Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2844
  • Last Modified:

Authentication using Windows Credentials from a Java Web Application

I have a web application that runs under JBoss on a Linux server.  I need my users to be able to type their Windows username and password into the web form and be authenticated against the Windows Domain Controller.  I'm not particular to how this is done.  This could be done via LDAP, Kerberos, native NTLM calls from Java, etc.  It doesn't really matter to me how its done.  I basically have 3 requirements and as long as the solution meets the requirements points will be awarded.

Requirements:
1) The solution must authenticate the windows credentials and return the list of security groups the user is a member of (only if authentication is successful, otherwise send a failure message)
2) The solution must be cross platform.  Since I'm running on a Linux platform I can't use dll's or things that are Windows specific.  Ideally the solution will be pure Java.
3) The solution must work in both Firefox and IE (I'm not using, and can't use NTLM in IE for authentication).

Bonus points will be awarded for sample code that illustrates the solution.
0
maytawn
Asked:
maytawn
  • 10
  • 8
1 Solution
 
fargoCommented:
i think, the best bet for you is to use LDAP. All the given requirements can be fulfilled..
1) LDAP communication with java code and u can also search the Active Directory Groups.
2) It's java..definitely cross platform.
3) doesn't matter till you use the form based authentication

if u agree with it...we can provide u some code hints.
0
 
maytawnAuthor Commented:
I agree that its definately an option... as I pointed out in my original post.  What I need implementation guidance (read: sample code).  Something that is able to be tested and proven to work in my environment.  Based upon the quality of your answer and other possible solutions, points will be awarded.  I am very trustworthy... I will not stiff people.  Points will be awarded.
0
 
fargoCommented:
this code can be used to check the credentials against active directory. You have to change the host, port, path and mode as per your settings.

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

public final class LDAPAdapter {

    private java.util.Hashtable env = new java.util.Hashtable(5);

    private String m_sMode = "simple";
    private String m_sHost = "xx.xx.xx.xx";
    private String m_sPort = "xxx";
    private String m_sPath = "DC=app,DC=domainname,DC=local";

    private void init() {
        env.put(
            Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://" + m_sHost + ":" + m_sPort);
        env.put(Context.SECURITY_AUTHENTICATION, m_sMode);
    }

    public synchronized void checkCredentials(String user, String password) throws Exception
        {
        init();

        env.put(Context.SECURITY_PRINCIPAL, "cn=" + user + "," + m_sPath);
        env.put(Context.SECURITY_CREDENTIALS, password);

        // when check fails an exception is thrown
        DirContext ctx;
        try {
            ctx = new InitialDirContext(env);
            ctx.close();
        } catch (NamingException e) {
            throw new Exception("check failed");
        }

    }
}

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
fargoCommented:
following thread may help u regarding the groups retrieval etc.
http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150
0
 
maytawnAuthor Commented:
I am unable to make this sample code work.

Here are the mods that I have made:
     private String m_sMode = "simple";
    private String m_sHost = "10.1.1.10";
    private String m_sPort = "389";
    private String m_sPath = "DC=users,DC=briesosystems,DC=com";

10.1.1.10 is a Windows 2003 DC listening on ldap port 389.

I have tried mutliple user/password combinations, but all throw the exception.

I made a slight modification to the code you posted to capture the true exception
        } catch (NamingException e) {
            e.printStackTrace();
            throw new Exception("check failed");
        }

This is what is thrown:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
      at javax.naming.InitialContext.init(InitialContext.java:223)
      at javax.naming.InitialContext.<init>(InitialContext.java:197)
      at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
      at LDAPAdapter.checkCredentials(LDAPAdapter.java:30)
      at LDAPTest.main(LDAPTest.java:10)
0
 
fargoCommented:
try having security principal as follows...
(Context.SECURITY_PRINCIPAL,"user@domain.com");

In my setup, it works fine. I do not know if it depends upon active directory setup..check out with some IT guy

0
 
fargoCommented:
also try
(Context.SECURITY_PRINCIPAL,domain+"\\"+user);
0
 
maytawnAuthor Commented:
This idea definately shows promise.  I have been able to succesfully authenticate using the (Context.SECURITY_PRINCIPAL,"user@domain.com") method.  However, I am running into several other issues while trying to get the group information.  The main problem that I am having stems from the fact that I do not know the LDAP path of the user that is being authenticated.  user@domain.com works well, but in order to do a memberOf search I need to provide the proper search filter which is the full LDAP path to the user.  My users are spread out into different OU's so there isn't an easy way to derive this.
0
 
fargoCommented:
ok. let's try this. The key here is objectclass=* this will search everything related to the cn (// change accordingly)..this will list out all the attributes and it's values. Then see what u need and make ur filter adjusted.

try {
        DirContext ctx = new InitialDirContext(env);
        String[] attrIDs = {"cn", "name"}; // change accordingly
        SearchControls constraints = new SearchControls();
        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        constraints.setReturningAttributes(attrIDs);
        System.out.println("time: " + constraints.getTimeLimit());

        NamingEnumeration results
            = ctx.search(baseDN, "(objectclass=*)", constraints);

        int i = 0;
        while (results != null && results.hasMore()) {
            SearchResult si = (SearchResult)results.next();
            i++;

            Attributes attrs = si.getAttributes();
            if (attrs == null) {
                System.out.println("No attributes");
            } else {
                /* print each attribute */

                for (NamingEnumeration ae = attrs.getAll();
                     ae.hasMoreElements();) {
                    Attribute attr = (Attribute)ae.next();
                    String attrId = attr.getID();

                    /* print each value */
                    for (Enumeration vals = attr.getAll();
                         vals.hasMoreElements();
                         System.out.println(attrId + " = " + vals.nextElement()));
                }
            }
            System.out.println();
        }
        ctx.close();
    } catch (NamingException e) {
        e.printStackTrace();
    }
0
 
maytawnAuthor Commented:
Is the "name" the username or the full name?

i.e jboyd vs. Jeremy Boyd
0
 
maytawnAuthor Commented:
Did I do something wrong?  I'm using String[] attrIDs = {"cn", "Jeremy Boyd"}; and "DC=briesosystems,DC=com" for the baseDN.  Below is the output I get.

