How do a LDAP search/authenticate against this LDAP in Java
152,318
Solution 1
try {
LdapContext ctx = new InitialLdapContext(env, null);
ctx.setRequestControls(null);
NamingEnumeration<?> namingEnum = ctx.search("ou=people,dc=example,dc=com", "(objectclass=user)", getSimpleSearchControls());
while (namingEnum.hasMore ()) {
SearchResult result = (SearchResult) namingEnum.next ();
Attributes attrs = result.getAttributes ();
System.out.println(attrs.get("cn"));
}
namingEnum.close();
} catch (Exception e) {
e.printStackTrace();
}
private SearchControls getSimpleSearchControls() {
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setTimeLimit(30000);
//String[] attrIDs = {"objectGUID"};
//searchControls.setReturningAttributes(attrIDs);
return searchControls;
}
Solution 2
Another approach is using UnboundID. Its api is very readable and shorter
Create a Ldap Connection
public static LDAPConnection getConnection() throws LDAPException {
// host, port, username and password
return new LDAPConnection("com.example.local", 389, "[email protected]", "admin");
}
Get filter result
public static List<SearchResultEntry> getResults(LDAPConnection connection, String baseDN, String filter) throws LDAPSearchException {
SearchResult searchResult;
if (connection.isConnected()) {
searchResult = connection.search(baseDN, SearchScope.ONE, filter);
return searchResult.getSearchEntries();
}
return null;
}
Get all Oragnization Units and Containers
String baseDN = "DC=com,DC=example,DC=local";
String filter = "(&(|(objectClass=organizationalUnit)(objectClass=container)))";
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
Get a specific Organization Unit
String baseDN = "DC=com,DC=example,DC=local";
String dn = "CN=Users,DC=com,DC=example,DC=local";
String filterFormat = "(&(|(objectClass=organizationalUnit)(objectClass=container))(distinguishedName=%s))";
String filter = String.format(filterFormat, dn);
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
Get all users under an Organizational Unit
String baseDN = "CN=Users,DC=com,DC=example,DC=local";
String filter = "(&(objectClass=user)(!(objectCategory=computer)))";
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
Get a specific user under an Organization Unit
String baseDN = "CN=Users,DC=com,DC=example,DC=local";
String userDN = "CN=abc,CN=Users,DC=com,DC=example,DC=local";
String filterFormat = "(&(objectClass=user)(distinguishedName=%s))";
String filter = String.format(filterFormat, userDN);
LDAPConnection connection = getConnection();
List<SearchResultEntry> results = getResults(connection, baseDN, filter);
Display result
for (SearchResultEntry e : results) {
System.out.println("name: " + e.getAttributeValue("name"));
}
Solution 3
You can also use the following code :
package com.agileinfotech.bsviewer.ldap;
import java.util.Hashtable;
import java.util.ResourceBundle;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class LDAPLoginAuthentication {
public LDAPLoginAuthentication() {
// TODO Auto-generated constructor
}
ResourceBundle resBundle = ResourceBundle.getBundle("settings");
@SuppressWarnings("unchecked")
public String authenticateUser(String username, String password) {
String strUrl = "success";
Hashtable env = new Hashtable(11);
boolean b = false;
String Securityprinciple = "cn=" + username + "," + resBundle.getString("UserSearch");
env.put(Context.INITIAL_CONTEXT_FACTORY, resBundle.getString("InitialContextFactory"));
env.put(Context.PROVIDER_URL, resBundle.getString("Provider_url"));
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, Securityprinciple);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
// Create initial context
DirContext ctx = new InitialDirContext(env);
// Close the context when we're done
b = true;
ctx.close();
} catch (NamingException e) {
b = false;
} finally {
if (b) {
strUrl = "success";
} else {
strUrl = "failer";
}
}
return strUrl;
}
}
Author by
Satish
Full-stack developer http://twitter.com/satishmummadi www.linkedin.com/in/satishmummadi
Updated on October 13, 2020Comments
-
Satish over 3 years
I am playing with LDAP and Java search. Here's my LDIF export with a simple organization
version: 1 dn: dc=example,dc=com objectClass: organization objectClass: dcObject objectClass: top dc: example o: MyOrganization description: Test Description dn: ou=people, dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: people description: All users in demo company dn: cn=Johnny Doe,ou=people,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: Johnny Doe sn: Johnny homephone: 123-456-7890 mail: [email protected] ou: Development uid: jjohnny userpassword:: johnny dn: cn=Samuel Johnson,ou=people,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: Samuel Johnson sn: Samuel homephone: 123-456-7890 mail: [email protected] ou: Accounts uid: ssam userpassword:: sammyHow do I run a Java snippet to get all users from the LDAP server? There's no authentication set-up on my Apache DS Directory Server.
Hashtable env = new Hashtable(11); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://localhost:10389/dc=example,dc=com"); env.put(Context.SECURITY_AUTHENTICATION, "none"); try { // Create initial context DirContext ctx = new InitialDirContext(env); Object obj = new Object(); // want to print all users from the LDAP server System.out.println(obj.toString()); ctx.close(); } -
Mossroy almost 7 yearsCAUTION, be aware that this implementation might allow users to authenticate with an empty password. See stackoverflow.com/questions/12359831/… . Depending on the LDAP server implementation, you will also need to check that the password parameter is not empty.
-
DavidS over 4 yearsThis question has an answer that demonstrates authentication: stackoverflow.com/questions/12317205/…
-
SatyaTNV almost 4 yearsDo I need to create and closeLDAPConnectionper each request?
