LDAP: How to get all Groups in Active Directory?
34,028
Solution 1
Use Java JNDI, and do a search for (objectclass=group) and request the cn attribute. This will get all the groups name.
Code example:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class Test {
public static String ldapUri = "ldap://localhost";
public static String usersContainer = "cn=users,dc=example,dc=com";
public static void main(String args[]) {
if (args.length != 2) {
System.out.println("Usage: test userName password");
return;
}
String username = args[0];
String password = args[1];
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUri);
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
DirContext ctx = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
String[] attrIDs = { "cn" };
ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration answer = ctx.search(usersContainer, "(objectclass=group)", ctls);
while (answer.hasMore()) {
SearchResult rslt = (SearchResult) answer.next();
Attributes attrs = rslt.getAttributes();
System.out.println(attrs.get("cn"));
}
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
Solution 2
You can use this library. It's easy to use and powerfull
http://code.google.com/p/jedi-obi/
Related videos on Youtube
Author by
user709389
Updated on November 17, 2020Comments
-
user709389 over 3 years
Is there a way to get the names of all groups in Active Directory using java?
-
user709389 about 13 yearsThanks for the reply. When I try using this, I get following error: "javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece" Any idea?
-
kalyan about 13 yearsLooks like you you have not authenticated correctly. Are you connecting to the correct ldap server? Is your user fdn is correct (like cn=Administrator,cn=users,dc=example,dc=com) and is your password correct?
-
user709389 about 13 yearsYes, my pw was wrong (stupid me). Anyway, now I get following: "javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece"
-
user709389 about 13 yearsI think I succeeded a bit, but this is what i get now: "javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031006E0, data 0, 1 access points ref 1: 'example.com' ]; remaining name 'cn=testuser,dc=example,dc=com'" testuser is the name of user that I use. Is there something wrong with my userContainer? public static String usersContainer = "cn=testuser,dc=example,dc=com"; ??? "
-
kalyan about 13 yearschange the userContainer to "dc=example,dc=com". We are using userContainer as the basedn for the search. I just used an example "cn=users,dc=example,dc=com". Change it based on your directory structure.
-
Jacobi over 11 years@ceving see this link code.google.com/p/jedi-obi/wiki/HomeUkVersion But just this, I see that all the Java DOC is in English
-
paulsm4 over 10 years@kalyan - great example! Thank you!
-
Roknauta about 7 yearsHow filter by user ?
-
geisterfurz007 about 4 yearsPlease don't just post some tool or library as an answer. At least demonstrate how it solves the problem in the answer itself.
-
griffon vulture almost 4 yearsThe problem is the number of requests to the LDAP server will be as the number of groups existing! is there a way to get all groups in one request?