LDAP: How to get all Groups in Active Directory?

Is there a way to get the names of all 开发者_如何学JAVAgroups in Active Directory using java?

Use Java JNDI, and do a search for (objectclass=group) and request the cn attribute. This will get all the groups name.

Code example:

import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class Test {

    public static String ldapUri = "ldap://localhost";
    public static String usersContainer = "cn=users,dc=example,dc=com";

    public static void main(String args[]) {

        if (args.length != 2) {
            System.out.println("Usage: test userName password");
            return;
        }
        String username = args[0];
        String password = args[1];

        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, ldapUri);
        env.put(Context.SECURITY_PRINCIPAL, username);
        env.put(Context.SECURITY_CREDENTIALS, password);
        try {
            DirContext ctx = new InitialDirContext(env);
            SearchControls ctls = new SearchControls();
            String[] attrIDs = { "cn" };
            ctls.setReturningAttributes(attrIDs);
            ctls.setSearchScope(SearchControls.ONELEVEL_SCOPE);

            NamingEnumeration answer = ctx.search(usersContainer, "(objectclass=group)", ctls);
            while (answer.hasMore()) {
                SearchResult rslt = (SearchResult) answer.next();
                Attributes attrs = rslt.getAttributes();
                System.out.println(attrs.get("cn"));
            }

            ctx.close();

        } catch (NamingException e) {
            e.printStackTrace();
        }

    }
}

You can use this library. It's easy to use and powerfull

http://code.google.com/p/jedi-obi/

I used Kalyan's example to query for user groups, but found that although the query worked, it did not returned all user groups. After some digging, I became aware of the AD Global Catalogue and based this example, I was able to modify Kalyan's answer to return all user groups from the global catalogue.

The required changes were:

1. Added global port 3268 to the ldapUri

2. Set the first parameter to Context.search to "".

   public static void main(String args[]) {
       String ldapUri = "ldap://ad.domain.com";
   
       if (args.length != 2) {
           System.out.println("Usage: test userName password");
           return;
       }
       String username = args[0];
       String password = args[1];
   
       Hashtable env = new Hashtable();
       env.put(Context.INITIAL_CONTEXT_FACTORY,
               "com.sun.jndi.ldap.LdapCtxFactory");
       env.put(Context.PROVIDER_URL, ldapUri + ":3268");
       env.put(Context.SECURITY_PRINCIPAL, username);
       env.put(Context.SECURITY_CREDENTIALS, password);
       try {
           DirContext context = new InitialDirContext(env);
           SearchControls searchControls = new SearchControls();
           String[] attrIDs = {"cn"};
           searchControls.setReturningAttributes(attrIDs);
           searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
   
           NamingEnumeration answer = context.search("", "(objectclass=group)", searchControls);
           while (answer.hasMore()) {
               SearchResult rslt = (SearchResult) answer.next();
               Attributes attrs = rslt.getAttributes();
               System.out.println(attrs.get("cn"));
           }
   
           context.close();
   
   
       } catch (NamingException e) {
           e.printStackTrace();
       }
   
   }