With the following code, I can bind/authenticate the user testu with password testp with my local LDAP server. In my DIT, this user also belongs to a group, say Administrators. How can I get the name of the group he belongs to or vice versa check if that user belongs to that group?
public static void main(String[] args)
{
Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
properties.put(Context.PROVIDER_URL, "ldap://localhost:10389");
// set properties for authentication
properties.put(Context.SECURITY_AUTHENTICATION, "simple");
properties.put(Context.SECURITY_PRINCIPAL, "cn=testu,ou=users,ou=system");
properties.put(Context.SECURITY_CREDENTIALS, "testp");
try {
InitialLdapContext ctx = new InitialLdapContext(properties, null);
} catch (NamingException e) {
e.printStackTrace();
}
}
In my LDAP browser, in the Tree structure, I have the user testu
cn=testu,ou=users,ou=system
while the Administrators group is under
cn=Administrators,ou=groups,ou=system
Now I don’t even think I’ve gotten the user in that group, but assuming I did how would you look for it? I’m basically asking how do I do a search query through LDAP relative to the user authenticated.
Given the following group:
cn=operations,ou=groups,ou=system
objectClass:groupOfNames (structural)
objectClass:top (abstract)
cn:operations
member:cn=soto,ou=users,ou=system
member:cn=testu,ou=users,ou=system
And this user:
cn=testu,ou=users,ou=system
objectClass:organizationalPerson (structural)
objectClass:person (structural)
objectClass:top (abstract)
cn:testu
sn:some name
userPassword:SHA hashed password [testp]
How would I get the group from this user?
If you performed a bind, then you know the DN of the user and you could do a search request like:
Base Search DN: ou=system
This would, if you have permission, return all the groups the user is a DIRECT member.
It would not include any nested group memberships.