You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by slott <be...@atchik-realtime.com> on 2012/08/23 10:09:49 UTC

Retrieve attributes from LDAP (active directory)

I am extending the ActiveDirectoryRealm and can authenticate and authorize
users fine. Their username is typically their initials, such as js for John
Smith. 

However, I'd like to retrieve more information about the user, such as their
email or phone number or whatever. I'm not able to find any documentation on
how to do this. Although I've managed to succeed in retrieving it by using a
static string in this manner:

ldapContextFactory.getSystemLdapContext().getAttributes("CN=John
Smith,CN=Users,DC=foo,DC=bar") 

But I do not have the name of the user and hence cannot do this dynamically.
What is the best way to search ldap?
Should I rather use JndiLdapRealm class?



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Retrieve-attributes-from-LDAP-active-directory-tp7577728.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Retrieve attributes from LDAP (active directory)

Posted by slott <be...@atchik-realtime.com>.

Found the answer thanks to 
http://www.deepakgaikwad.net/index.php/2009/09/24/retrieve-basic-user-attributes-from-active-directory-using-ldap-in-java.html

Here is an example

LdapContext ctx = ldapContextFactory.getSystemLdapContext();

final SearchControls constraints = new SearchControls();
                   
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
                    final String[] attrIDs = {"displayName", "mail"};
                    constraints.setReturningAttributes(attrIDs);

                    final NamingEnumeration<SearchResult> answer =
ctx.search("CN=Users,DC=foo,DC=bar", "sAMAccountName="
                            + token.getPrincipal().toString(), constraints);

                    if (answer.hasMore()) {
                        final Attributes attrs =
answer.next().getAttributes();
                        System.out.println(attrs.get("mail").get());
                        System.out.println(attrs.get("displayName").get());
                    } else {
                        throw new Exception("Invalid User");
                    }



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Retrieve-attributes-from-LDAP-active-directory-tp7577728p7577729.html
Sent from the Shiro User mailing list archive at Nabble.com.