13:05:00,367 INFO  [STDOUT] cn = Computers
13:05:00,367 INFO  [STDOUT] cn = VIPER
13:05:00,367 INFO  [STDOUT] cn = System
13:05:00,367 INFO  [STDOUT] cn = RID Manager$
13:05:00,382 INFO  [STDOUT] cn = Users
13:05:00,382 INFO  [STDOUT] cn = LostAndFound
13:05:00,382 INFO  [STDOUT] cn = Infrastructure
13:05:00,382 INFO  [STDOUT] cn = ForeignSecurityPrincipals
13:05:00,382 INFO  [STDOUT] cn = Program Data
13:05:00,382 INFO  [STDOUT] cn = Microsoft
13:05:00,382 INFO  [STDOUT] cn = NTDS Quotas
13:05:00,382 INFO  [STDOUT] cn = WinsockServices
13:05:00,382 INFO  [STDOUT] cn = RpcServices
13:05:00,382 INFO  [STDOUT] cn = FileLinks
13:05:00,382 INFO  [STDOUT] cn = VolumeTable
13:05:00,382 INFO  [STDOUT] cn = ObjectMoveTable
13:05:00,382 INFO  [STDOUT] cn = Default Domain Policy
13:05:00,382 INFO  [STDOUT] cn = AppCategories
13:05:00,382 INFO  [STDOUT] cn = Meetings
13:05:00,382 INFO  [STDOUT] cn = RAS and IAS Servers Access Check
13:05:00,382 INFO  [STDOUT] cn = File Replication Service
13:05:00,382 INFO  [STDOUT] cn = Dfs-Configuration
13:05:00,398 INFO  [STDOUT] cn = Guest
13:05:00,398 INFO  [STDOUT] cn = Builtin
13:05:00,398 INFO  [STDOUT] cn = MSRADIUSPRIVKEY Secret
13:05:00,398 INFO  [STDOUT] cn = Domain Computers
13:05:00,398 INFO  [STDOUT] cn = Domain Users
13:05:00,398 INFO  [STDOUT] cn = Users
13:05:00,398 INFO  [STDOUT] cn = ASPNET
13:05:00,398 INFO  [STDOUT] cn = S-1-5-4
13:05:00,398 INFO  [STDOUT] cn = S-1-5-11
13:05:00,398 INFO  [STDOUT] cn = Domain Guests
13:05:00,398 INFO  [STDOUT] cn = Group Policy Creator Owners
13:05:00,398 INFO  [STDOUT] cn = Administrator
13:05:00,398 INFO  [STDOUT] cn = BCKUPKEY_28a75146-f16b-4d91-a3f8-74de79dc18cd Secret
13:05:00,398 INFO  [STDOUT] cn = BCKUPKEY_P Secret
13:05:00,398 INFO  [STDOUT] cn = RAS and IAS Servers
13:05:00,398 INFO  [STDOUT] cn = Policies
13:05:00,398 INFO  [STDOUT] cn = {31B2F340-016D-11D2-945F-00C04FB984F9}
13:05:00,398 INFO  [STDOUT] cn = User
13:05:00,398 INFO  [STDOUT] cn = {6AC1786C-016F-11D2-945F-00C04fB984F9}
13:05:00,414 INFO  [STDOUT] cn = User
13:05:00,414 INFO  [STDOUT] cn = Machine
13:05:00,414 INFO  [STDOUT] cn = Machine
13:05:00,414 INFO  [STDOUT] cn = IP Security
13:05:00,414 INFO  [STDOUT] cn = ipsecPolicy{72385230-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecNFA{72385232-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17}
13:05:00,414 INFO  [STDOUT] cn = ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17}
13:05:00,414 INFO  [STDOUT] cn = ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecFilter{7238523A-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17}
13:05:00,414 INFO  [STDOUT] cn = ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecFilter{72385235-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17}
13:05:00,414 INFO  [STDOUT] cn = ipsecPolicy{72385236-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17}
13:05:00,414 INFO  [STDOUT] cn = ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17}
13:05:00,414 INFO  [STDOUT] cn = ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000}
13:05:00,414 INFO  [STDOUT] cn = ipsecNFA{7238523E-70FA-11D1-864C-14A300000000}
13:05:00,429 INFO  [STDOUT] cn = ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17}
13:05:00,429 INFO  [STDOUT] cn = ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17}
13:05:00,429 INFO  [STDOUT] cn = ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000}
13:05:00,429 INFO  [STDOUT] cn = ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17}
13:05:00,429 INFO  [STDOUT] cn = AdminSDHolder
13:05:00,429 INFO  [STDOUT] cn = Server
13:05:00,429 INFO  [STDOUT] cn = Cert Publishers
13:05:00,429 INFO  [STDOUT] cn = Enterprise Admins
13:05:00,429 INFO  [STDOUT] cn = Jeremy Boyd
13:05:00,429 INFO  [STDOUT] cn = Schema Admins
13:05:00,429 INFO  [STDOUT] cn = Domain Admins
13:05:00,429 INFO  [STDOUT] cn = Replicator
13:05:00,429 INFO  [STDOUT] cn = Backup Operators
13:05:00,429 INFO  [STDOUT] cn = Print Operators
13:05:00,429 INFO  [STDOUT] cn = Server Operators
13:05:00,429 INFO  [STDOUT] cn = Administrators
13:05:00,429 INFO  [STDOUT] cn = Account Operators
13:05:00,429 INFO  [STDOUT] cn = krbtgt
13:05:00,429 INFO  [STDOUT] cn = Domain Controllers
13:05:00,429 INFO  [STDOUT] cn = Guests
