How to query ldap to obtain user information as ldap objects not as a String

Question

I find it strange that on querying ldap, it returns the information in LDIF form(hopefully am right about this inference) which is fine, but the information is returned as String object instead of a (some) ldap object (like user, name or group etc). The problem is to extract any user or group info I am required to do string processing which is tedious and error prone. So I am trying to explore if there is any means where I can still use JDK inbuilt API and get the query response as LDAP objects.

Below is the code with which I am not glad - (quick reference to last five lines will help)

    //code to setup env object - followed by below code
    DirContext context = new InitialDirContext(env);
    SearchControls searchCtls = new SearchControls();
    searchCtls.setCountLimit(0);
    searchCtls.setReturningAttributes(new String[] { "memberOf", "cn", "member"});
    // searchCtls.setReturningAttributes(ldapSearchAttributes.split(","));
    // searchCtls.setReturningAttributes(("member").split(","));
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    NamingEnumeration<SearchResult> answer = context.search(searchBase, "(" + "CN=" + "someldapgroup" + ")", searchCtls);
    System.out.println("answer:" + answer);
    Map<String, Object> amap = null;
    if (answer.hasMoreElements()) {
        SearchResult sr = answer.next();
        System.out.println("sr: " + sr);
        System.out.println();
        //Attributes attrs = answer.next().getAttributes();
        Attributes attrs = sr.getAttributes();
        System.out.println("attrs: " + attrs);
        if (attrs != null) {
            amap = new HashMap<String, Object>();
            NamingEnumeration<? extends Attribute> ne = attrs.getAll();
            //Attributes a =  attrs.get(attrID);
            while (ne.hasMore()) {
                Attribute attr = ne.next();
                System.out.println("attr: " + attr);
                if (attr.getID().equalsIgnoreCase("memberOf") || attr.getID().equalsIgnoreCase("member")) {
                    NamingEnumeration emueration = attr.getAll();
                    List groups = new ArrayList();
                    while (emueration.hasMore()) {
                        Object obj =emueration.next();
                        groups.add(obj);
                        System.out.println(obj.getClass());
                        //LdapName name = (LdapName) obj;
                        System.out.println("obj: " + obj);

The last few lines are what I am bothered. The last but third line System.out.println(obj.getClass()); prints class String, I would like this obj type as some ldap object like LdapName or Name etc. Casting as done on line //LdapName name = (LdapName) obj; does not work so commented it out.

Is there anyway using JDK api to get the query result as ldap objects not as String?? If not with JDK API what is the next best API to use for JAVA folks.

jwilleke · Answer 1 · 2018-01-06T09:21:16.903

0

There are several specific JAVA third-party LDAP libraries that do return "Objects" and address many of the shortcomings with JNDI.

My favorite is UnboundID LDAP SDK followed by Apache LDAP Java API

As an Example from UnboundID LDAP SDK:

 for (SearchResultEntry entry : searchResult.getSearchEntries())
   {
     String name = entry.getAttributeValue("cn");
     String mail = entry.getAttributeValue("mail");
   }

The entry contains the encapsulated LDAP Entry.

edited Jan 06 '18 at 09:21

answered Jan 06 '18 at 09:03

jwilleke

10,467
1
30
51

But do any of them return attribute values as `LdapName`, `Name`, user, group, etc? – user207421 Jan 06 '18 at 09:16
Your edit doesn't answer my question. 'The entry contains the encapsulated LDAP entry': but neither as LDIF nor as a Java objectd which is what the question is about. 'Entry contains the encapsulated LDAP entry' is basically just waffle. – user207421 Jan 06 '18 at 09:37
Why would you say it is NOT a Java Object? When com.unboundid.ldap.sdk.Entry inherits directly from java.lang.Object? – jwilleke Jan 06 '18 at 20:56
`String` is neither a `Name` nor an `LdapName`, which is what the question is about. – user207421 Jan 08 '18 at 09:10
ldapName and Name only exist within the context of JNDI. Not part of LDAP. And the Title says "How to query ldap to obtain user information as ldap objects not as a String" The entry or searchResultEntry (which inherits from Entry) JAVA objects encapsulates the attributes of the LDAP Entry. In any of the MANY LDAP Syntaxes available. RFC 4517 defines 34 distinct syntaxes. The UnboundID LDAP SDK defines several "Getters" including getting such typical values as java.lang.Boolean getValueAsDN which returns a DN Java Object. (LdapName) – jwilleke Jan 08 '18 at 12:41
`LdapName` or `Name` are what the OP wants. It is clearly stated in his question, and it is also clear from his question that he is using JNDI. – user207421 Jan 15 '18 at 00:45

score 0 · Answer 2 · answered Jan 06 '18 at 09:14

I find it strange that on querying ldap, it returns the information in LDIF form

No it doesn't.

(hopefully am right about this inference)

You aren't.

which is fine

It is untrue.

but the information is returned as String object instead of a (some) ldap object (like user, name or group etc).

There is no 'LDAP object' corresponding to 'user' or 'group'. In JNDI there are Name and LdapName for names, but you have to construct them yourself when they are coming from attribute String values.

There are exactly two formats in which LDAP attributes are returned:

String
byte[]

depending on the schema and the attribute specification you use.

The problem is to extract any user or group info I am required to do string processing which is tedious and error prone.

No you aren't. You are required to construct Name or LdapName objects from String, which is trivial.

So I am trying to explore if there is any means where I can still use JDK inbuilt API

by which I assume you mean JNDI with the LDAP provider.

and get the query response as LDAP objects.

See above.

gr8 about your answer. (1) If the result is not in LDIF format, what format is used. Any idea? (2) I can convert the String Object to Name or LdapName Object myself, but would like to know if I would be reinventing the wheel... is there any simple implementation which already does this and I can reuse it. — samshers, Jan 07 '18 at 09:33
@samshers The result of retreiving an LDAP attribute is either a `String` or a `byte[]`, as I have already stated, neither of which is a `Name` or `LdapName` as specified in your question. There can't be an implementation which does as you ask, as there is nothing in the LDAP schema specification that guarantees that an attribute value is a DN. So you have to execute a rather trivial conversion to `Name` or `LdapName` yourself, as I also already stated. — user207421, Jan 08 '18 at 09:13

How to query ldap to obtain user information as ldap objects not as a String

2 Answers2