Getting tokenGroups attribute
- From: "LM" <merrittf@xxxxxxxx>
- Date: 6 Mar 2007 09:13:47 -0800
Folks,
Here is some code from a Sun user group posting I tried to adapt to
get the tokenGroups attribute of a user. My idea is to get that
attribute, then get the enumerated list of of SIDs out and use that to
construct a search filter to find all the group by name to which my
user belongs, directly or by nesting.
public class sid {
public static void main (String[] args) {
Hashtable env = new Hashtable();
String adminName = "CN=UserName,CN=Users,OU=UserOU,O=UserO";
String adminPassword = "someword";
String objectName = "CN=TestUser,CN=Users,OU=UserOU,O=UserO";
String ldapURL = "ldap://localhost:389";;
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext
authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//specify attributes to be returned in binary format
//env.put("java.naming.ldap.attributes.binary","objectSID");
//env.put("java.naming.ldap.attributes.binary","tokenGroups");
//connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Retrieve all attributes of the requested object
Attributes attrs = ctx.getAttributes(objectName);
// Print out some of the attributes
System.out.println("DN: " + attrs.get("distinguishedName").get());
try
{
Attribute a = attrs.get("tokenGroups");
NamingEnumeration e = a.getAll();
}
catch (Exception ex)
{
System.err.println("Problem retrieving object: " + ex);
}
ctx.close();
}
catch (NamingException e) {
System.err.println("Problem retrieving object: " + e);
}
}
}
The statetment:
"Attribute a = attrs.get("tokenGroups");" returns a = null. Assuming
I can beat that, what I'd like to get from the statement
"NamingEnumeration e = a.getAll();" is an enumerated list of SIDs in
binary form that I can convert to "\aa\bb\cc" form to construng a
search filter.
"System.out.println("DN: " + attrs.get("distinguishedName").get());"
does print the DN, so the basic query seems to connect and return
*some* of the attributes.
Desn't seem that hard, somehow, but I'm stumped again...
Many thanks yet again,
Lincoln
.
- Follow-Ups:
- Re: Getting tokenGroups attribute
- From: Joe Kaplan
- Re: Getting tokenGroups attribute
- Prev by Date: Re: Global modification of user accounts
- Next by Date: Execute order of Policies
- Previous by thread: Re: Global modification of user accounts
- Next by thread: Re: Getting tokenGroups attribute
- Index(es):
Loading