13:05:00,429 INFO  [STDOUT] cn = TsInternetUser
13:05:00,429 INFO  [STDOUT] cn = Remote Desktop Users
13:05:00,429 INFO  [STDOUT] cn = Network Configuration Operators
13:05:00,429 INFO  [STDOUT] cn = Incoming Forest Trust Builders
13:05:00,429 INFO  [STDOUT] cn = Performance Monitor Users
13:05:00,429 INFO  [STDOUT] cn = Terminal Server License Servers
13:05:00,429 INFO  [STDOUT] cn = Pre-Windows 2000 Compatible Access
13:05:00,429 INFO  [STDOUT] cn = Performance Log Users
13:05:00,445 INFO  [STDOUT] cn = S-1-5-20
13:05:00,445 INFO  [STDOUT] cn = Windows Authorization Access Group
13:05:00,445 INFO  [STDOUT] cn = S-1-5-9
13:05:00,445 INFO  [STDOUT] cn = DHCP Users
13:05:00,445 INFO  [STDOUT] cn = DHCP Administrators
13:05:00,445 INFO  [STDOUT] cn = Domain System Volume (SYSVOL share)
13:05:00,445 INFO  [STDOUT] cn = DnsAdmins
13:05:00,445 INFO  [STDOUT] cn = DnsUpdateProxy
13:05:00,445 INFO  [STDOUT] cn = MicrosoftDNS
13:05:00,445 INFO  [STDOUT] cn = Zone
13:05:00,445 INFO  [STDOUT] cn = Zone
13:05:00,445 INFO  [STDOUT] cn = Exchange Enterprise Servers
13:05:00,461 INFO  [STDOUT] cn = Exchange Domain Servers
13:05:00,461 INFO  [STDOUT] cn = _Web Anonymous Users
13:05:00,461 INFO  [STDOUT] cn = _Web Applications
13:05:00,461 INFO  [STDOUT] cn = Zone
13:05:00,461 INFO  [STDOUT] cn = Christine Boyd
13:05:00,461 INFO  [STDOUT] cn = DomainUpdates
13:05:00,461 INFO  [STDOUT] cn = Operations
13:05:00,461 INFO  [STDOUT] cn = WMIPolicy
13:05:00,461 INFO  [STDOUT] cn = ab402345-d3c3-455d-9ff7-40268a1099b6
13:05:00,461 INFO  [STDOUT] cn = ComPartitions
13:05:00,461 INFO  [STDOUT] cn = bab5f54d-06c8-48de-9b87-d78b796564e4
13:05:00,461 INFO  [STDOUT] cn = ComPartitionSets
13:05:00,461 INFO  [STDOUT] cn = f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5
13:05:00,461 INFO  [STDOUT] cn = 2416c60a-fe15-4d7a-a61e-dffd5df864d3
13:05:00,461 INFO  [STDOUT] cn = 7868d4c8-ac41-4e05-b401-776280e8e9f1
13:05:00,461 INFO  [STDOUT] cn = 860c36ed-5241-4c62-a18b-cf6ff9994173
13:05:00,461 INFO  [STDOUT] cn = 0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e
13:05:00,461 INFO  [STDOUT] cn = a86fe12a-0f62-4e2a-b271-d27f601f8182
13:05:00,461 INFO  [STDOUT] cn = d85c0bfd-094f-4cad-a2b5-82ac9268475d
13:05:00,461 INFO  [STDOUT] cn = 6ada9ff7-c9df-45c1-908e-9fef2fab008a
13:05:00,461 INFO  [STDOUT] cn = 10b3ad2a-6883-4fa7-90fc-6377cbdc1b26
13:05:00,461 INFO  [STDOUT] cn = 98de1d3e-6611-443b-8b4e-f4337f1ded0b
13:05:00,461 INFO  [STDOUT] cn = f607fd87-80cf-45e2-890b-6cf97ec0e284
13:05:00,461 INFO  [STDOUT] cn = 9cac1f66-2167-47ad-a472-2a13251310e4
13:05:00,461 INFO  [STDOUT] cn = 6ff880d6-11e7-4ed1-a20f-aac45da48650
13:05:00,476 INFO  [STDOUT] cn = 446f24ea-cfd5-4c52-8346-96e170bcb912
13:05:00,476 INFO  [STDOUT] cn = 293f0798-ea5c-4455-9f5d-45f33a30703b
13:05:00,476 INFO  [STDOUT] cn = 5c82b233-75fc-41b3-ac71-c69592e6bf15
13:05:00,476 INFO  [STDOUT] cn = 4dfbb973-8a62-4310-a90c-776e00f83222
13:05:00,476 INFO  [STDOUT] cn = 8437c3d8-7689-4200-bf38-79e4ac33dfa0
13:05:00,476 INFO  [STDOUT] cn = 7cfb016c-4f87-4406-8166-bd9df943947f
13:05:00,476 INFO  [STDOUT] cn = f7ed4553-d82b-49ef-a839-2f38a36bb069
13:05:00,476 INFO  [STDOUT] cn = SOM
13:05:00,476 INFO  [STDOUT] cn = 8ca38317-13a4-4bd4-806f-ebed6acb5d0c
13:05:00,476 INFO  [STDOUT] cn = 3c784009-1f57-4e2a-9b04-6915c9e71961
13:05:00,476 INFO  [STDOUT] cn = 6bcd5678-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd5679-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd567a-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd567b-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd567c-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd567d-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd567e-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd567f-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd5680-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd5681-8314-11d6-977b-00c04f613221
