Reputation: 89

How do I find all the roles a user has in LDAP using the UnboundID LDAP SDK?

I am having trouble finding the roles a user belongs to, I've tried the following code and it gives a lot of attributes, but what I am interested in is what roles the user belongs to in a certain app.

The user I am searching for belongs to the following two groups (userrole and adminrole). How do I retreive this information?

DN: cn=userrole,ou=roles,ou=appname,ou=apps,ou=groups,dc=example,dc=no

DN: cn=adminrole,ou=roles,ou=appname,ou=apps,ou=groups,dc=example,dc=no

private final String host = "host.example.com";
private final int port = 389;
private final String bindDn = "uid=appname,ou=systems,dc=example,dc=no";
private final String password = "password";
private final String searchDn = "dc=example,dc=no";

public SearchResultEntry getUserDetails(String username) {
    try {
        final LDAPConnection connection = new LDAPConnection(host, port,
                bindDn, password);
        SearchResult searchResults;
        searchResults = connection.search(searchDn, SearchScope.SUB,
                "(uid=" + username + ")", "+");

        if (searchResults.getEntryCount() == 1) {
            SearchResultEntry entry = searchResults.getSearchEntries().get(
                    0);
            connection.close();
            return entry;
        } else {
            LOGGER.error("NOT FOUND!");
            connection.close();
            return null;
        }
    } catch (LDAPException e) {
        LOGGER.error("Exception");
        return null;
    }
}

Upvotes: 3

Answers (2)

Terry Gardner

Reputation: 11132

The server might support either memberOf or isMemberOf. These are attributes (in most servers these attributes are virtual, that is, they do not occupy any storage and are generated upon client request) whose presence in an object indicates the group membership of the object. Here is an example that assumes the server supports the isMemberOf attribute:

String[] getGroupMembership() {

    try {

        // SSL can be supported by using a SocketFactory
        SocketFactory socketFactory = createSocketFactory();

        LDAPConnectionOptions options = new LDAPConnectionOptions();
        options.setConnectTimeoutMillis(connectTimeoutMillis);

        // Try to connect to a single server. It is also possible to use
        // a 'ServerSet' for support of multiple servers.
        LDAPConnection ldapConnection =
            new LDAPConnection(socketFactory,options,hostname,port,
                userDN,userPassword); 

        try {

            // Some broken directory servers, most notably the old Sun 
            // directory servers, do not support the legal filter "(&)".
            // If this is the case, use the present filter "(objectClass=*)"
            // instead. 
            SearchRequest searchRequest =
               new SearchRequest(userDN,SearchScope.BASE,"(&)","isMemberOf");
            searchRequest.setResponseTimeoutMillis(responseTimeoutMillis);

            SearchResult searchResult = ldapConnection.search(searchRequest);

            if(searchResult.getEntryCount() == 1) {
                Entry entry = searchResult.getSearchEntry(userDN);
                return getAttributeValues("isMemberOf");
           }

        } catch(LDAPException ex) {
            // Handle the exception
        } finally {
            ldapConnection.close();
        }

    } catch(LDAPException ldapException) {
        // Handle the connection exception here
    } 

    return null;
}

How do I find all the roles a user has in LDAP using the UnboundID LDAP SDK?

Answers (2)

see also

Related Questions