How to connect with Active Directory without a full CN/DN from Java code

Question

I have implemented method:

public static LdapContext buildContext(String username, String password) {

    LdapContext context = null;

    Hashtable<String, String> env = new Hashtable<String, String>();

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, username);
    env.put(Context.SECURITY_CREDENTIALS, password);
    env.put(Context.PROVIDER_URL, DOMAIN_URL);

    try {
        context = new InitialLdapContext(env, null);
    } catch (NamingException e) {

    }

    return context;
}

I do not know the full CN/DN string. I only pass the name of a user (f.e. Tom) and password.

I have no info about groups etc..

Thank you in advance!

I believe you will need the full DN string in order to authenticate the user. You might be able to log in as anonymous user with very limited permissions if any. — giorashc, Jul 12 '13 at 13:42

score 1 · Answer 1 · answered Jul 12 '13 at 19:39

Search for the entry using what information you have. The search result will contain the number of entries that matched the search and the DN of each entry that matched, therefore the search should be as restrictive as possible in order to return just the one entry for which you're looking. Then use that DN to BIND to the server,

score 0 · Answer 2 · answered Jul 13 '13 at 10:56

0

What Terry said. We have an example of performing Basic JNDI Search with Administration Account

answered Jul 13 '13 at 10:56

jwilleke

10,467
1
30
51

How to connect with Active Directory without a full CN/DN from Java code

2 Answers2