It's not a secret anymore!
The moose likes Security and the fly likes LDAP Search is inconsistent Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP Search is inconsistent" Watch "LDAP Search is inconsistent" New topic

LDAP Search is inconsistent

Jinesh Parekh

Joined: Feb 09, 2004
Posts: 8

I am using Novel LDAP API. I have a user registration form from where the request goes to LDAP to see if the user id is already in use. It works fine the first time, but if the user submits the request again with the same username, the search returns 0 entries found.

I tried using a new connection each time and also attempted to search 5 times in a for loop. Its only the first time that it finds the user,other times it cannot find the user.

Below is the code I am using to communicate with LDAP. Please tell me whats going on here.

Thank you in advance.

Jinesh Parekh

public void userNameExists(String userName) throws ValidationException {
Vector errorMessages = new Vector();
logger.debug("userNameExists() :: entered");

if (userName != null && !userName.trim().equals("")) {

String[] returnAttrList = new String[] { "uid" }; //only return the UID attribute values
String searchFilter = "(uid=" + userName.trim() + ")";
logger.debug("userNameExists() :: LDAP searchFilter = " + searchFilter);

Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute("uid", userName));

LDAPConnection ldapConn = new LDAPConnection();

LDAPConstraints cons = ldapConn.getConstraints();
logger.debug("Disabled referral following");

try {
logger.debug("userNameExists() :: Connecting to LDAP Server: " + LDAP_HOST_NAME + ":" + LDAP_PORT);
ldapConn.connect(LDAP_HOST_NAME, LDAP_PORT);

// bind to the server
logger.debug("userNameExists() :: Bind to LDAP Server as:\n\rUsername: " + LDAP_USERNAME
+ " \n\rPassword: " + LDAP_PASSWORD);
ldapConn.bind(LDAPConnection.LDAP_V3, LDAP_USERNAME, LDAP_PASSWORD.getBytes("UTF8"));

logger.debug("userNameExists() :: Searching for user...");

//search for the username passed in
LDAPSearchResults searchResults =, LDAPConnection.SCOPE_SUB,
searchFilter, null, false); // return

// attrs
// and
// values

logger.debug("userNameExists() :: Number of search results: " + searchResults.getCount());

if (searchResults != null && searchResults.getCount() > 0) {

.info("userNameExists() :: A user account was found, so notify the user they need to choose another username.");

if (logger.isDebugEnabled()) {
* To print out the search results, -- The first while loop goes through all the entries
while (searchResults.hasMore()) {
LDAPEntry nextEntry = null;
try {
nextEntry =;
} catch (LDAPException e) {
logger.debug("userNameExists() :: Debugging Error: ", e);

// Exception is thrown, go for next entry

logger.debug("userNameExists() :: Next DN = " + nextEntry.getDN());

//some results exist - so the username must exist
.add("The username provided is already in use. Please provide a different email address. If you feel this is incorrect, please contact <a href=''></a> for further assistance.");
} catch (Exception exp) {
"userNameExists() :: An Exception occurred while searching for a user - usernames cannot be verified against OpenLDAP!",
.add("The username provided cannot be verified. Please try registering at a later time. If you feel this message is incorrect, please contact <a href=''></a> for further assistance.");
} finally {
//release the connection we just used to search for the user
try {
if (ldapConn != null) {

ldapConn = null;
} catch (LDAPException lExp) {
logger.warn("userNameExists() :: Could not close the connection to LDAP!", lExp);
} else {
//this should never really happen
.add("The username provided cannot be verified. Please try registering at a later time. If you feel this message is incorrect, please contact <a href=''></a> for further assistance.");

if (errorMessages.size() > 0) {
// throw new ValidationException(errorMessages);
Matthew Snow
Ranch Hand

Joined: May 02, 2007
Posts: 82
I'm having the same issue. I found that it has to do with how much time you wait between calling and For my situation the sweet spot is to sleep 100 millis (Thread.sleep(100)) before calling next(). This gives me a 50% chance of a hit or a miss for the same search base on a good connection.

Is there a way tell the search to block until complete or to implement a reliable ready() function for LDAPSearchResults similar to the one in BufferedReader?

Oh, and here is the entry in my pom:

When you break the big rules, you get a lot of little rules.
I agree. Here's the link:
subject: LDAP Search is inconsistent
It's not a secret anymore!