13:05:00,476 INFO  [STDOUT] cn = 6bcd5682-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5683-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5684-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5685-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5686-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5687-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5688-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd5689-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd568a-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd568b-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd568c-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 6bcd568d-8314-11d6-977b-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 3051c66f-b332-4a73-9a20-2d6a7d6e6a1c
13:05:00,492 INFO  [STDOUT] cn = 3e4f4182-ac5d-4378-b760-0eab2de593e2
13:05:00,492 INFO  [STDOUT] cn = c4f17608-e611-11d6-9793-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = 13d15cf0-e6c8-11d6-9793-00c04f613221
13:05:00,492 INFO  [STDOUT] cn = Windows2003Update
13:05:00,492 INFO  [STDOUT] cn = VIPER2
13:05:00,492 INFO  [STDOUT] cn = DC3C38CC56934282B0D3903F43CF6684
13:05:00,492 INFO  [STDOUT] cn = JEREMY-LAPTOP
13:05:00,492 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528D1D27D0B6B6511D9B03C005056C00008
13:05:00,492 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528714A4F7ABB9011D9BAAA005056C00008
13:05:00,492 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528041212DDF59911D8B028006008038C5F
13:05:00,492 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528041212F2F59911D8B028006008038C5F
13:05:00,492 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528041212D6F59911D8B028006008038C5F
13:05:00,492 INFO  [STDOUT] cn = 6283B63ED4D44C8F9633B76C3306AE56
13:05:00,492 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A52899EF876924A211D9B030005056C00008
13:05:00,492 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E6070C0C82687B8411D9B41E005004A44CED
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528FB5A18577D6D11D9B044005056C00008
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528982121080DF011D9B02B006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528982121070DF011D9B02B006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A52899EF872824A211D9B030005056C00008
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287D305C86153211D8B002006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528675F2FDB349B11D8B006006008038C5F
13:05:00,507 INFO  [STDOUT] cn = D0C820F0FBFE4DEAA541D9DE7E6E8EB957B91765C33C11D99FD8005056C00008
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528DFADA98B82BD11D9B049005056C00008
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528DFADA98C82BD11D9B049005056C00008
13:05:00,507 INFO  [STDOUT] cn = F20AFC0A0E9A46FEBB9270CC54E7FB2E947421A487C211D9B421005004A44CED
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528384A65CB58CE11D8B009006008038C5F
13:05:00,507 INFO  [STDOUT] cn = 6283B63ED4D44C8F9633B76C3306AE56A69330A2DCF811D79FF40050DAD88125
13:05:00,507 INFO  [STDOUT] cn = F20AFC0A0E9A46FEBB9270CC54E7FB2E
13:05:00,507 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E607
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B0884E41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B0888E41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B088BE41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B088DE41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B088FE41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B0891E41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B0893E41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5287B7B0895E41A11D8B021006008038C5F
13:05:00,507 INFO  [STDOUT] cn = F20AFC0A0E9A46FEBB9270CC54E7FB2EF487B2FAE50211D8B40E005004A44CED
13:05:00,507 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A5283552EE401D3111D9B02E006008038C5F
13:05:00,507 INFO  [STDOUT] cn = F20AFC0A0E9A46FEBB9270CC54E7FB2EB1CDE81961DC11D8B3FB005004A44CED
13:05:00,507 INFO  [STDOUT] cn = F20AFC0A0E9A46FEBB9270CC54E7FB2EB1CDE81861DC11D8B3FB005004A44CED
13:05:00,507 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C118F411D9B411005004A44CED
13:05:00,507 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E607DF1BB2E7CC8E11D7B3EE005004A44CED
13:05:00,507 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5BC18F411D9B411005004A44CED
