ldap

src/main/java/cn/quantgroup/cashloanflowboss/api/login/auth/LDAPAuthentication.java

@@ -28,10 +28,9 @@ public class LDAPAuthentication {
         env.put(Context.PROVIDER_URL, URL+BASEDN);
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
 
-        String root = "cn=common_auth_query,cn=users,dc=quantgroup,dc=cn";// root
+        String root = "cn=common_auth_query,cn=users,DC=quantgroup,DC=cn";// root
         env.put(Context.SECURITY_PRINCIPAL, root);
         env.put(Context.SECURITY_CREDENTIALS, "Quantgroup.com@2o17");
-        env.put("java.naming.ldap.attributes.binary", "objectSid objectGUID");
         // 此处若不指定用户名和密码,则自动转换为匿名登录
         try {
             ctx = new InitialLdapContext(env, connCtls);
@@ -44,17 +43,16 @@ public class LDAPAuthentication {
 
 
 
-    private String getUserDN(String uid) {
+    private String getUserDN(String username) {
         String userDN = "";
         ldapConnect();
         try {
             SearchControls constraints = new SearchControls();
             constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
-            String returnedAtts[] = { "cn","sn","description","title","uid","displayName","mail"};
-            constraints.setReturningAttributes(returnedAtts);
-            NamingEnumeration<SearchResult> en = ctx.search("ou=北京量科邦信息技术有限公司", "mail=" + uid, constraints);
+            String email = username.endsWith("@quantgroup.cn") ? username : username + "@quantgroup.cn";
+            NamingEnumeration<SearchResult> en = ctx.search("", "mail=" + email, constraints);
             if (en == null || !en.hasMoreElements()) {
-                log.info("未找到该用户,uid={}", uid);
+                log.info("未找到该用户,uid={}", username);
             }
             // maybe more than one element
             while (en != null && en.hasMoreElements()) {