ngalloway
asked on
Active Directory, JNDI, and retrieving Data
I am having a very difficult time getting my head around LDAP and how to use JNDI. I have read all the examples and searched the net, but none of the examples ever work for me, no matter how much I manipulate them.
I am trying to connect to a Windows Server 2003 and retrieve attributes for a particular user. My company wants to use the Windows authentication for user's wishing to access employee only websites outside the company. I need to use JNDI in my servlet to authenticate the user.
This part I have accomplished (see code below). But I also want to store/retrieve attributes concerning what privileges the user has (what menu's to display, etc.) But when I attempt to call getAttributes() an error is thrown. I am assuming it is my arguments in getAttributes, but I don't know what type of arguments to use what is required for it to work properly. I have used as many variations as I can think of. Is there a tool to connect to the Active Directory and explore? I downloaded an ldap browser, which connects, but I can never get in to see anything of value (it asks for a Base DN which I think is the problem). I have also tried to do searches which also result in an error of similar nature to the one below.
javax.naming.PartialResult Exception: [LDAP: error code 10 - 0000202B: RefErr: DSID-031006D9, data 0, 1 access points
ref 1: 'int.mycompany.com'
]; remaining name 'cn=ngalloway,cn=users,DC= int,DC=myc ompany,DC= com'
at com.sun.jndi.ldap.LdapCtx. processRet urnCode(Ld apCtx.java :2780)
at com.sun.jndi.ldap.LdapCtx. processRet urnCode(Ld apCtx.java :2697)
at com.sun.jndi.ldap.LdapCtx. c_getAttri butes(Ldap Ctx.java:1 268)
at com.sun.jndi.toolkit.ctx.C omponentDi rContext.p _getAttrib utes(Compo nentDirCon text.java: 213)
at com.sun.jndi.toolkit.ctx.P artialComp ositeDirCo ntext.getA ttributes( PartialCom positeDirC ontext.jav a:121)
at com.sun.jndi.toolkit.ctx.P artialComp ositeDirCo ntext.getA ttributes( PartialCom positeDirC ontext.jav a:109)
at javax.naming.directory.Ini tialDirCon text.getAt tributes(I nitialDirC ontext.jav a:121)
at javax.naming.directory.Ini tialDirCon text.getAt tributes(I nitialDirC ontext.jav a:116)
at com.pason.testapps.ldap.LD APTest.mai n(LDAPTest .java:69)
/* The Code */
try
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CO NTEXT_FACT ORY, INITCTX);
env.put(Context.PROVIDER_U RL, MY_HOST);
env.put(Context.SECURITY_A UTHENTICAT ION, "simple");
env.put(Context.SECURITY_P RINCIPAL, "ngalloway@mycompany.com") ;
env.put(Context.SECURITY_C REDENTIALS , "mypassword");
// Get a reference to a directory context
System.out.println("Gettin g InitialDirContext");
DirContext ctx = new InitialDirContext(env);
Attributes answer = ctx.getAttributes("cn=ngal loway,cn=u sers,DC=in t,DC=mycom pany,DC=co m");
for (NamingEnumeration ae = answer.getAll(); ae.hasMore();)
{
Attribute attr = (Attribute)ae.next();
System.out.print(" Attribute: " + attr.getID());
//Print each value
for(NamingEnumeration e = attr.getAll(); e.hasMore();)
{
System.out.println(" Value: " + e.next());
}
}
I am trying to connect to a Windows Server 2003 and retrieve attributes for a particular user. My company wants to use the Windows authentication for user's wishing to access employee only websites outside the company. I need to use JNDI in my servlet to authenticate the user.
This part I have accomplished (see code below). But I also want to store/retrieve attributes concerning what privileges the user has (what menu's to display, etc.) But when I attempt to call getAttributes() an error is thrown. I am assuming it is my arguments in getAttributes, but I don't know what type of arguments to use what is required for it to work properly. I have used as many variations as I can think of. Is there a tool to connect to the Active Directory and explore? I downloaded an ldap browser, which connects, but I can never get in to see anything of value (it asks for a Base DN which I think is the problem). I have also tried to do searches which also result in an error of similar nature to the one below.
javax.naming.PartialResult
ref 1: 'int.mycompany.com'
]; remaining name 'cn=ngalloway,cn=users,DC=
at com.sun.jndi.ldap.LdapCtx.
at com.sun.jndi.ldap.LdapCtx.
at com.sun.jndi.ldap.LdapCtx.
at com.sun.jndi.toolkit.ctx.C
at com.sun.jndi.toolkit.ctx.P
at com.sun.jndi.toolkit.ctx.P
at javax.naming.directory.Ini
at javax.naming.directory.Ini
at com.pason.testapps.ldap.LD
/* The Code */
try
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CO
env.put(Context.PROVIDER_U
env.put(Context.SECURITY_A
env.put(Context.SECURITY_P
env.put(Context.SECURITY_C
// Get a reference to a directory context
System.out.println("Gettin
DirContext ctx = new InitialDirContext(env);
Attributes answer = ctx.getAttributes("cn=ngal
for (NamingEnumeration ae = answer.getAll(); ae.hasMore();)
{
Attribute attr = (Attribute)ae.next();
System.out.print(" Attribute: " + attr.getID());
//Print each value
for(NamingEnumeration e = attr.getAll(); e.hasMore();)
{
System.out.println(" Value: " + e.next());
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The solution doesn't fix my problem. In my case, user try to search from the root and the setting is: authentication.extension.l dap.user.b aseDN=dc=d ev, dc=com. The following is the tree looklike.
dc=dev, dc=com (root)
USER
u1
The search returned as "cn=u1, cn=USER".
NamingEnumeration ae = context.search(fBaseDN, queryFilter, s);
SearchResult result = (SearchResult)ae.next();
String userObjectName = result.getName();
if ( ae.hasMore() ) (Failed here and exception happens)
{
...................
}
dc=dev, dc=com (root)
USER
u1
The search returned as "cn=u1, cn=USER".
NamingEnumeration ae = context.search(fBaseDN, queryFilter, s);
SearchResult result = (SearchResult)ae.next();
String userObjectName = result.getName();
if ( ae.hasMore() ) (Failed here and exception happens)
{
...................
}
ASKER