Java program to retrieve Active Directory(LDAP) User Properties

Problem Statement

You want to retrieve properties (like name, mail, telephonenumber, accountExpires etc.) of a Active Directory or a LDAP user.

What you need (replace in program)

  • You will need a username/pass that can connect to Active Director/LDAP. This is not some special user, but usually it is simply a user that is already there in Active Directory. This is string: user@domain.com/userpass,  in program below.
  • And of-course you need the username of the user(theUserName in program below) whose attribute you want to retrieve.
  • Your Active Directory/LDAP Host Name. This is the string: ActiveDirOrLDAPHost in program below.
  • Your Domain Name. This is the string: DC=YourDomain,DC=com, in program below.

The Program

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class LDAPExaminer {

public static void main(String[] args) {
LDAPExaminer ldapExaminer = new LDAPExaminer();
//NOTE: replace theUserName below with the Active Directory/LDAP user whose attribites you want printed.
ldapExaminer.printUserBasicAttributes("<strong>theUserName</strong>", ldapExaminer.getLdapContext());
}

public LdapContext getLdapContext(){
LdapContext ctx = null;
try{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");

//NOTE: replace user@domain.com with a User that is present in your Active Directory/LDAP
env.put(Context.SECURITY_PRINCIPAL, "<strong>user@domain.com</strong>");
//NOTE: replace userpass with passwd of this user.
env.put(Context.SECURITY_CREDENTIALS, "userpass");
//NOTE: replace ADorLDAPHost with your Active Directory/LDAP Hostname or IP.
env.put(Context.PROVIDER_URL, "ldap://ActiveDirOrLDAPHost:389");

System.out.println("Attempting to Connect...");

ctx = new InitialLdapContext(env, null);
System.out.println("Connection Successful.");
}catch(NamingException nex){
System.out.println("LDAP Connection: FAILED");
nex.printStackTrace();
}
return ctx;
}

private void printUserBasicAttributes(String username, LdapContext ctx) {
try {

SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//NOTE: The attributes mentioned in array below are the ones that will be retrieved, you can add more.
String[] attrIDs = { "distinguishedName",
"sn",
"givenname",
"mail",
"telephonenumber", "canonicalName","userAccountControl","accountExpires"};
constraints.setReturningAttributes(attrIDs);

//NOTE: replace DC=domain,DC=com below with your domain info. It is essentially the Base Node for Search.
NamingEnumeration answer = ctx.search("DC=YourDomain,DC=com", "sAMAccountName="
+ username, constraints);

if (answer.hasMore()) {
Attributes attrs = ((SearchResult) answer.next()).getAttributes();
System.out.println(attrs.get("distinguishedName"));
System.out.println(attrs.get("givenname"));
System.out.println(attrs.get("sn"));
System.out.println(attrs.get("mail"));
System.out.println(attrs.get("telephonenumber"));
System.out.println(attrs.get("canonicalName"));
System.out.println(attrs.get("userAccountControl"));
System.out.println(attrs.get("accountExpires"));
}else{
throw new Exception("Invalid User");
}

} catch (Exception ex) {
ex.printStackTrace();
}
}

}
Advertisements

2 responses

  1. Hi,
    I was wondering whether the context used in the code is closed anywhere? if not where i need to close them?
    Please reply.
    -yoga.

    1. Sure you can can close the context once it is no longer needed.
      In the example code above, it can be closed in the main method.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: