Active Directory, JNDI, and retrieving Data

I am having a very difficult time getting my head around LDAP and how to use JNDI.  I have read all the examples and searched the net, but none of the examples ever work for me, no matter how much I manipulate them.  

I am trying to connect to a Windows Server 2003 and retrieve attributes for a particular user.  My company wants to use the Windows authentication for user's wishing to access employee only websites outside the company.  I need to use JNDI in my servlet to authenticate the user.  

This part I have accomplished (see code below).  But I also want to store/retrieve attributes concerning what privileges the user has (what menu's to display, etc.)  But when I attempt to call getAttributes() an error is thrown.  I am assuming it is my arguments in getAttributes, but I don't know what type of arguments to use what is required for it to work properly.  I have used as many variations as I can think of.  Is there a tool to connect to the Active Directory and explore?  I downloaded an ldap browser, which connects, but I can never get in to see anything of value (it asks for a Base DN which I think is the problem).  I have also tried to do searches which also result in an error of similar nature to the one below.

javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031006D9, data 0, 1 access points
      ref 1: 'int.mycompany.com'
]; remaining name 'cn=ngalloway,cn=users,DC=int,DC=mycompany,DC=com'
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2697)
      at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1268)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109)
      at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:121)
      at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:116)
      at com.pason.testapps.ldap.LDAPTest.main(LDAPTest.java:69)


/* The Code */

        try
        {
            Hashtable env = new Hashtable();

            env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
            env.put(Context.PROVIDER_URL, MY_HOST);
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, "ngalloway@mycompany.com");
            env.put(Context.SECURITY_CREDENTIALS, "mypassword");

            // Get a reference to a directory context
            System.out.println("Getting InitialDirContext");
            DirContext ctx = new InitialDirContext(env);

            Attributes answer = ctx.getAttributes("cn=ngalloway,cn=users,DC=int,DC=mycompany,DC=com");

            for (NamingEnumeration ae = answer.getAll(); ae.hasMore();)
            {
                Attribute attr = (Attribute)ae.next();
                System.out.print(" Attribute: " + attr.getID());
                //Print each value
                for(NamingEnumeration e = attr.getAll(); e.hasMore();)
                {
                    System.out.println(" Value: " + e.next());
                }
            }
ngallowayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nimaigCommented:
I got the same problem.

Putting  :

env.put(Context.REFERRAL, "follow");


solved the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ngallowayAuthor Commented:
Well this lets me authenticate.  My getAttributes just hangs there now and doesn't return.  On to that problem.  Thanks.
0
zhentingluCommented:
The solution doesn't fix my problem. In my case, user try to search from the root and the setting is: authentication.extension.ldap.user.baseDN=dc=dev, dc=com.  The following is the tree looklike.

dc=dev, dc=com  (root)
     USER
         u1

The search returned as "cn=u1, cn=USER".

NamingEnumeration ae = context.search(fBaseDN, queryFilter, s);
SearchResult result = (SearchResult)ae.next();
String userObjectName = result.getName();
if ( ae.hasMore() )              (Failed here and exception happens)
{
     ...................
}
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java EE

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.