LDAP : ldapwhoami equivalent with JNDI

Question

I'm using JNDI to connect to a LDAP directory, with a Kerberos authentication. I need to know the user which is currently connected. In other words, I need an equivalent of the command ldapwhoami in JNDI.

Thanks for your help !

You need an extended operation. I have some code for this, will post it tomorrow. — user207421, Jun 25 '14 at 09:38
Guillaume, if EJP's response worked for you please accept it as the answer. — Alix, Mar 09 '15 at 10:14

score 0 · Answer 1 · answered Jun 26 '14 at 01:26

You need to use the WhoAmi extended operation. See LdapContext.extendedOperation(). The operation classes aren't part of the JDK so I'm posting them here. So as not to rely on the com.sun.* classes for BER encoding/decoding I based this on the Netscape LDAP SDK.

For my own purposes I factored out common base classes but unless you're in the business of writing extended controls you may want to flatten this to just two classes, the extended request and the extended response.

/*
 * Copyright (c) Esmond Pitt, 2011.
 * All rights reserved.
 * Permission is hereby given to copy and use this code for non-commercial purposes
 * provided this notice and the author attributions in the source code remain intact.
 */

BasicExtendedRequest:

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingException;
import javax.naming.ldap.ExtendedRequest;
import javax.naming.ldap.ExtendedResponse;
import netscape.ldap.ber.stream.BERElement;

/**
 * Base class for LDAP extended requests.
 *
 * @author Esmond Pitt
 */
public abstract class BasicExtendedRequest implements ExtendedRequest
{
    private String  oid;
    private BERElement  element;

    public BasicExtendedRequest(String oid, BERElement element)
    {
        this.oid = oid;
        this.element = element;
    }

    @Override
    public final String   getID()
    {
        return oid;
    }

    @Override
    public final byte[]   getEncodedValue()
    {
        try
        {
            if (element == null)
                return null;
            ByteArrayOutputStream   baos = new ByteArrayOutputStream();
            element.write(baos);
            baos.close();
            byte[]  ber = baos.toByteArray();
//            Logger.getLogger(this.getClass().getName()).log(Level.INFO, "ber={0}", new Object[]{Arrays.toString(ber)});
            return ber;
        }
        catch (IOException exc)
        {
            Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, "writing", exc);
            return null;
        }
    }

    @Override
    public abstract ExtendedResponse createExtendedResponse(String id, byte[] ber, int offset, int length) throws NamingException;

    protected BERElement    getElement()
    {
        return element;
    }
}

BasicExtendedResponse:

import java.util.Arrays;
import javax.naming.ldap.ExtendedResponse;

/**
 * Base class for LDAP extended responses.
 *
 * @author Esmond Pitt
 */
public class BasicExtendedResponse implements ExtendedResponse
{
    private String  oid;
    private byte[]  ber;

    public BasicExtendedResponse(String oid, byte[] ber)
    {
        this.oid = oid;
        this.ber = ber;
    }

    @Override
    public byte[] getEncodedValue()
    {
        return ber;
    }

    @Override
    public String getID()
    {
        return oid;
    }

    public String   toString()
    {
        return super.toString()+":"+Arrays.toString(ber);
    }

}

WhoAmIExtendedRequest:

import javax.naming.NamingException;
import javax.naming.ldap.ExtendedResponse;
import netscape.ldap.ber.stream.BERElement;

/**
 * 'Who am I' extended request.
 *
 * @author Esmond Pitt
 * @see WhoAmIExtendedResponse
 * @see <a href="http://tools.ietf.org/html/rfc4532">RFC 4532</a>
 */
public class WhoAmIExtendedRequest extends BasicExtendedRequest
{

    public WhoAmIExtendedRequest()
    {
        super(WhoAmIExtendedResponse.OID, null);
    }

    @Override
    public ExtendedResponse createExtendedResponse(String id, byte[] ber, int offset, int length) throws NamingException
    {
        // id is possibly null
        assert id == null || id.equals(WhoAmIExtendedResponse.OID) : "wrong OID";
        return new WhoAmIExtendedResponse(ber, offset, length);
    }

}

WhoAmIExtendedResponse:

import javax.naming.NamingException;

/**
 * 'Who am I' extended request.
 *
 * @author Esmond Pitt
 * @see WhoAmIExtendedRequest
 */
public class WhoAmIExtendedResponse extends BasicExtendedResponse
{
    public static final String  OID = "1.3.6.1.4.1.4203.1.11.3";

    private String  authzID;

    public WhoAmIExtendedResponse(byte[] ber, int offset, int length) throws NamingException
    {
        super(OID, ber);
        this.authzID = new String(ber, offset, length);
    }

    public String   getAuthzID()
    {
        return authzID;
    }
}

LDAP : ldapwhoami equivalent with JNDI

1 Answers1