ldap

How do a LDAP search/authenticate against this LDAP in Java

by

Another approach is using UnboundID. Its api is very readable and shorter Create a Ldap Connection public static LDAPConnection getConnection() throws LDAPException { // host, port, username and password return new LDAPConnection(“com.example.local”, 389, “[email protected]”, “admin”); } Get filter result public static List<SearchResultEntry> getResults(LDAPConnection connection, String baseDN, String filter) throws LDAPSearchException { SearchResult searchResult; if (connection.isConnected()) … Read more

Configuring Tomcat to authenticate using Windows Active Directory

by

From www.jspwiki.org See : ActiveDirectoryIntegration Try this in the server.xml with your ldap-settings : <Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″ connectionURL=”ldap://youradsserver:389″ alternateURL=”ldap://youradsserver:389″ userRoleName=”member” userBase=”cn=Users,dc=yourdomain” userPattern=”cn={0},cn=Users,dc=yourdomain” roleBase=”cn=Users,dc=yourdomain” roleName=”cn” roleSearch=”(member={0})” roleSubtree=”false” userSubtree=”true”/> And define the role in the tomcat-users.xml and the web.xml of your application Edit webapp_root/WEB_INF/Web.xml file as follows: <security-constraint> <display-name>your web app display name</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>*.jsp</url-pattern> … Read more

Active Directory – Check username / password

by

If you’re using .net 3.5 use this code instead. To authenticate a user: PrincipalContext adContext = new PrincipalContext(ContextType.Domain); using (adContext) { return adContext.ValidateCredentials(UserName, Password); } If you need to find the user to R/W attributes to the object do this: PrincipalContext context = new PrincipalContext(ContextType.Domain); UserPrincipal foundUser = UserPrincipal.FindByIdentity(context, “jdoe”); This is using the System.DirectoryServices.AccountManagement … Read more

Querying an LDAP

by

@KenL Almost got me there. I also had to set the AuthenticationType of the DirectoryEntry to get it to work. Also, pay attention to how you are using wildcards (Kleene Stars). DirectoryEntry rootEntry = new DirectoryEntry(“LDAP://some.ldap.server.com”); rootEntry.AuthenticationType = AuthenticationTypes.None; //Or whatever it need be DirectorySearcher searcher = new DirectorySearcher(rootEntry); var queryFormat = “(&(objectClass=user)(objectCategory=person)(|(SAMAccountName=*{0}*)(cn=*{0}*)(gn=*{0}*)(sn=*{0}*)(email=*{0}*)))”; searcher.Filter = … Read more

How can I find out which server hosts LDAP on my windows domain?

by

AD registers Service Location (SRV) resource records in its DNS server which you can query to get the port and the hostname of the responsible LDAP server in your domain. Just try this on the command-line: C:\> nslookup > set types=all > _ldap._tcp.<<your.AD.domain>> _ldap._tcp.<<your.AD.domain>> SRV service location: priority = 0 weight = 100 port = … Read more

LDAP root query syntax to search more than one specific OU

by

You can!!! In short use this as the connection string: ldap://<host>:3268/DC=<my>,DC=<domain>?cn together with your search filter, e.g. (&(sAMAccountName={0})(&((objectCategory=person)(objectclass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf:1.2.840.113556.1.4.1941:=CN=<some-special-nested-group>,OU=<ou3>,OU=<ou2>,OU=<ou1>,DC=<dc3>,DC=<dc2>,DC=<dc1>)))) That will search in the so called Global Catalog, that had been available out-of-the-box in our environment. Instead of the known/common other versions (or combinations thereof) that did NOT work in our environment with multiple OUs: ldap://<host>/DC=<my>,DC=<domain> … Read more

LDAP filter for blank (empty) attribute

by

From LDAP, there is not a query method to determine an empty string. The best practice would be to scrub your data inputs to LDAP as an empty or null value in LDAP is no value at all. To determine this you would need to query for all with a value (manager=*) and then use … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)