Previous
For configuring the ADS with your Java Code, you have to configure following setps:
Step 1: Configuring JNDI context. below is the example,
public LdapContext throws NamingException{
Hashtable env = new Hashtable();
String admin = "administrator"
String passwd= "test"
String ldapURL = "ldap://pc.test.com:389 "; //There are two type of protocol in communication,
//one is ldap & second will be ldaps. ldap protocol using 389, while ldaps
//using 636 by default.
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple clear text authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
// connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
ctx = new InitialLdapContext(env, null);
return ctx;
}
Step 2: With ctx (ldapContext) you can search the keyword from the ADS.
For example,
1)If you want to find the user with name, "Hitesh" then you have to pass parameters into the search function, and parameters value would be,
objectClass=user, typeKey=cn and typeValue="Hitesh".
2)If you want to find the associated groups with "Hitesh" then parameters would be
objectClass=user, typeKey=cn, typeValue="Hitesh, attribute=memberOf
/*
*@param ctx :configured LdapContext
* @param password :password for log on name
*
* @return LdapContext which is interface and use for further operation.
* @throws NamingException
*/
public NamingEnumeration search(LdapContext ctx, String objectClass,
String typeKey, String typeValue, String attribute) throws NamingException {
if(ctx==null){
return null;
}
// Create the search controls
SearchControls searchCtls = new SearchControls();
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = null;
if (typeValue != null) {
searchFilter = "(&(objectClass=" + objectClass + ")("+typeKey+"=" + typeValue
+ "))";
} else {
searchFilter = "(&(objectClass=" + objectClass + "))";
}
// Specify the Base for the search
String searchBase = "DC="
+ domainController[domainController.length - 2] + ",DC="
+ domainController[domainController.length - 1];
NamingEnumeration answer = null;
if (attribute != null) {
// Specify the attributes to return
String returnedAtts[] = { attribute };
searchCtls.setReturningAttributes(returnedAtts);
// Search for objects using the filter
answer = ctx.search(searchBase, searchFilter, searchCtls);
} else {
answer = ctx.search(searchBase, searchFilter, searchCtls);
}
return answer;
}
Previous
6 comments:
Thanks for this code
I have to (1) display in the admin page of a JSP application if the active directory account of a user is locked on account of too many bad authentication attempts (2) provide the admin with a way to unlock the account (3) display if the user's Active Directory password has expired.
Is there a way to do the above using JNDI and if so, could you please provide some guidance? Thanks. KS
I have to (1) display in the admin page of a JSP application if the active directory account of a user is locked on account of too many bad authentication attempts (2) provide the admin with a way to unlock the account (3) display if the user's Active Directory password has expired.
Is there a way to do the above using JNDI and if so, could you please provide some guidance? Thanks. KS
Yes KS, you can do it last two options, first one also possible, but I am not sure.
Let me give two days, as I am bit busy in my projects, give me your ID, i will post the guidline about your questions, possibily I can post the code also.
Thanks
I am currently connecting to the AD as well. I have used your code, and it was helpful. However, I also have to connect to the AD non-anonymously. This is more of a task than I thought. I am using Java and Jboss. I have read some posts about binding, and was wondering if you could give me some direction? It would be very helpful. Thanks in advance.
hi Hitesh,
Looking for a tutorial for implementing single sign on to our web application using active directory, do you have any idea about or referrences for the single sign on implementation ? please let me know...
Post a Comment