Blog

Java on top of LDAP

Posted by Kylin Soong on Nov 9, 2014 categorized as data

This article demonstrates how java code operate Lightweight Directory Access Protocol(LDAP), we use OpenLDAP as a LDAP server, for completely install, admin, getting start OpenLDAP please refer to OpenLDAP Admin Guide.

Assume OpenLDAP installed on Server 10.66.218.46, the initial entries be added to directory, the following test base on this.

Add Test Entries

In this section, we will create Group HR and with 3 Users under Group HR.

  • Create Group HR

Create an LDIF file named hr.ldif, with the content as below:

dn: ou=HR,dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: HR

Run ldapadd command add Group entry to directory:

ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f hr.ldif
  • Create User under Group HR

Create an LDIF file named hr1.ldif, with the content as below:

dn: uid=hr1,ou=HR,dc=example,dc=com
sn: name
givenName: name
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 6592
uidNumber: 19920
mail: hr1@mail.com
uid: hr1 
cn: HR One
homeDirectory: /home/hr1
gecos: hr1
loginShell: /bin/bash
shadowLastChange: 15807
userPassword: redhat

Run ldapadd command add User hr1 entry to directory:

ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f hr1.ldif

Repeat the same steps to add User hr2 and hr3. Now all Test Entries be added, the following command will list all entries:

ldapsearch -x

JNDI Retrieve attributes

In this section we use com.sun.jndi.ldap.LdapCtxFactory initilize JDNI context, then lookup the entries we created before:

		Hashtable<String,String> env = new Hashtable<String,String>();
		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
		env.put(Context.PROVIDER_URL, "ldap://10.66.218.46:389");
		env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=example,dc=com");
		env.put(Context.SECURITY_CREDENTIALS, "redhat");
		DirContext ctx = new InitialLdapContext(env, null);

		Attributes attrs = ctx.getAttributes("uid=hr1,ou=HR,dc=example,dc=com");

JNDI search attributes with SearchControl and filter

Continue using above JNDI context, the following code samples used to search attributes with SearchControl and filter:

		LdapContext context = (LdapContext) cxt.lookup("ou=HR,dc=example,dc=com");
		
		SearchControls controls = new SearchControls();
		controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
		controls.setTimeLimit(6);
		controls.setCountLimit(5);
		controls.setReturningAttributes(new String[]{"uid", "cn", "mail", "sn"});
		
		String filter = "(objectClass=*)";
		NamingEnumeration<SearchResult> en = context.search("", filter, controls);
		while(en.hasMoreElements()){
			SearchResult result = en.nextElement();
			Attributes attrs = result.getAttributes();
			System.out.print(attrs.get("uid").get() + ", ");
			System.out.print(attrs.get("cn").get() + ", ");
			System.out.print(attrs.get("mail").get() + ", ");
			System.out.println(attrs.get("sn").get());
		}

The above code’s output like:

hr1, HR One, hr1@mail.com, name
hr2, HR Two, hr2@mail.com, name
hr3, HR Three, hr3@mail.com, name