Using JAVA code with Active Directory
I tend to run into many JAVA coded applications which are coded simply for LDAP access, but do not utilize Active Directory as well as they could be. Here are some resources JAVA developers can utilize to create more effective integrations.
Fortunately, there is guidance from Steven Adler and other resources out there on how to write better JAVA applications for integration with Active Directory. I have often referred to his posts when helping developers, but it makes sense to attempt to consolidate those links here for others. If you are a JAVA developer, bookmark this page, as I intend to update it as I discover useful information.
I attempted to break them apart into sections to where I thought there were applicable, and summarize what each post’s intended solution was for.
Authentication
- JNDI, Active Directory and Authentication (part 1) – Using the GSS-API with Kerberos for authenticating users utilizing JAAS
- JNDI, Active Directory & Authentication (part 2) – Using SSL or LDAPS
- JNDI, Active Directory & Authentication (part 3) – Using Digest-MD5
- JNDI, Active Directory and Authentication (Part 4) (SASL EXTERNAL) – using TLS/Certificates with the external SASL mechanism
- JNDI, Active Directory and Authentication (part 5) – Using the Server Fast Bind Control for authentication.
- JNDI, Active Directory (Creating new users & demystifying userAccountControl) – Creating new users in Active Directory
- Step by step instructions for LDAP SSL
Authorization
Directory Operations (Connect,Search)
- JNDI, Active Directory & Persistent Searches (part 1) – Utilizing the DirSync Control
- JNDI, Active Directory and Persistent Searches (part 2)
- JNDI, Active Directory, Paging and Range Retrieval – Effective use of paging to conform to the 1000 MaxPageSize Query Policy
- JNDI, Active Directory and objectGUID’s – Searching and displaying the objectGuid value
- JNDI, Active Directory and SID’s (Security Identifiers) – Searching and displaying the objectSid value in both friendly string, and binary format
- JNDI, Active Directory and LDAP Extended Controls (LDAP Stats, Verify Name)
- Querying deleted objects container in Active Directory using JNDI
- JNDI, Active Directory, Attribute Scoped Queries
- JNDI, Active Directory, Referrals and Global Catalog – Also useful information on using SRV DNS records for services discovery
Managing Objects
- JNDI, Active Directory & Changing Passwords
- JNDI, Active Directory and User Account status (account expired, locked)
- JNDI, Active Directory, Extending the schema
- Creating MailBox-enabled Users In Active Directory Using JNDI
- JNDI, Active Directory and Group Memberships – Retrieving group membership information
Other related resources for JAVA:
- Tutorial: Using the JDK for Java Naming and Directory Interface (JNDI)
- Naming and Directory Concepts
- JNDI Overview
- Software Setup
- Naming and Directory Operations
- Advanced Topics for LDAP users
- Accessing Objects in the Directory
Related posts:
September 23rd, 2008 at 6:21 am
RE: Using JAVA code with Active Directory
Si vous êtes développeur JAVA et que la tache incongrue de vous interfacer avec Active Directory vous
May 12th, 2009 at 6:21 pm
Interesting post, it helps me in my research, thanks!
November 12th, 2009 at 1:30 am
can some one tell me the code,on how to search an user in Active Directory using Java code
December 11th, 2009 at 5:50 am
User gets authenticated using LDAP, then thru GSS he needs to access(read) the data across other domains without re-authentications on a kerberos server. Please provide a java code for drawing a resolution on this. Urgently needed
December 11th, 2009 at 12:50 pm
User gets authenticated using LDAP, then thru GSS he needs to access(read) the data across other domains without re-authentications on a kerberos server. Please provide a java code for drawing a resolution on this. Urgently needed
March 24th, 2010 at 2:35 am
[...] I have been looking into developing domain analysis tools (especially AD) with Java and came by this link that outlines all the resources from Sun Oracle that outline how to use the JNDI framework for AD [...]
July 27th, 2010 at 3:10 pm
This code has been extremely helpful. However I'm having an issue with the changing of the password section. I have added this for the trustStore stuff.
String keystore = “C:\Program Files\IBM\SDP\jdk\jre\lib\security\cacerts”;
System.setProperty(“javax.net.ssl.trustStore”, keystore);
However when I connect now I get a socket exception at the tls.negotiate(); line.
Any ideas what might be causing this or how I can get more detail on the error?