Reputation: 91
LDAP: How to get all Groups in Active Directory?
Is there a way to get the names of all groups in Active Directory using java?
Upvotes: 9
Views: 37475
Answers (3)
Reputation: 3106
Use Java JNDI, and do a search for (objectclass=group) and request the cn attribute. This will get all the groups name.
Code example:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class Test {
public static String ldapUri = "ldap://localhost";
public static String usersContainer = "cn=users,dc=example,dc=com";
public static void main(String args[]) {
if (args.length != 2) {
System.out.println("Usage: test userName password");
return;
}
String username = args[0];
String password = args[1];
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUri);
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
DirContext ctx = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
String[] attrIDs = { "cn" };
ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration answer = ctx.search(usersContainer, "(objectclass=group)", ctls);
while (answer.hasMore()) {
SearchResult rslt = (SearchResult) answer.next();
Attributes attrs = rslt.getAttributes();
System.out.println(attrs.get("cn"));
}
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
Upvotes: 10
Reputation: 1723
I used Kalyan's example to query for user groups, but found that although the query worked, it did not returned all user groups. After some digging, I became aware of the AD Global Catalogue and based this example, I was able to modify Kalyan's answer to return all user groups from the global catalogue.
The required changes were:
- Added global port
3268to the ldapUri Set the first parameter to
Context.searchto"".public static void main(String args[]) { String ldapUri = "ldap://ad.domain.com"; if (args.length != 2) { System.out.println("Usage: test userName password"); return; } String username = args[0]; String password = args[1]; Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUri + ":3268"); env.put(Context.SECURITY_PRINCIPAL, username); env.put(Context.SECURITY_CREDENTIALS, password); try { DirContext context = new InitialDirContext(env); SearchControls searchControls = new SearchControls(); String[] attrIDs = {"cn"}; searchControls.setReturningAttributes(attrIDs); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration answer = context.search("", "(objectclass=group)", searchControls); while (answer.hasMore()) { SearchResult rslt = (SearchResult) answer.next(); Attributes attrs = rslt.getAttributes(); System.out.println(attrs.get("cn")); } context.close(); } catch (NamingException e) { e.printStackTrace(); } }
Upvotes: 0
Reputation: 31
You can use this library. It's easy to use and powerfull
http://code.google.com/p/jedi-obi/
Upvotes: 2
Related Questions
- How to obtain all LDAP groups in spring security
- LDAP query get all groups (nested) of a group
- LDAP: Get list of users in a specific group
- How to get all members of AD group via LDAP in Java
- Get all groups for a user using LDAP
- Get Groups using Ldap in java
- List all the users in the Active Directory Group
- Get groups and users from LDAP
- How to get all the LDAP groups for a particular user?
- How do I get Active Directory groups when already authenticated through ldap Spring 3.0?