Re: Getting tokenGroups attribute
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 6 Mar 2007 12:38:33 -0600
Do you really want to do this in Java using JNDI or do you want to do this
with an MS API? Also, is the directory in question here ADAM or something
else? It isn't AD, but I can't tell if it is ADAM for sure.
If you want to use Java, it might make more sense to ask JNDI-specific
questions in a forum that caters to that. I can sort of figure out what
JNDI is trying to do by looking at the code and knowing enough about how
LDAP works to try to piece it together, but I don't really know many of the
finer points of JNDI, so I'm not really helpful on the specifics.
From the AD and ADAM perspective, you get the tokenGroups attribute by doinga base search on an object that is a security principal or in ADAM, you can
get the tokenGroups for the currently bound user by doing a base search
against the rootDSE object (null base DN).
tokenGroups will return a multi-valued attribute of binary data containing
the SIDs of the groups that the user is a member of.
Note that an ADAM user might not be a member of any groups.
There are plenty of examples of how to do this in other "MS" languages like
C#, VB.NET and whatnot (like the free code samples from our book).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"LM" <merrittf@xxxxxxxx> wrote in message
news:1173201226.624026.170590@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Folks,
Here is some code from a Sun user group posting I tried to adapt to
get the tokenGroups attribute of a user. My idea is to get that
attribute, then get the enumerated list of of SIDs out and use that to
construct a search filter to find all the group by name to which my
user belongs, directly or by nesting.
public class sid {
public static void main (String[] args) {
Hashtable env = new Hashtable();
String adminName = "CN=UserName,CN=Users,OU=UserOU,O=UserO";
String adminPassword = "someword";
String objectName = "CN=TestUser,CN=Users,OU=UserOU,O=UserO";
String ldapURL = "ldap://localhost:389";;
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext
authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//specify attributes to be returned in binary format
//env.put("java.naming.ldap.attributes.binary","objectSID");
//env.put("java.naming.ldap.attributes.binary","tokenGroups");
//connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Retrieve all attributes of the requested object
Attributes attrs = ctx.getAttributes(objectName);
// Print out some of the attributes
System.out.println("DN: " + attrs.get("distinguishedName").get());
try
{
Attribute a = attrs.get("tokenGroups");
NamingEnumeration e = a.getAll();
}
catch (Exception ex)
{
System.err.println("Problem retrieving object: " + ex);
}
ctx.close();
}
catch (NamingException e) {
System.err.println("Problem retrieving object: " + e);
}
}
}
The statetment:
"Attribute a = attrs.get("tokenGroups");" returns a = null. Assuming
I can beat that, what I'd like to get from the statement
"NamingEnumeration e = a.getAll();" is an enumerated list of SIDs in
binary form that I can convert to "\aa\bb\cc" form to construng a
search filter.
"System.out.println("DN: " + attrs.get("distinguishedName").get());"
does print the DN, so the basic query seems to connect and return
*some* of the attributes.
Desn't seem that hard, somehow, but I'm stumped again...
Many thanks yet again,
Lincoln
.
- References:
- Getting tokenGroups attribute
- From: LM
- Getting tokenGroups attribute
- Prev by Date: Mapped Drive lost its path
- Next by Date: Re: Global modification of user accounts
- Previous by thread: Getting tokenGroups attribute
- Next by thread: Execute order of Policies
- Index(es):
Relevant Pages
|