13:05:00,507 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C318F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C418F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C218F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C918F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5CE18F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C718F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5CC18F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5D018F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5CA18F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5C518F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5BF18F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5BD18F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5B818F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5D218F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5B618F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60738D7A5BA18F411D9B411005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E607513B1CA816C211D8B3F7005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E60717F0DD94468311D9B418005004A44CED
13:05:00,523 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528F58A6F673BE011D9B033005056C00008
13:05:00,523 INFO  [STDOUT] cn = 5B875ECE701049F9B21633E50144E607CEF6E9B4E52F11D7B3F0005004A44CED
13:05:00,523 INFO  [STDOUT] cn = 1BF69484F6D4467883819637527AC1D3
13:05:00,523 INFO  [STDOUT] cn = JESTER
13:05:00,523 INFO  [STDOUT] cn = SLIDER
13:05:00,523 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528B03722C748CC11DABAD2005056C00008
13:05:00,523 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528B037217448CC11DABAD2005056C00008
13:05:00,523 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528A5D61053540711DA8865005056C00008
13:05:00,523 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528
13:05:00,523 INFO  [STDOUT] cn = CD12023C0595493CB93D1BDE4E67A528A5D61055540711DA8865005056C00008
13:05:00,554 INFO  [STDOUT] cn = QT_Counter
13:05:00,554 INFO  [STDOUT] cn = 00000000000000000000000000000000
13:05:00,554 INFO  [STDOUT] cn = IIS_WPG
13:05:00,554 INFO  [STDOUT] cn = 6E157EDF-4E72-4052-A82A-EC3F91021A22
13:05:00,570 INFO  [STDOUT] cn = VIPER
13:05:00,570 INFO  [STDOUT] cn = NTFRS Subscriptions
13:05:00,570 INFO  [STDOUT] cn = Domain System Volume (SYSVOL share)
13:05:00,570 INFO  [STDOUT] cn = RID Set
13:05:00,570 INFO  [STDOUT] cn = IWAM_VIPER
13:05:00,570 INFO  [STDOUT] cn = IUSR_VIPER
13:05:00,586 INFO  [STDOUT] cn = WINS Users
13:05:00,586 INFO  [STDOUT] cn = OWS_1086090938_admin
13:05:00,586 INFO  [STDOUT] cn = BCKUPKEY_0c87b82e-97e2-4455-8e64-200fff6c2a4b Secret
13:05:00,586 INFO  [STDOUT] cn = BCKUPKEY_PREFERRED Secret
13:05:00,586 INFO  [STDOUT] cn = Power User Templates
13:05:00,586 INFO  [STDOUT] cn = Administrator Templates
13:05:00,586 INFO  [STDOUT] cn = Fax Operators
13:05:00,586 INFO  [STDOUT] cn = Folder Operators
13:05:00,586 INFO  [STDOUT] cn = Mail Operators
13:05:00,586 INFO  [STDOUT] cn = Remote Operators
13:05:00,586 INFO  [STDOUT] cn = SharePoint Administrators
13:05:00,586 INFO  [STDOUT] cn = Domain Power Users
13:05:00,586 INFO  [STDOUT] cn = Usage Report Users
13:05:00,586 INFO  [STDOUT] cn = Mobile Users
13:05:00,586 INFO  [STDOUT] cn = Remote Web Workplace Users
13:05:00,586 INFO  [STDOUT] cn = Mobile User Template
13:05:00,586 INFO  [STDOUT] cn = User Template
13:05:00,586 INFO  [STDOUT] cn = Power User Template
13:05:00,586 INFO  [STDOUT] cn = Administrator Template
13:05:00,586 INFO  [STDOUT] cn = Backup User
13:05:00,586 INFO  [STDOUT] cn = STS Worker
13:05:00,586 INFO  [STDOUT] cn = Microsoft Exchange System Objects
13:05:00,586 INFO  [STDOUT] cn = {C3938BA1-5908-4A2F-AD23-1F64829E9D8B}
13:05:00,601 INFO  [STDOUT] cn = Machine
13:05:00,601 INFO  [STDOUT] cn = User
13:05:00,601 INFO  [STDOUT] cn = {E1696EA8-B0EA-4847-8B0A-A4A942F37831}
13:05:00,601 INFO  [STDOUT] cn = Machine
13:05:00,601 INFO  [STDOUT] cn = User
13:05:00,601 INFO  [STDOUT] cn = {45646EA2-0108-4100-A31F-2A03334647EE}
13:05:00,601 INFO  [STDOUT] cn = Machine
13:05:00,601 INFO  [STDOUT] cn = User
13:05:00,601 INFO  [STDOUT] cn = {F293AA90-B10B-4B9F-9902-60BA63ABE32C}
13:05:00,601 INFO  [STDOUT] cn = Machine
13:05:00,601 INFO  [STDOUT] cn = User
13:05:00,601 INFO  [STDOUT] cn = STS_WPG
13:05:00,601 INFO  [STDOUT] cn = VIPER-Fax
13:05:00,601 INFO  [STDOUT] cn = SystemMailbox{0D888422-2C73-44F7-85B5-836AF823C1D9}
