Cant find myself in my companies ldap directory

[richierich]

Hi All,

I am completely new to LDAP programming via Java and have a task to check if a user id's exists in our Active Directory server.

To get started i knew that we had another application here that did the same job so what I did was to rip the ldap code out of that application (after a de-compile).

Here is what i have so far (Read the code from the Authenticate method...

private void moduleInitialize() throws NamingException
{

initializeLdapEnvironmentProperties();
ldapContext = new InitialLdapContext(ldapEnv, null);
userNameAttributeName = "sAMAccountName";
firstNameAttributeName = "givenName";
lastNameAttributeName = "sn";

}
private void initializeLdapEnvironmentProperties()
{

ldapEnv = new Properties();
ldapEnv.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put("java.naming.provider.url", "ldap://MyIPAddr:389/");
ldapEnv.put("java.naming.security.authentication", "simple");
ldapEnv.put("java.naming.security.protocol", "");
ldapEnv.put("java.naming.security.principal", "CN=svc-ldapsrch-acc,OU=Service Accounts,OU=Support,DC=MyCompany,DC=internal");
ldapEnv.put("java.naming.security.credentials","My Password");

}
public void authenticate(String userName, String password)
throws FailedLoginException, LoginException
{

StringBuffer authenticationUserDn;
try
{
moduleInitialize();
UserSearchCriteria criteria = new UserSearchCriteria();
criteria.setUserName(userName);
NamingEnumeration namingEnum = searchForUsers(criteria);
if(!namingEnum.hasMore())
throw new FailedLoginException("Username: " + userName + " does not exist");
}
catch(AuthenticationException ae)
{
throw new LoginException("Could not bind to the LDAP directory server to perform Username/DN lookup.");
}
catch(NamingException ne)
{
throw new LoginException("Could not perform user name lookup because of exception: " + ne.toString());
}

}

private NamingEnumeration searchForUsers(UserSearchCriteria criteria)
throws NamingException
{

String base = "OU=Business Units,DC=MyCompany,DC=internal";
String filter = buildUserSearchFilter(criteria);
SearchControls sc = new SearchControls();
String scopeSpec = "onelevel";
int scope;
if("onelevel".equals(scopeSpec))
scope = 1;
else
scope = 2;
sc.setSearchScope(scope);
String MY_ATTRS[] = {
userNameAttributeName, firstNameAttributeName, lastNameAttributeName
};
sc.setReturningAttributes(MY_ATTRS);
return ldapContext.search(base, filter, sc);

}

private String buildUserSearchFilter(UserSearchCriteria criteria)
{

String baseFilter = "(&(objectCategory=Person)(objectClass=user)%v )";
StringBuffer userSearchFilter = new StringBuffer();
if(StringUtils.isNotEmpty(criteria.getUserName()))
userSearchFilter.append("(" + userNameAttributeName + "=" + criteria.getUserName() + ")");
if(StringUtils.isNotEmpty(criteria.getFirstName()) )
userSearchFilter.append("(" + firstNameAttributeName + "=" + criteria.getFirstName() + ")");
if(StringUtils.isNotEmpty(criteria.getLastName()))
userSearchFilter.append("(" + lastNameAttributeName + "=" + criteria.getLastName() + ")");
return StringUtils.replace(baseFilter, "%v", userSearchFilter.toString());
}

I know that I have connected to the LDAP Server ok because the Instantiation of LdapInitialContext does not fail. But in the searchForUsers method when return ldapContext.search(base, filter, sc); is called i cannot find my user (even though I know they exist).

To help out, i can tell you that at this line filter is equal to (&(objectCategory=Person)(objectClass=user)(sAMAcc ountName=MyUserId)).

I've been doing some reading on LDAP and can understand most of the code, but what i don't really understand is this line and the filter string.

Can anyone help me out please?

[richierich]

I think maybe i scared people off with that gr8 big chunk of code that I pasted in my previous post.

Maybe I was asking the wrong question. I'll try an alternate one.

Does anyone know a way that i can browse all the users in my ldap directory? or some sort of debugging method that could help me verify there are users i the directory or that i am looking at the right one