https://wiki.twig.es/index.php?action=history&feed=atom&title=Query_Active_Directory_%28ldaptest%29 Query Active Directory (ldaptest) - Revision history 2026-05-06T16:41:02Z Revision history for this page on the wiki MediaWiki 1.23.0 https://wiki.twig.es/index.php?title=Query_Active_Directory_(ldaptest)&diff=1822&oldid=prev George2: Created page with "<source lang="java"> package ldaptest; import java.util.Hashtable; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; i..." 2015-04-14T12:13:06Z <p>Created page with &quot;&lt;source lang=&quot;java&quot;&gt; package ldaptest; import java.util.Hashtable; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; i...&quot;</p> <p><b>New page</b></p><div>&lt;source lang=&quot;java&quot;&gt;<br /> <br /> package ldaptest;<br /> <br /> import java.util.Hashtable;<br /> import javax.naming.Context;<br /> import javax.naming.NamingEnumeration;<br /> import javax.naming.NamingException;<br /> import javax.naming.directory.DirContext;<br /> import javax.naming.directory.SearchControls;<br /> import javax.naming.directory.SearchResult;<br /> import javax.naming.ldap.InitialLdapContext;<br /> import javax.naming.ldap.LdapContext;<br /> <br /> /**<br /> * Example code for retrieving a Users Primary Group<br /> * from Microsoft Active Directory via. its LDAP API<br /> * <br /> * @author Adam Retter &lt;adam.retter@googlemail.com&gt;<br /> */<br /> public class LDAPTest {<br /> <br /> /**<br /> * @param args the command line arguments<br /> */<br /> public static void main(String[] args) throws NamingException {<br /> <br /> final String ldapAdServer = &quot;ldap://ad.your-server.com:389&quot;;<br /> final String ldapSearchBase = &quot;dc=ad,dc=my-domain,dc=com&quot;;<br /> <br /> final String ldapUsername = &quot;myLdapUsername&quot;;<br /> final String ldapPassword = &quot;myLdapPassword&quot;;<br /> <br /> final String ldapAccountToLookup = &quot;myOtherLdapUsername&quot;;<br /> <br /> <br /> Hashtable&lt;String, Object&gt; env = new Hashtable&lt;String, Object&gt;();<br /> env.put(Context.SECURITY_AUTHENTICATION, &quot;simple&quot;);<br /> if(ldapUsername != null) {<br /> env.put(Context.SECURITY_PRINCIPAL, ldapUsername);<br /> }<br /> if(ldapPassword != null) {<br /> env.put(Context.SECURITY_CREDENTIALS, ldapPassword);<br /> }<br /> env.put(Context.INITIAL_CONTEXT_FACTORY, &quot;com.sun.jndi.ldap.LdapCtxFactory&quot;);<br /> env.put(Context.PROVIDER_URL, ldapAdServer);<br /> <br /> //ensures that objectSID attribute values<br /> //will be returned as a byte[] instead of a String<br /> env.put(&quot;java.naming.ldap.attributes.binary&quot;, &quot;objectSID&quot;);<br /> <br /> // the following is helpful in debugging errors<br /> //env.put(&quot;com.sun.jndi.ldap.trace.ber&quot;, System.err);<br /> <br /> LdapContext ctx = new InitialLdapContext();<br /> <br /> LDAPTest ldap = new LDAPTest();<br /> <br /> //1) lookup the ldap account<br /> SearchResult srLdapUser = ldap.findAccountByAccountName(ctx, ldapSearchBase, ldapAccountToLookup);<br /> <br /> //2) get the SID of the users primary group<br /> String primaryGroupSID = ldap.getPrimaryGroupSID(srLdapUser);<br /> <br /> //3) get the users Primary Group<br /> String primaryGroupName = ldap.findGroupBySID(ctx, ldapSearchBase, primaryGroupSID);<br /> }<br /> <br /> public SearchResult findAccountByAccountName(DirContext ctx, String ldapSearchBase, String accountName) throws NamingException {<br /> <br /> String searchFilter = &quot;(&amp;(objectClass=user)(sAMAccountName=&quot; + accountName + &quot;))&quot;;<br /> <br /> SearchControls searchControls = new SearchControls();<br /> searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);<br /> <br /> NamingEnumeration&lt;SearchResult&gt; results = ctx.search(ldapSearchBase, searchFilter, searchControls);<br /> <br /> SearchResult searchResult = null;<br /> if(results.hasMoreElements()) {<br /> searchResult = (SearchResult) results.nextElement();<br /> <br /> //make sure there is not another item available, there should be only 1 match<br /> if(results.hasMoreElements()) {<br /> System.err.println(&quot;Matched multiple users for the accountName: &quot; + accountName);<br /> return null;<br /> }<br /> }<br /> <br /> return searchResult;<br /> }<br /> <br /> public String findGroupBySID(DirContext ctx, String ldapSearchBase, String sid) throws NamingException {<br /> <br /> String searchFilter = &quot;(&amp;(objectClass=group)(objectSid=&quot; + sid + &quot;))&quot;;<br /> <br /> SearchControls searchControls = new SearchControls();<br /> searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);<br /> <br /> NamingEnumeration&lt;SearchResult&gt; results = ctx.search(ldapSearchBase, searchFilter, searchControls);<br /> <br /> if(results.hasMoreElements()) {<br /> SearchResult searchResult = (SearchResult) results.nextElement();<br /> <br /> //make sure there is not another item available, there should be only 1 match<br /> if(results.hasMoreElements()) {<br /> System.err.println(&quot;Matched multiple groups for the group with SID: &quot; + sid);<br /> return null;<br /> } else {<br /> return (String)searchResult.getAttributes().get(&quot;sAMAccountName&quot;).get();<br /> }<br /> }<br /> return null;<br /> }<br /> <br /> public String getPrimaryGroupSID(SearchResult srLdapUser) throws NamingException {<br /> byte[] objectSID = (byte[])srLdapUser.getAttributes().get(&quot;objectSid&quot;).get();<br /> String strPrimaryGroupID = (String)srLdapUser.getAttributes().get(&quot;primaryGroupID&quot;).get();<br /> <br /> String strObjectSid = decodeSID(objectSID);<br /> <br /> return strObjectSid.substring(0, strObjectSid.lastIndexOf('-') + 1) + strPrimaryGroupID;<br /> }<br /> <br /> /**<br /> * The binary data is in the form:<br /> * byte[0] - revision level<br /> * byte[1] - count of sub-authorities<br /> * byte[2-7] - 48 bit authority (big-endian)<br /> * and then count x 32 bit sub authorities (little-endian)<br /> * <br /> * The String value is: S-Revision-Authority-SubAuthority[n]...<br /> * <br /> * Based on code from here - http://forums.oracle.com/forums/thread.jspa?threadID=1155740&amp;tstart=0<br /> */<br /> public static String decodeSID(byte[] sid) {<br /> <br /> final StringBuilder strSid = new StringBuilder(&quot;S-&quot;);<br /> <br /> // get version<br /> final int revision = sid[0];<br /> strSid.append(Integer.toString(revision));<br /> <br /> //next byte is the count of sub-authorities<br /> final int countSubAuths = sid[1] &amp; 0xFF;<br /> <br /> //get the authority<br /> long authority = 0;<br /> //String rid = &quot;&quot;;<br /> for(int i = 2; i &lt;= 7; i++) {<br /> authority |= ((long)sid[i]) &lt;&lt; (8 * (5 - (i - 2)));<br /> }<br /> strSid.append(&quot;-&quot;);<br /> strSid.append(Long.toHexString(authority));<br /> <br /> //iterate all the sub-auths<br /> int offset = 8;<br /> int size = 4; //4 bytes for each sub auth<br /> for(int j = 0; j &lt; countSubAuths; j++) {<br /> long subAuthority = 0;<br /> for(int k = 0; k &lt; size; k++) {<br /> subAuthority |= (long)(sid[offset + k] &amp; 0xFF) &lt;&lt; (8 * k);<br /> }<br /> <br /> strSid.append(&quot;-&quot;);<br /> strSid.append(subAuthority);<br /> <br /> offset += size;<br /> }<br /> <br /> return strSid.toString(); <br /> }<br /> }<br /> <br /> <br /> &lt;/source&gt;</div> George2