tl  tr
  Home | Tutorials | Articles | Videos | Products | Tools | Search
Interviews | Open Source | Tag Cloud | Follow Us | Bookmark | Contact   
 Java > LDAP > How to Query password attribute of LDAP Entry

How to Query password attribute of LDAP Entry 

LDAP (Lightweight Directory Access Protocol) is based on X.500 standard. Its a hierarchical data structure with Entries organized in a tree like structure called Directory Information Tree (DIT). The following example shows retrieving 'userPassword' attribute of all entries having objectclass as 'person'. The attributes such as user role and password are not grouped under default attributes. In such cases we have to explicitly specify the list of attributes to be queried. The password string returned by LDAP Server can be an encrypted string which depends on the LDAP Server password encryption strategy.

directory.png

File Name  :  
com/bethecoder/tutorials/ldap/QueryPasswordAttributeTest.java 
Author  :  Sudhakar KV
Email  :  [email protected]
   
package com.bethecoder.tutorials.ldap;

import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;


public class QueryPasswordAttributeTest {

  /**
   @param args
   */
  public static void main(String[] args) {

    //Setup the environment to login as 'Directory Manager'
    String rootDN = "cn=Directory Manager";
    String rootPWD = "abcd1234";
    
    Hashtable<String, String> environment = new Hashtable<String, String>();
    environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    environment.put(Context.PROVIDER_URL, "ldap://localhost:389/dc=test,dc=com");
    environment.put(Context.SECURITY_AUTHENTICATION, "simple");
    environment.put(Context.SECURITY_PRINCIPAL, rootDN);
    environment.put(Context.SECURITY_CREDENTIALS, rootPWD);

    DirContext dirContext = null;
    NamingEnumeration<?> results = null;
    
    try {
      dirContext = new InitialDirContext(environment);

      /**
       * Retrieve the specific attributes 
       */
      SearchControls controls = new SearchControls();
      controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      controls.setReturningAttributes(new String [] { 
          "nsRole"
          "userPassword",
                "uid",
                "objectClass",
                "givenName",
                "sn",
                "cn"
      });

      //Get entries having objectclass=person
      String filter = "(objectclass=person)";
      results = dirContext.search("", filter, controls);

      while (results.hasMore()) {
        SearchResult searchResult = (SearchResultresults.next();
        Attributes attributes = searchResult.getAttributes();
        
        NamingEnumeration<? extends Attribute> attrs = attributes.getAll();

        while (attrs.hasMore()) {
          System.out.println(attrs.next());
        }

        //Password string depends on LDAP password policy
        Attribute pwd = attributes.get("userPassword");
        System.out.println("=> userPassword : " new String((byte[])pwd.get()));
        System.out.println();
      }

    catch (NameNotFoundException e) {
      e.printStackTrace();
    catch (NamingException e) {
      e.printStackTrace();
    finally {
      if (results != null) {
        try {
          results.close();
        catch (Exception e) {
        }
      }

      if (dirContext != null) {
        try {
          dirContext.close();
        catch (Exception e) {
        }
      }
    }

  }

}
   

It gives the following output,
uid: svenkata
userPassword: [B@13a328f
givenName: sudhakar
objectClass: top, person, organizationalPerson, inetorgperson
sn: venkata
nsRole: cn=admin,ou=home_team,ou=people,dc=test,dc=com
cn: sudhakar venkata
=> userPassword : abcd1234

uid: aradha
userPassword: [B@1cd8669
givenName: anu
objectClass: top, person, organizationalPerson, inetorgperson
sn: radha
nsRole: cn=super admin,ou=home_team,ou=people,dc=test,dc=com
cn: anu radha
=> userPassword : abcd1234

uid: sram
userPassword: [B@337838
givenName: sri
objectClass: top, person, organizationalPerson, inetorgperson
sn: ram
nsRole: cn=super admin,ou=home_team,ou=people,dc=test,dc=com
cn: sri ram
=> userPassword : abcd1234



 
  


  
bl  br