13:05:00,601 INFO  [STDOUT] cn = Schedule+ Free Busy Information - first administrative group
13:05:00,601 INFO  [STDOUT] cn = Offline Address Book - first administrative group
13:05:00,601 INFO  [STDOUT] cn = Offline Address Book - /o=BRIESOSYSTEMS/cn=addrlists/cn=oabs/cn=
13:05:00,601 INFO  [STDOUT] cn = StoreEvents{4360AC91-6EC2-4C16-BF5E-99B325211536}
13:05:00,601 INFO  [STDOUT] cn = internal
13:05:00,601 INFO  [STDOUT] cn = globalevents
13:05:00,601 INFO  [STDOUT] cn = schema-root
13:05:00,601 INFO  [STDOUT] cn = Default
13:05:00,601 INFO  [STDOUT] cn = exchangeV1
13:05:00,601 INFO  [STDOUT] cn = microsoft
13:05:00,601 INFO  [STDOUT] cn = OWAScratchPad{4360AC91-6EC2-4C16-BF5E-99B325211536}
13:05:00,601 INFO  [STDOUT] cn = {AC11D08E-22D8-470B-B0D6-567E905D6205}
13:05:00,601 INFO  [STDOUT] cn = Machine
13:05:00,601 INFO  [STDOUT] cn = User
13:05:00,601 INFO  [STDOUT] cn = BriesoSystems
13:05:00,601 INFO  [STDOUT] cn = BriesoSystems Archive
13:05:00,601 INFO  [STDOUT] cn = OAB Version 2
13:05:00,601 INFO  [STDOUT] cn = OAB Version 3a
13:05:00,601 INFO  [STDOUT] cn = BriesoSystems Contacts
13:05:00,601 INFO  [STDOUT] cn = VIPER-HP LaserJet 4000
13:05:00,601 INFO  [STDOUT] cn = Distributed COM Users
13:05:00,601 INFO  [STDOUT] cn = Offer Remote Assistance Helpers
13:05:00,601 INFO  [STDOUT] cn = TelnetClients
13:05:00,601 INFO  [STDOUT] cn = OAB Version 4
13:05:00,601 INFO  [STDOUT] cn = {422D8BF5-05EE-4AD5-839E-E891357AB1D7}
13:05:00,601 INFO  [STDOUT] cn = Machine
13:05:00,601 INFO  [STDOUT] cn = User
13:05:00,617 INFO  [STDOUT] cn = {929B6BF5-BC3F-4A48-87ED-E3471340DFF3}
13:05:00,617 INFO  [STDOUT] cn = {A66BB552-7612-43FE-8022-8F54CEAC5156}
13:05:00,617 INFO  [STDOUT] cn = Machine
13:05:00,617 INFO  [STDOUT] cn = User
13:05:00,617 INFO  [STDOUT] cn = {6A034C18-6705-465F-9F89-DC1D75A6DD3E}
13:05:00,617 INFO  [STDOUT] cn = RouterIdentity
13:05:00,617 INFO  [STDOUT] cn = CERTSVC_DCOM_ACCESS
13:05:00,617 INFO  [STDOUT] cn = BEServer
13:05:00,617 INFO  [STDOUT] cn = {4DE46C79-DA29-4130-9476-7E654799F4C9}
13:05:00,617 INFO  [STDOUT] cn = Machine
13:05:00,617 INFO  [STDOUT] cn = User
13:05:00,617 INFO  [STDOUT] cn = {F690E6FE-DB75-480C-800D-18B3DD8F6725}
13:05:00,617 INFO  [STDOUT] cn = Machine
13:05:00,617 INFO  [STDOUT] cn = User
13:05:00,617 INFO  [STDOUT] cn = {6EBA205C-19B4-43E0-982A-F0949E3DD6E0}
13:05:00,617 INFO  [STDOUT] cn = Machine
13:05:00,617 INFO  [STDOUT] cn = User
13:05:00,632 INFO  [STDOUT] cn = DCS_VIPER
13:05:00,632 INFO  [STDOUT] cn = CHRIS-LAPTOP
13:05:00,632 INFO  [STDOUT] cn = ldaptest
13:05:00,632 INFO  [STDOUT] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=briesosystems,DC=com'
13:05:00,632 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
13:05:00,632 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
13:05:00,632 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
13:05:00,632 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
13:05:00,632 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
13:05:00,632 INFO  [STDOUT]       at LDAPAdapter.dump(LDAPAdapter.java:144)
13:05:00,632 INFO  [STDOUT]       at LDAPAdapter.checkCredentials(LDAPAdapter.java:49)
13:05:00,632 INFO  [STDOUT]       at LDAPServlet.doPost(LDAPServlet.java:44)
13:05:00,632 INFO  [STDOUT]       at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
13:05:00,632 INFO  [STDOUT]       at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
13:05:00,632 INFO  [STDOUT]       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
13:05:00,632 INFO  [STDOUT]       at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
13:05:00,632 INFO  [STDOUT]       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
13:05:00,632 INFO  [STDOUT]       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
13:05:00,632 INFO  [STDOUT]       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
13:05:00,632 INFO  [STDOUT]       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
13:05:00,632 INFO  [STDOUT]       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
13:05:00,632 INFO  [STDOUT]       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
13:05:00,632 INFO  [STDOUT]       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
13:05:00,632 INFO  [STDOUT]       at java.lang.Thread.run(Thread.java:595)
0
 
