Announcement Announcement Module
Collapse
No announcement yet.
help using ldapTemplate Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • help using ldapTemplate

    I am new to LDAP. I am using the ldapTemplate and having problems retrieving some values. Here is my LDAP structure:
    Code:
    dc=myorg,dc=org
      - ou=Users
         - uid=john
         - uid=mary
      - ou=Groups
         - cn=Group one
         - cn=Group two
    Where each Group has the following attributes for example:
    Code:
    objectClass 		top
    objectClass       	groupOfMembers
    cn			Group one
    uniqueMember		uid=john,ou=Users,dc=myorg,dc=org
    uniqueMember		uid=anna,ou=Users,dc=myorg,dc=org
    uniqueMember		uid=maria,ou=Users,dc=myorg,dc=org
    .
    .
    .
    I am trying to get a list of all uniqueMembers of a group, but the following code only returns the first uniqueMember:

    Code:
    public List getGroupUserNames(String groupID) {
    		return ldapTemplate.search("cn="+ groupID +",ou=Groups", "uniqueMember=*",
    				new AttributesMapper() {
    					public Object mapFromAttributes(Attributes attrs)
    							throws NamingException {
    						return attrs.get("uniqueMember").get();
    					}
    				});
    	}
    Here is my configuration of contextSource

    Code:
    <bean id="contextSource"
    		class="org.springframework.ldap.support.LdapContextSource">
    		<property name="url" value="ldap://myserver.myorg.org:4444" />
    		<property name="base" value="dc=myorg,dc=org" />
    		<property name="userName" value="cn=Manager,dc=myorg,dc=org" />
    		<property name="password" value="secret" />
    	</bean>
    Pls help!

  • #2
    Yes, your problem is that uniqueMember is a multi-value attribute, which means that using an AttributesMapper you'll need to extract each of these values from the Attribute instance (there is a get(int index) in the Attributes interface that you can use for this purpose).

    However, that's kind of messy so you'll probably not want to go there. I'd recommend using a ContextMapper instead. The DirContextAdapter sent to the mapFromContext method of your ContextMapper implementation has a getStringAttributes() method that does all the messy work described above, so what you'd do is:
    Code:
    public List getGroupUserNames(String groupID) {
    		return ldapTemplate.search("cn="+ groupID +",ou=Groups", "uniqueMember=*",
    				new ContextMapper() {
    					public Object mapFromContext(Object ctx)
    							throws NamingException {
                                                    DirContextAdapter adapter  = (DirContextAdapter) ctx;
    						return adapter.getStringAttributes();
    					}
    				});
    	}
    Using the above you'll get a List of String arrays with all the uniqueMember attributes of each group. This is described in some more detail in the reference documentation and the javadocs. Note that since you're specifying the exact DN of the group you're looking for you'll only get one entry in the returned list. You should use a lookup if you're looking for one single entry. Also, you shouldn't be concatenating distinguished names using ordinary String concatenation. There are some tricky escaping rules that apply to DNs, so you should use the DistinguishedName class to build DNs.
    Last edited by rasky; Jul 31st, 2007, 03:56 PM.

    Comment


    • #3
      Rasky,
      Thanks for your response. Following your suggestions, here is a working piece of code that retrieves a list of all uniqueMembers in a group.

      Code:
      	public String[] findLdapGroupUsers(String groupID) {
      		DistinguishedName dn = new DistinguishedName();
      		dn.add("ou","Groups");
      		dn.add("cn",groupID);
      		return (String[]) ldapTemplate.lookup(dn, 
      			new ContextMapper() {
      				public Object mapFromContext(Object ctx) {
                                              DirContextAdapter adapter  = (DirContextAdapter) ctx;
      					return adapter.getStringAttributes("uniqueMember");
      				}
      			});
      	}
      Do I need need to register the DefaultDirObjectFactory with the ContextSource? It seems to work without it.

      Comment


      • #4
        No you don't need to register the DefaultDirObjectFactory, that's done by default.

        Comment


        • #5
          Thanks again, I have another question. What would be the best way to get just one uniqueMember. For example I want to check if "uid=john,ou=Users,dc=myorg,dc=org" is in the uniqueMember attribute. Do I get the entire list of uniqueMembers and then search the array of strings (probably slow)? I've tried using a AndFilter with the ldapTemplate.search, but I get nothing.
          Code:
          		AndFilter filter = new AndFilter();
          		filter.and(new EqualsFilter("objectclass", "groupOfUniqueNames"));
          		filter.and(new WhitespaceWildcardsFilter("uniqueMember", "uid=" + userId+"*"));		
          		return  ldapTemplate.search(dn, filter.encode(),
          				new ContextMapper() {
          					public Object mapFromContext(Object ctx) {
                                  DirContextAdapter adapter  = (DirContextAdapter) ctx;
          						return adapter.getStringAttributes("uniqueMember");
          					}
          				});

          Comment


          • #6
            I'm not sure what you're trying to do. In your snippet you're looking for all groups that have a uniqueMember with the specified uid, which would be a pretty common thing to do. The search will return the full entries found (i.e. the actual groups) - the search filter only applies to the search criteria, not what is returned. What you would normally do is get the cn attribute of the group, which would give you a list of the groups that the specified user is a member of.

            If you are looking for the DN of the person with a specific uid you should search for the person and then get its DN from the DirContextAdapter.

            Comment


            • #7
              Thanks again rasky, your explanation helped me a lot. However, in the previous snippet (which is confusing) I was trying to do is, check whether or not a user, with uid=xx, exists in a specific group.

              Comment

              Working...
              X