I am building an application based on GXT (J2EE). Now the problem is that I have to connect the application to a LDAP server. Can you tell me how to connect a LDAP server from our java application and what Library or API I will have to use for that?
Asked
Active
Viewed 6.1k times
3 Answers
12
To connect to LDAP, check out the following packages/classes:
javax.naming.directory.*
javax.naming.ladp.*
com.sun.jndi.ldap.LdapCtxFactory
com.sun.jndi.ldap.ControlFactory
Example code:
//build a hashtable containing all the necessary configuration parameters
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(LdapContext.CONTROL_FACTORIES, conf.getProperty("ldap.factories.control"));
environment.put(Context.INITIAL_CONTEXT_FACTORY, conf.getProperty("ldap.factories.initctx"));
environment.put(Context.PROVIDER_URL, conf.getProperty("ldap.host"));
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, conf.getProperty("ldap.user"));
environment.put(Context.SECURITY_CREDENTIALS, conf.getProperty("ldap.password"));
environment.put(Context.STATE_FACTORIES, "PersonStateFactory");
environment.put(Context.OBJECT_FACTORIES, "PersonObjectFactory");
// connect to LDAP
DirContext ctx = new InitialDirContext(environment);
// Specify the search filter
String FILTER = "(&(objectClass=Person) ((sAMAccountName=" + user.getUsername() + ")))";
// limit returned attributes to those we care about
String[] attrIDs = { "sn", "givenName" };
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Search for objects using filter and controls
NamingEnumeration answer = ctx.search(searchBase, FILTER, ctls);
...
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
surName = attrs.get("sn").toString();
givenName = attrs.get("givenName").toString();
...
In this example I have a Configuration object that reads these values from a config file.
The values would be :
# LDAP parameters
ldap.host = ldap://ldap.mydomain.com:389
ldap.factories.initctx = com.sun.jndi.ldap.LdapCtxFactory
ldap.factories.control = com.sun.jndi.ldap.ControlFactory
ldap.searchbase = dc=mydomain,dc=us
ldap.user = MYDOMAIN.COM\\ldap-user
ldap.userBase= MYDOMAIN.COM\\
ldap.password = ******
Rob Hruska
- 118,520
- 32
- 167
- 192
Pierre Henry
- 16,658
- 22
- 85
- 105
-
In my case I don't want to specify any search filter for the connection. actually I want to establish the connection at the start up of the application and retrieve information whenever we need from any part of the application. Now whether I will need different connections each time we try to connect the LDAP server or what? Again is the search filter compulsory for a connection? – dhiraj May 21 '10 at 10:24
-
How can we check whether the connection to a LDAP server is successfully done or not? – dhiraj May 21 '10 at 10:49
-
dhiraj : you don't need the search filter to get the connection (ie the context). Depending on the frequency of acces to the LDAP, i would either keep the connection alive an reuse it (and re-open it if it fail, as it could be closed unexpectedly), or get a new connection each time (closing it after each time also). Personnaly i would favor the second (more robust IMHO). – PATRY Guillaume May 21 '10 at 10:53
-
Dhiraj : the context (ie ctx variable) *is* the connexion. It check the elements it's given in the environment (notably user and password), and will fail if it's not valid. – PATRY Guillaume May 21 '10 at 10:57
-
Thanx a lot for your valuable answers. – dhiraj May 21 '10 at 12:38
-
The filter is used to query the directory in order to find the information you need. In my example I search for a user (Person) which sAMAcountName is equal to user.getUsername(). – Pierre Henry May 21 '10 at 12:52
-
thanks for the answer, but sample code should be complete and working... here there are several undefined variables, like searchBase – Pierluigi Vernetto May 08 '18 at 20:11
7
- Connection to a LDAP server is made using JNDI (Java Naming and Directory Interface) APIs in Java.
The JNDI’s interfaces, classes and exceptions are available in the following packages come with JDK:
- javax.naming.*
- javax.naming.directory.*
That means we don’t have to use any external libraries for working with LDAP servers, in most cases.
That specifies URL of a LDAP server consists of hostname on which LDAP Server is running port number. A well known port number of the Lightweight Directory Access Protocol is 389 which is default.
Also need to specify some environment properties for the connection and authentication in a Hashtable object.
Here is the sample code:
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
public class Ldap
{
public static void main(String[]args)
{
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, "ldap://<hostname>:389");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, "<Login DN>");
environment.put(Context.SECURITY_CREDENTIALS, "<password>");
try
{
DirContext context = new InitialDirContext(environment);
System.out.println("Connected..");
System.out.println(context.getEnvironment());
context.close();
}
catch (AuthenticationNotSupportedException exception)
{
System.out.println("The authentication is not supported by the server");
}
catch (AuthenticationException exception)
{
System.out.println("Incorrect password or username");
}
catch (NamingException exception)
{
System.out.println("Error when trying to create the context");
}
}
}
Pratik Patil
- 3,662
- 3
- 31
- 31
-1
You can even use Netscape LDAP SDK which is currently not active but gives more control in LDAP Programming
Dungeon Hunter
- 19,827
- 13
- 59
- 82
-
I have used it but I have faced a problems with it, check this https://stackoverflow.com/questions/74079587/garbage-character-showing-due-to-encoding-mismatch. I am also looking for alternatives. – Alok Mishra Oct 15 '22 at 13:12