fargoCommented:
ok. it returns the complete list of the users. hmmm..we need to fix the search filter then. Can you just filter make a filter to objectClass=group instead of objectClass=*

also this String[] attrIDs = {"cn", "mail"}; i was wrong with my last post of saying to change it. Let's have cn and mail as attributes.

the exception is fine because ldap sent back a partial set not the full one.


0
 
maytawnAuthor Commented:
Here's what I get now with String[] attrIDs = {"cn", "mail"} and (objectclass=group)

09:06:38,721 INFO  [STDOUT] cn = Domain Computers
09:06:38,721 INFO  [STDOUT] cn = Domain Users
09:06:38,721 INFO  [STDOUT] cn = Users
09:06:38,721 INFO  [STDOUT] cn = Domain Guests
09:06:38,721 INFO  [STDOUT] cn = Group Policy Creator Owners
09:06:38,721 INFO  [STDOUT] cn = RAS and IAS Servers
09:06:38,736 INFO  [STDOUT] cn = Cert Publishers
09:06:38,736 INFO  [STDOUT] cn = Enterprise Admins
09:06:38,736 INFO  [STDOUT] cn = Schema Admins
09:06:38,736 INFO  [STDOUT] cn = Domain Admins
09:06:38,736 INFO  [STDOUT] cn = Replicator
09:06:38,736 INFO  [STDOUT] cn = Backup Operators
09:06:38,736 INFO  [STDOUT] cn = Print Operators
09:06:38,736 INFO  [STDOUT] cn = Server Operators
09:06:38,736 INFO  [STDOUT] cn = Administrators
09:06:38,736 INFO  [STDOUT] cn = Account Operators
09:06:38,736 INFO  [STDOUT] cn = Domain Controllers
09:06:38,736 INFO  [STDOUT] cn = Guests
09:06:38,752 INFO  [STDOUT] cn = Remote Desktop Users
09:06:38,752 INFO  [STDOUT] cn = Network Configuration Operators
09:06:38,752 INFO  [STDOUT] cn = Incoming Forest Trust Builders
09:06:38,752 INFO  [STDOUT] cn = Performance Monitor Users
09:06:38,752 INFO  [STDOUT] cn = Terminal Server License Servers
09:06:38,752 INFO  [STDOUT] cn = Pre-Windows 2000 Compatible Access
09:06:38,752 INFO  [STDOUT] cn = Performance Log Users
09:06:38,752 INFO  [STDOUT] cn = Windows Authorization Access Group
09:06:38,768 INFO  [STDOUT] cn = DHCP Users
09:06:38,768 INFO  [STDOUT] cn = DHCP Administrators
09:06:38,768 INFO  [STDOUT] cn = DnsAdmins
09:06:38,768 INFO  [STDOUT] cn = DnsUpdateProxy
09:06:38,768 INFO  [STDOUT] cn = Exchange Enterprise Servers
09:06:38,768 INFO  [STDOUT] cn = Exchange Domain Servers
09:06:38,768 INFO  [STDOUT] cn = _Web Anonymous Users
09:06:38,768 INFO  [STDOUT] cn = _Web Applications
09:06:38,768 INFO  [STDOUT] cn = IIS_WPG
09:06:38,768 INFO  [STDOUT] cn = WINS Users
09:06:38,768 INFO  [STDOUT] cn = OWS_1086090938_admin
09:06:38,768 INFO  [STDOUT] cn = Power User Templates
09:06:38,768 INFO  [STDOUT] cn = Administrator Templates
09:06:38,768 INFO  [STDOUT] cn = Fax Operators
09:06:38,768 INFO  [STDOUT] cn = Folder Operators
09:06:38,768 INFO  [STDOUT] cn = Mail Operators
09:06:38,768 INFO  [STDOUT] cn = Remote Operators
09:06:38,768 INFO  [STDOUT] cn = SharePoint Administrators
09:06:38,768 INFO  [STDOUT] cn = Domain Power Users
09:06:38,768 INFO  [STDOUT] cn = Usage Report Users
09:06:38,768 INFO  [STDOUT] cn = Mobile Users
09:06:38,768 INFO  [STDOUT] cn = Remote Web Workplace Users
09:06:38,768 INFO  [STDOUT] cn = STS_WPG
09:06:38,768 INFO  [STDOUT] mail = BRIESOSYSTEMS@briesosystems.com
09:06:38,768 INFO  [STDOUT] cn = BriesoSystems
09:06:38,768 INFO  [STDOUT] cn = Distributed COM Users
09:06:38,783 INFO  [STDOUT] cn = Offer Remote Assistance Helpers
09:06:38,783 INFO  [STDOUT] cn = TelnetClients
09:06:38,783 INFO  [STDOUT] cn = CERTSVC_DCOM_ACCESS
09:06:38,783 INFO  [STDOUT] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=briesosystems,DC=com'
09:06:38,783 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
09:06:38,783 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
09:06:38,783 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
09:06:38,783 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
09:06:38,783 INFO  [STDOUT]       at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
09:06:38,783 INFO  [STDOUT]       at LDAPAdapter.dump(LDAPAdapter.java:149)
09:06:38,783 INFO  [STDOUT]       at LDAPAdapter.checkCredentials(LDAPAdapter.java:50)
09:06:38,783 INFO  [STDOUT]       at LDAPServlet.doPost(LDAPServlet.java:51)
09:06:38,783 INFO  [STDOUT]       at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
09:06:38,783 INFO  [STDOUT]       at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
09:06:38,783 INFO  [STDOUT]       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
09:06:38,783 INFO  [STDOUT]       at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
09:06:38,783 INFO  [STDOUT]       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
09:06:38,783 INFO  [STDOUT]       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
09:06:38,783 INFO  [STDOUT]       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
09:06:38,783 INFO  [STDOUT]       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
09:06:38,783 INFO  [STDOUT]       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
09:06:38,783 INFO  [STDOUT]       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
09:06:38,783 INFO  [STDOUT]       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
09:06:38,783 INFO  [STDOUT]       at java.lang.Thread.run(Thread.java:595)
0
 
fargoCommented:
these are the groups in active directory. correct? what r u asking then?
0
 
maytawnAuthor Commented:
I need the groups that the user is a member of... not all the groups that are in AD.  See my original requirements.
0
 
fargoCommented:
i thought..u can work that out. here is the final code

    public synchronized List getGroups(String userName) throws NamingException
    {
          
          List groups = new ArrayList();
        // initialise
        init();
        // Create the initial directory context
        LdapContext ctx = new InitialLdapContext(env, null);

        //Create the search controls
        SearchControls searchCtls = new SearchControls();

        //Specify the search scope
        searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

