap.jar is able to seach in ActiveDirectory

basically all libraries (including Java driver for Windows ActiveDirectory) contains tons of examples packed with library, for most importand of methods which are implemented into driver

EDIT:

hmmm, but there are two relevant

1/ access for context given by admin (between enviroments) 2/ with ActiveDirectory (always) and with (old PC) test enviroment for LDAP I must force for thread(s) some small pause

private void readData() {
        searchResults = new LDAPSearchResults();
        try {
            Thread.sleep(450);
        } catch (InterruptedException ex) {
            Logger.getLogger(Profylaxia.class.getName()).log(Level.SEVERE, null, ex);
        }
        try {
            searchResults = lc.search(searchBase, searchScope, searchFilter, null, false);
            try {
                Thread.sleep(500);
            } catch (InterruptedException ex) {
                Logger.getLogger(Profylaxia.class.getName()).log(Level.SEVERE, null, ex);
            }
            int noResult = searchResults.getCount();
            System.out.println("  noResult : " + noResult);

// thenafter I can able to start Iterations....



回答2:

The quoting rules for ldap queries can be found at http://www.rlmueller.net/CharactersEscaped.htm

I'm using the following code snippet to query the cn, should work teh same for the dn:

    String searchFilter = "(&(objectClass=user)(cn=" + query + "))";
    SearchControls searchControls = new SearchControls();
    String[] resultAttributes = {"cn", "distinguishedName", "displayName", "lastLogon", "description"};
    searchControls.setReturningAttributes(resultAttributes);
    searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

    NamingEnumeration ne = getContext().search(root, searchFilter, searchControls);

    List<DirectoryUser> result = new ArrayList<DirectoryUser>();
    while (ne.hasMoreElements()) {
        SearchResult searchResult = (SearchResult)ne.nextElement();
        Attributes attrs = searchResult.getAttributes();
        ...
    }