Wednesday, August 19, 2009

Accessing Active Directory using LDAP in JAVA

This code example is to access Active Directory through Java. You will need to change it according to your own configuration.

The import statements:

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

The method:


public void ActiveDirectory()
{
Hashtable ldapEnv = new Hashtable();
String host ="hera";
String domain ="company.com";
String port ="389";
String urlDC = "ldap://"+ host+ "." +domain+ ":" +port+ "/";
String adUserId = "userid@" + "company.com";
adPassword = "password";
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.SECURITY_AUTHENTICATION,"simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL,adUserId);
ldapEnv.put(Context.SECURITY_CREDENTIALS,adPassword);
ldapEnv.put(Context.PROVIDER_URL, urlDC);
String searchBase;
String searchFilter;
searchBase= dcList;
searchFilter = "(&(objectCategory=person)(objectClass=user)))";
String objAttribs[]={"sAMAccountName","sn","givenName","cn","mail","userAccountControl", "memberOf"};
LdapContext ctx = null;
try {
ctx = new InitialLdapContext(ldapEnv,null);
}
catch (NamingException ex) {
String errorMsg = "An error has occured.";
log.error(errorMsg, ex);
throw ExceptionUtil.getESCException(errorMsg, ex);
}
SearchControls srchInfo = new SearchControls();
srchInfo.setSearchScope(SearchControls.SUBTREE_SCOPE);
srchInfo.setReturningAttributes(objAttribs);
NamingEnumeration dirObjects = ctx.search(searchBase, searchFilter, srchInfo);
adUsers = new ArrayList();
Attributes attrs = null;
Attribute memberOfAttr = null;
boolean isReqdUser;
while (dirObjects != null && dirObjects.hasMoreElements()) {
SearchResult dirObject = (SearchResult)dirObjects.next();
attrs = dirObject.getAttributes();
if(attrs == null attrs.get("userAccountControl") == null) continue;
long userAccountControl = Long.parseLong((String)attrs.get("userAccountControl").get());
isReqdUser = false;
memberOfAttr = attrs.get(objAttribs[6]);
for(int i=0; memberOfAttr != null && i<memberOfAttr.size(); i++ ){
if (memberOfAttr.get(i).toString().startsWith("CN=Employees")
memberOfAttr.get(i).toString().startsWith("CN=Consultants")){
isReqdUser = true;
break;
}
}
if (!isReqdUser) continue;
User user = new User();
user.setUsrAccessLevel(1);
user.setUsrUserId(attrs.get(objAttribs[0]).get().toString());
user.setUsrFullName(attrs.get(objAttribs[3]).get().toString());
if (attrs.get(objAttribs[4]) != null && attrs.get(objAttribs[4]).get() != null){
user.setEmailAddress(attrs.get(objAttribs[4]).get().toString());
}
if ((userAccountControl & UF_ACCOUNTDISABLE) == UF_ACCOUNTDISABLE) {
user.setUsrDateRevoked(Calendar.getInstance().getTime());
user.setUsrDateActivated(Calendar.getInstance().getTime());
}
else {
user.setUsrDateActivated(Calendar.getInstance().getTime());
}
adUsers.add(user);
nodirObjects++;
}
}
ctx.close();
}

Posted by Greg at 1:26 AM
Labels: , ,

1 comments:

MARSHALL.L.DEWITT March 5, 2010 7:52 AM  

THANKS this is just what I was looking for! And the only Java specific instance I have found.

Post a Comment

Subscribe to: Post Comments (Atom)