用JAVA 查询 Active Directory（AD）

Required Details

• LDAP address (For e.g.: myjeeva.com or IP of the Domain Controller/Global Catalog[GC])
• Port # (For e.g.: 3289 or 389) where would you to like search user details?
• Domain Username
• Domain Password

Important Reference: will introduce you to the classes needed for querying Active Directory using Java. Have a look and know more about it.

• javax.naming.Context
• javax.naming.directory.InitialDirContext
• javax.naming.directory.DirContext
• javax.naming.directory.SearchControls
• javax.naming.directory.SearchResult

---

How to do – Step by Step explaination

For an easy understanding perspective; I will be following line by line approach.  ActiveDirectory  Class file and example of how to use that ActiveDirectory class file in javaprogram. Downloads of these files you will find below.

Step 1

Compose LDAP address and supply following parameters username, password, ldap address as a domain into ActiveDirectory  constructor.

ActiveDirectory activeDirectory = new ActiveDirectory(username, password,
domain);

Step 2

Invoke searchUser method with parameters of searchTerm, choice and searchBase.

NamingEnumeration<SearchResult> result =
activeDirectory.searchUser(searchTerm, choice, “DC=myjeeva,DC=com”);

Step 3

Now you have your search result in result variable.

---

How it works?

Part 1

ActiveDirectory constructor-

• It creates properties instance with given values (ldap address, username, password)
• It initializes the Directory Context
• It assign the Search Scope and return attribute names

/**

* constructor with parameter for initializing a LDAP context

* 

* @param username a {@link java.lang.String} object - username to establish a LDAP connection

* @param password a {@link java.lang.String} object - password to establish a LDAP connection

* @param domainController a {@link java.lang.String} object - domain controller name for LDAP connection

*/

public ActiveDirectory(String username, String password, String domainController) {

properties = new Properties();

properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

properties.put(Context.PROVIDER_URL, "LDAP://" + domainController);

properties.put(Context.SECURITY_PRINCIPAL, username + "@" + domainController);

properties.put(Context.SECURITY_CREDENTIALS, password);

// initializing active directory LDAP connection

try {

dirContext = new InitialDirContext(properties);

} catch (NamingException e) {

LOG.severe(e.getMessage());

}

// default domain base for search

domainBase = getDomainBase(domainController);

// initializing search controls

searchCtls = new SearchControls();

searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

searchCtls.setReturningAttributes(returnAttributes);

}

Part 2

searchUser method utilizes the filter method to construct the active directory query.

/**

* search the Active directory by username/email id for given search base

* 

* @param searchValue a {@link java.lang.String} object - search value used for AD search for eg. username or email

* @param searchBy a {@link java.lang.String} object - scope of search by username or by email id

* @param searchBase a {@link java.lang.String} object - search base value for scope tree for eg. DC=myjeeva,DC=com

* @return search result a {@link javax.naming.NamingEnumeration} object - active directory search result

* @throws NamingException

*/

public NamingEnumeration<SearchResult> searchUser(String searchValue,

String searchBy, String searchBase) throws NamingException {

String filter = getFilter(searchValue, searchBy);

// For eg.: "DC=myjeeva,DC=com";

String base = (null == searchBase) ? domainBase : getDomainBase(searchBase);

return this.dirContext.search(base, filter, this.searchCtls);

}

private String getFilter(String searchValue, String searchBy) {

String filter = this.baseFilter;

if(searchBy.equals("email")) {

filter += "(mail=" + searchValue + "))";

} else if(searchBy.equals("username")) {

filter += "(samaccountname=" + searchValue + "))";

}

return filter;

}

---

Downloads

ACTIVEDIRECTORY.JAVASAMPLEUSAGEACTIVEDIRECTORY.JAVA

---

Completion

That’s it, you have learned querying active directory using java and you can download artifacts. Try it out yourself with class provided and experiment it.

For any queries please leave a comment!

原文： http://myjeeva.com/querying-active-directory-using-java.html

相关链接:

1. How To Authenticate Users With Active Directory

2. AzureAD/azure-activedirectory-library-for-java

3. Java JNDI/LDAP: Windows Active Directory Authentication, Organizational Unit, Group & Other Information Access

4. A complete Java example complete with LDAP query code ...

5. Using JAVA code with Active Directory – JefTek.com