Java > LDAP > How to Query password attribute of LDAP Entry
How to Query password attribute of LDAP Entry
LDAP (Lightweight Directory Access Protocol) is based on X.500 standard.
Its a hierarchical data structure with Entries organized in a tree like structure
called Directory Information Tree (DIT).
The following example shows retrieving 'userPassword' attribute of all entries having
objectclass as 'person'. The attributes such as user role and password are not grouped
under default attributes. In such cases we have to explicitly specify the
list of attributes to be queried.
The password string returned by LDAP Server can be an encrypted string
which depends on the LDAP Server password encryption strategy.
package com.bethecoder.tutorials.ldap; import java.util.Hashtable; import javax.naming.Context; import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; public class QueryPasswordAttributeTest { /** * @param args */ public static void main ( String [] args ) { //Setup the environment to login as 'Directory Manager' String rootDN = "cn=Directory Manager" ; String rootPWD = "abcd1234" ; Hashtable<String, String> environment = new Hashtable<String, String> () ; environment.put ( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" ) ; environment.put ( Context.PROVIDER_URL, "ldap://localhost:389/dc=test,dc=com" ) ; environment.put ( Context.SECURITY_AUTHENTICATION, "simple" ) ; environment.put ( Context.SECURITY_PRINCIPAL, rootDN ) ; environment.put ( Context.SECURITY_CREDENTIALS, rootPWD ) ; DirContext dirContext = null ; NamingEnumeration<?> results = null ; try { dirContext = new InitialDirContext ( environment ) ; /** * Retrieve the specific attributes */ SearchControls controls = new SearchControls () ; controls.setSearchScope ( SearchControls.SUBTREE_SCOPE ) ; controls.setReturningAttributes ( new String [] { "nsRole" , "userPassword" , "uid" , "objectClass" , "givenName" , "sn" , "cn" }) ; //Get entries having objectclass=person String filter = "(objectclass=person)" ; results = dirContext.search ( "" , filter, controls ) ; while ( results.hasMore ()) { SearchResult searchResult = ( SearchResult ) results.next () ; Attributes attributes = searchResult.getAttributes () ; NamingEnumeration<? extends Attribute> attrs = attributes.getAll () ; while ( attrs.hasMore ()) { System.out.println ( attrs.next ()) ; } //Password string depends on LDAP password policy Attribute pwd = attributes.get ( "userPassword" ) ; System.out.println ( "=> userPassword : " + new String (( byte []) pwd.get ())) ; System.out.println () ; } } catch ( NameNotFoundException e ) { e.printStackTrace () ; } catch ( NamingException e ) { e.printStackTrace () ; } finally { if ( results != null ) { try { results.close () ; } catch ( Exception e ) { } } if ( dirContext != null ) { try { dirContext.close () ; } catch ( Exception e ) { } } } } }
uid: svenkata
userPassword: [B@13a328f
givenName: sudhakar
objectClass: top, person, organizationalPerson, inetorgperson
sn: venkata
nsRole: cn=admin,ou=home_team,ou=people,dc=test,dc=com
cn: sudhakar venkata
=> userPassword : abcd1234
uid: aradha
userPassword: [B@1cd8669
givenName: anu
objectClass: top, person, organizationalPerson, inetorgperson
sn: radha
nsRole: cn=super admin,ou=home_team,ou=people,dc=test,dc=com
cn: anu radha
=> userPassword : abcd1234
uid: sram
userPassword: [B@337838
givenName: sri
objectClass: top, person, organizationalPerson, inetorgperson
sn: ram
nsRole: cn=super admin,ou=home_team,ou=people,dc=test,dc=com
cn: sri ram
=> userPassword : abcd1234
