0

I am able to run following search query successfully on openldap commandline tool:

ldapsearch -h 1.11.1.1 -b "DC=ff2,DC=in" -s subtree -D "CN=Ldap Bind,OU=Service Accounts,OU=BA,DC=ff2,DC=in" -w G00Pass# sBAAccountName=testAccount

Now I have to execute it in java class. I have done the following:

Hashtable env = new Hashtable();

    env = new Hashtable<String, String>();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.PROVIDER_URL, "ldap://1.11.1.1:389");
    env.put(Context.SECURITY_PRINCIPAL, "CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=ff2,DC=in");
    env.put(Context.SECURITY_CREDENTIALS, "H00Pass#");

    LdapContext context = new InitialLdapContext(env, null);
    // To get only 1000 results at a time.
    context.setRequestControls(
        new Control[]{new PagedResultsControl(1000, Control.CRITICAL)});

    String[] attrs={"CN=Ldap Bind,OU=Service Accounts,OU=TECH,DC=ff2,DC=in"};


    String base = "DC=ff2,DC=in";
    String filter = "(&(objectClass=user)(sAMAccountName=testAccount))";
    SearchControls controls = new SearchControls();
    controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    controls.setReturningAttributes(attrs);
    SearchResult searchResults;
        NamingEnumeration<SearchResult> results =  context.search(base, filter, controls);
        if (results.hasMoreElements()) {
            SearchResult searchResult = (SearchResult) results.nextElement();
            if(results.hasMoreElements()){
                System.err.println("Matched multiple groups for the group with SID: ");
        }else{

            System.out.println( (String)searchResult.getAttributes().get("sAMAccountName").get());
        }
       }

This is giving me Null Pointer Exception at searchResult.getAttributes(). Here I am not sure how to include sBAAccountName filter?

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
Himanshu Yadav
  • 13,315
  • 46
  • 162
  • 291

2 Answers2

1

You have to search with that criteria as follows:

env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.PROVIDER_URL, "<LDAP HOST>");
env.put(Context.SECURITY_PRINCIPAL, "<LDAP USER LOGIN>");
env.put(Context.SECURITY_CREDENTIALS, "<LDAP USER PASSWORD>");

LdapContext context = new InitialLdapContext(env);
// To get only 1000 results at a time.
context.setRequestControls(
    new Control[]{new PagedResultsControl(1000, Control.CRITICAL))});

String attrs = "<List of attrs to be retrieved for each matching LDAP entry>";
String base = "<Base of the search tree>";
String filter = "<Your filter>";
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
controls.setReturningAttributes(attrs);
SearchResults searchResults;
do {
    searchResults = ctx.search(base, filter, controls);
    while (searchResults.hasMoreElements()) {
        // Process result.
    }
    // Process response controls to get the cookie 
    // and keep searching until it is null.
}
while (cookie is not null);
Vikdor
  • 23,934
  • 10
  • 61
  • 84
  • SECURITY_PRINCIPAL is the domain login (username). What you are setting in your code is the search base. – Vikdor Aug 24 '12 at 13:33
  • I am new to LDAP so this may sound stupid. Does it mean that if I am able to search a user in LDAP Dir then I am able to authenticate him? – Himanshu Yadav Aug 24 '12 at 13:57
  • No, authenticating to an LDAP server is different from being able to search for a user. LDAP user directory is generally world readable, afaik, but can vary based on the administration preferences. – Vikdor Aug 24 '12 at 14:04
  • BTW, where you are running ldapsearch from? a unix terminal that is kerberized? – Vikdor Aug 24 '12 at 14:05
  • No. I am running it from my Windows machine and Eclipse IDE. So after search a user how would go to authenticate him? – Himanshu Yadav Aug 24 '12 at 14:08
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/15764/discussion-between-vikdor-and-himanshu-yadav) – Vikdor Aug 24 '12 at 14:08
1

You must have declared searchResult elsewhere as a member variable. Remove that. You will then discover via a compile error that you are using it in a place where it isn't even declared and therefore has no value. Remove that too.

user207421
  • 305,947
  • 44
  • 307
  • 483