        //specify the LDAP search filter
        String searchFilter = "(&(objectClass=group))";

        try
        {

            // get the DN name for the group defined
            String result = getSearchResult(ctx, baseDN, searchFilter,
                    searchCtls);
            if (result != null)
            {
                searchFilter = "(&(objectClass=person) (&(memberOf=" + result
                        + "," + baseDN+ ")) (sAMAccountName=" + userName
                        + "))";

                //Search for objects using the filter
                NamingEnumeration answer = ctx.search(baseDN, searchFilter,
                        searchCtls);
                System.out.println("Searching with filter-" + searchFilter);
                //Loop through the search results
                while (answer.hasMoreElements())
                {
                   SearchResult sr = (SearchResult) answer.next();
                    groups.add(sr.getName());
                }
            }
            else
            {
                System.out.println("No Search Result available for -"
                        + searchFilter);
            }
        }
        catch (Exception ex)
        {

        }
        finally
        {
            ctx.close();
        }

        return groups;
    }
0
 
maytawnAuthor Commented:
Sorry... I know very little about LDAP... so I'm having trouble navigating its complexities.

I'm having a problem with the code that you posted.  The compiler doesn't like the following line:

String result = getSearchResult(ctx, baseDN, searchFilter, searchCtls);

The error is: The method getSearchResult(LdapContext, String, String, SearchControls) is undefined for the
 type LDAPAdapter (LDAP adapter is my class name)

It looks like there may be a method that is missing from your post.
0
 
fargoCommented:
ok. After a little bit of coding i came with the following...it works fine for me. Add the following methods to your LDAPAdapter class

      public synchronized List getGroups(String userName) throws NamingException {

            // initialise
            init();

            // to hold groups
            List finalList = new ArrayList();

            // Create the initial directory context
            LdapContext ctx = new InitialLdapContext(env, null);

            // Create the search controls
            SearchControls searchCtls = new SearchControls();

            // Specify the search scope
            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

            // specify the LDAP search filter
            String searchFilter = "(&(objectClass=group) )";

            try {
                  List results = new ArrayList();
                  // Create the search controls
                  SearchControls srcCtls = new SearchControls();
                  srcCtls.setReturningAttributes(new String[] { "samAccountName" });
                  srcCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

                  // Search for objects using the filter
                  NamingEnumeration answer = ctx.search(searchBase, searchFilter,
                              srcCtls);
                  // Loop through the search results
                  while (answer.hasMoreElements()) {
                        GroupBean bean = new GroupBean();
                        SearchResult sr = (SearchResult) answer.next();
                        bean.setLdapName(sr.getName());
                        int totalResults = 0;
                        boolean Finished = false;

                        Attributes attrs = sr.getAttributes();
                        if (attrs != null) {

                              try {
                                    for (NamingEnumeration ae = attrs.getAll(); ae
                                                .hasMore();) {
                                          Attribute attr = (Attribute) ae.next();

                                          // check if we are finished
                                          if (attr.getID().endsWith("*")) {
                                                Finished = true;
                                          }

                                          for (NamingEnumeration e = attr.getAll(); e
                                                      .hasMore(); totalResults++) {

                                                bean.setName((String) e.next());
                                          }
                                    }

                              } catch (NamingException e) {
                                    System.err.println("Problem printing attributes: " + e);
                              }
                        }

                        results.add(bean);
                  }

                  if (results != null && results.size() > 0) {
                        for (int r = 0; r < results.size(); r++) {
                              searchFilter = "(&(objectClass=person) (&(memberOf="
                                          + ((GroupBean) results.get(r)).getLdapName() + ","
                                          + searchBase + ")) (sAMAccountName=" + userName
                                          + "))";

                              // see if the user belongs to the group DN
                              String result = getSearchResult(ctx, searchBase,
                                          searchFilter, searchCtls);

                              if (result != null) {
                                    finalList.add(((GroupBean) results.get(r)).getName());
                              }

                        }

                  } else {
                        System.out.println("No Search Result available for -"
                                    + searchFilter);
                  }

            } catch (Exception ex) {

            } finally {
                  ctx.close();
            }

            return finalList;
      }

      private String getSearchResult(LdapContext ctx, String searchBase,
                  String searchFilter, SearchControls searchCtls)
                  throws NamingException {

            // Search for objects using the filter
            NamingEnumeration answer = ctx.search(searchBase, searchFilter,
                        searchCtls);

            // Loop through the search results
            while (answer.hasMoreElements()) {
                  SearchResult sr = (SearchResult) answer.next();
                  // System.out.println("Search Results in -" + sr.getName());
                  return sr.getName();
            }

            return null;
      }

A simple bean class to hold the real ldap identifier and the name
public class GroupBean {

      private String ldapName;
      private String name;
      
      /**
       * @return Returns the ldapName.
       */
      public String getLdapName() {
            return ldapName;
      }
      /**
       * @param ldapName The ldapName to set.
       */
      public void setLdapName(String ldapName) {
            this.ldapName = ldapName;
      }
      /**
       * @return Returns the name.
       */
      public String getName() {
            return name;
      }
      /**
       * @param name The name to set.
       */
      public void setName(String name) {
            this.name = name;
      }
      
      
}

// Following is the way to get the groups

            LDAPAdapter member = new LDAPAdapter();
            List rs = new ArrayList();
            try {
                  rs = member.getGroups("UserName"); // change the user name
                  if (rs != null) {
                        for (int l = 0; l < rs.size(); l++) {
                              System.out.println(rs.get(l));
                        }
                  }
            } catch (NamingException e) {
                  e.printStackTrace();
            }

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now