Query for "ACTIVE" users in LDAP server NOT working
I need to be able to get via querying the active directory using the LDAP server a list of defined ACTIVE users from the active directory.
I have tried to do this via a successful connection to my ldap server. In the java code below I get back ONLY 1 record when using the accountExpires attribute. I should get back a list of records with each record displaying the DISPLAY NAME and MAIL attribute from the ldap server.
Here is my code:
public static void main(String[] args) {
ADUserAttributes adUserAttributes = new ADUserAttributes();
adUserAttributes.getLdapContext());
adUserAttributes.getActiveEmpRecordsList("0", adUserAttributes.getLdapContext());
}
public LdapContext getLdapContext(){
LdapContext ctx = null;
try{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, "e~inventory");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.PROVIDER_URL, "ldap://xxxdc01.txh.org");
ctx = new InitialLdapContext(env, null);
System.out.println("Connection Successful.");
} catch(NamingException nex){
System.out.println("LDAP Connection: FAILED");
nex.printStackTrace();
}
return ctx;
}
private List<String> getActiveEmpRecordsList(String accountExpires, LdapContext ctx) {
List<String> activeEmpAttributes = new ArrayList<String>();
Attributes attrs = null;
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = {"displayname", "mail"};
constraints.setReturningAttributes(attrIDs);
NamingEnumeration answer = ctx.search("DC=txh,DC=org", "accountExpires=" + accountExpires, constraints);
if (answer.hasMore()) {
attrs = ((SearchResult) answer.next()).getAttributes();
int empNameLen = attrs.get("displayname").toString().length();
int empEmailAddrLen = attrs.get("mail").toString().length();
activeEmpAttributes.add(attrs.get("displayname").toString().substring(13, empNameLen));
activeEmpAttributes.add(attrs.get("mail").toString().substring(6, empEmailAddrLen));
ctx.close();
}else{
throw new Exception("Invalid User");
}
System.out.println("activeEmpAttributes: " + activeEmpAttributes);
System.out.println("count: " + activeEmpAttributes.size开发者_如何转开发());
} catch (Exception ex) {
ex.printStackTrace();
}
return activeEmpAttributes;
}
You can use a PrincipalSearcher
and a "query-by-example" principal to do your searching:
// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// define a "query-by-example" principal - here, we search for active UserPrincipals
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Enabled = true;
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);
// find all matches
foreach(var found in srch.FindAll())
{
// do whatever here - "found" is of type "Principal" - it could be user, group, computer.....
}
If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement
You can specify any of the properties on the UserPrincipal
and use those as "query-by-example" for your PrincipalSearcher
.
精彩评论