active directory authentification without credentials java

Question

I found Java JNDI/LDAP: Windows Active Directory Authentication, but, my question is : is it possible to check if a user exists without its credentials ?

Thank you !

Answer 1

It is possible to query an LDAP compliant server for an entry without the credentials of the entry itself. When an LDAP client connects to a server, the connection is unauthenticated - an LDAP client must use the BIND operation to change the authorization state of the connection. If the server does not permit operations that are not authenticated, then the LDAP client must use a DN and credentials which:

• permit the search operation
• permit the search operation to return the entry in question

If the server rejects unauthenticated connections (a properly configured LDAP server will not permit operations that are not authenticated), then it will not be possible to use the search operation to determine the existence of the desired entry.

Therefore, if the server permits unauthenticated searches,the LDAP client can search for an entry without any credentials. If not, then the LDAP client must use a DN and credentials to change the authorization state of the connection with the BIND operation to a state that permits the search in question. However, that DN and credentials need not the credentials of the entry for the search is conducted.

Answer 2

You can in one of the following two cases:

1. Anonymous authentication is enabled - see this support artice
2. You have another user with which to make queries to AD. This user must have sufficient permissions to view all users.

Answer 3

No, you cannot query the Active Directory without providing valid domain credentials. Anonymous auth is disabled.