CODEWITHSUNDEEP
javaeclipseattributesactive-directory
Riri
Riri

Reputation: 27

Java eclipse - Active directory, attribute modification #2

Thanks first to Sotirios Delimanolis who help me for my first question (first part was to access to the active directory).

So now my code is :

        DirContext ctx = null;

        Hashtable<String, Object> env = new Hashtable<String, Object>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://"+serverAddress+":389");

        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, DOMAIN+username);
        env.put(Context.SECURITY_CREDENTIALS, password);

        try {


            // Create the initial context
            ctx = new InitialDirContext(env);

            Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case
            matchAttrs.put(new BasicAttribute("mail", "[email protected]"));
            matchAttrs.put(new BasicAttribute("cn"));

            // Search for objects that have those matching attributes
            NamingEnumeration<SearchResult> answer = ctx.search("ou=People", matchAttrs);

            while (answer.hasMore()) {
                SearchResult sr = (SearchResult)answer.next();
                System.out.println(">>>" + sr.getName());
            }

I have the error : Failed to bind to LDAP / get account information: javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-03100754, problem 5012 (DIR_ERROR), data 0 ; remaining name 'ou=People'

I found this code (that follow) in http://docs.oracle.com/javase/jndi/tutorial/basics/directory/basicsearch.html :

// Specify the attributes to match
// Ask for objects that has a surname ("sn") attribute with 
// the value "Geisel" and the "mail" attribute
Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case
matchAttrs.put(new BasicAttribute("sn", "Geisel"));
matchAttrs.put(new BasicAttribute("mail"));

// Search for objects that have those matching attributes
NamingEnumeration answer = ctx.search("ou=People", matchAttrs);
 You can then print the results as follows. 
while (answer.hasMore()) {
    SearchResult sr = (SearchResult)answer.next();
    System.out.println(">>>" + sr.getName());
    printAttrs(sr.getAttributes());
}

So I want to know if he target context "ou=People" is specific to each active directory or its always the same for the "ou" and the "People" : http://www.kouti.com/tables/userattributes.htm

Thanks a lot !

Upvotes: 1

Views: 445

Answers (1)

Sotirios Delimanolis
Sotirios Delimanolis

Reputation: 280102

Active Directory is an LDAP server. There are other LDAP servers (OpenLDAP comes to mind). Each of these has their own or similar Object Classes and Attributes which make up your directory schema. You can look under this Microsoft link for all the Active Directory object classes and attributes.

In your example sn,mail, and ,ou are different attribute names that stand for surname, mail, and organizational unit, respectively. These attributes are name-value pairs, so ou=People means an object that has an organizational unit attribute with the value People.

The search function that you use:

ctx.search("ou=People", matchAttrs)

Is looking in the context of ou=People for attributes matching the ones you pass.

The argument ou=People is not specific to each Active Directory. People is just the name they decided to use. My directory uses Users, another may use Accounts. The ou, however, is often the attribute used to uniquely identify an object.

A good resource I have read and can recommend is Building Java Enterprise Applications Volume I - Architecture. The link contains a pdf version. It has a section on how to use LDAP to authentication your application users, but explains a lot about the organization of LDAP server entries which I think you will find useful.

Upvotes: 1

Related Questions