jQuery in Action, 3rd edition
The moose likes Servlets and the fly likes servlet querying active directory Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "servlet querying active directory" Watch "servlet querying active directory" New topic

servlet querying active directory

Chris Snapp

Joined: Nov 14, 2003
Posts: 16
I'm not sure if this post is in the right area, but I'm in need of some direction. I've been working through a document library web app and it's working like a champ. I've come to find out that the project is requiring that the users come from win2000 active directory instead of a database. Does anyone have information or know where I can find info on how to get my servlet to be able to query the domain controllers active directory for user info?
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Active Directory implements the LDAP protocol, so you can use this to query Active Directory via JNDI.
Do you know whether you need to query LDAP declaratively or programatically? You can configure application servers to authenticate against LDAP servers automagically, and you may be able to provide the integration you need without rewriting anything. Except maybe your login stuff to tie into the declarative security.
Chris Snapp

Joined: Nov 14, 2003
Posts: 16
Basically I'm looking to verify username and password from web inputs against the active directory. I would like to have a database table that associates that user and password with a "workspace". Upon a successfull login the server would check which "workspace" the user is authorized to view and pass them over to the servlet handling data connections for that "workspace". Anyways....as you can tell, I'm not familiar at all with working against an LDAP. Any info would be greatly appreciated.
Timothy Ames

Joined: Dec 24, 2003
Posts: 1
What I have done is incorporate Windows2000 groups as the "workspace" piece you are referring to. The Windows user ID must be created in order to authenticate into active directory anyway, so why not create group structures in active directory?
I would not keep a Windows password as a key in a database file. The user name would be OK. Passwords can be and should be changed at will by the user. No one else should know or be able to reference them.
Here is a simple method that can be placed in a class that would provide authentication to an active directory.
Note that Windows2000 active directory requires the user name to be in a user@domain.com format. Change the domain string to your domain.
Note that the providerURL must be the name of your server that houses the active directory. Change server.domain.com to your server name. Also change the "dc=" structures just after it.
In your class, you will need to import:

This should work. This method is just part of a class that I call AuthenticateUser. Other methods I have in this will also look up group information which is more complex depending on your Windows group structure, but doable.
A great tool that I found to view the active directory along with all those funny "dc" and "ou" codes is called the LDAP Browser\Edtior at LDAP Browser\Editor. I found this immensely helpful while researching this topic. It is a java app, and I run it on my Linux box. Should run on Windows too.
Hope this helps.
Chris Snapp

Joined: Nov 14, 2003
Posts: 16
Sorry for the delayed response, holidays had me busy. Thanks Tim....I'm gonna give yer method a shot. It's definitely a huge help in getting me going on this. I've downloaded the ldap editor...one question on that. I'm running XP at home and was looking to test it, does XP use an active directory? Obviously my lack of knowledge on this ldap stuff should be apparent. Thanks again.
I agree. Here's the link: http://aspose.com/file-tools
subject: servlet querying active directory
It's not a secret anymore!