I have just got this requirement two days back and I'm using a LDAP(openDS) for the first time. As things are I have got a very limited time for R&D. I have gone through the developers guide and SDK Api for openDS as much as possible.
Basically I have got a very simple requirement. I will be provided a 'user-id' and using that I have to authenticate whether this user belongs to any available groups (defined by me) in the LDAP.
I have managed to do this code snippet:
public void getGroup(String userId) {
Connection connection = new LDAPConnection().getConnection();
try {
// No explicit bind yet so we remain anonymous for now.
SearchResultEntry entry;
entry = connection.searchSingleEntry("ou=Groups,dc=example,dc=com",
SearchScope.WHOLE_SUBTREE,
"(uniqueMember=" + "uid="+userId+", ou=People, dc=example,dc=com" + ")",
"cn");
String cn = entry.getAttribute("cn").firstValueAsString();
System.out.println("Hello, " + cn + "!");
} catch (ErrorResultException e) {
e.getMessage();
} finally {
closeConnection(connection);
}
}
Now if I receive a search result then the user belongs to a group otherwise not. Now I'm not sure is this the way to achieve this. I also looked something like 'isMemberOf' but I'm not sure whether the API provide such kind of method or that is something else.
Any help is much appreciated. Thanks.
The LDAP Client should transmit a search request to the server with the following filter:
and the appropriate base object, filter, and requested attributes. This assumes the server has the
isMemberOf
virtual attribute enabled.If only the relative distinguished name component is available, the LDAP client must search for the distinguished name - in this case use
(<attribute-type>=<userid>>)
(for example,'(uid=user.1)'
) and1.1
for the request attribute which will result in no attributes being returned. The distinguished name is always returned for each matched entry. Then construct the filter withisMemberOf
and search again.see also