File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB and other Java EE Technologies and the fly likes LDAP Syntax - Don't Understand Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "LDAP Syntax - Don Watch "LDAP Syntax - Don New topic

LDAP Syntax - Don't Understand

Scott Harris

Joined: Mar 18, 2009
Posts: 7
I'm trying to write what should be a pretty straightforward little program. All I need to do is log into Active Directory, and ask "Does this username exist" or "does this group exist?"

I can authenticate and log in just fine using:

However, all the examples I find online use something similar to for the login name. I have no idea what the CN and DC means or how you're supposed to know what it means. Plus... how is CN assigned two different values?

I've found examples for searching online, and they seem pretty straightforward. Below is one such example I have found.

1) How do you know what the names of the attributes are? Is there a standard? This program needs to run on any computer.
2) Same thing but with the searchFilter.
3) How are the attributes in returnedAtts different from the things in the search filter? For example, "mail" is used in both.
4) What is searchBase and why is it set to an empty String?

Kj Reddy
Ranch Hand

Joined: Sep 20, 2003
Posts: 1704
I never connected LDAP with Java program but configured for web servers. The information in LDAP will be stored in a tree structure as follows:
dc(domain component) -> can be parent company name at top level
- dc(domain component) -> can be child company name, under parent
- - o(organization) -> organization name under child dc
- - - ou (organization unit) -> can be department name, under chilld dc
- - - - users

You need to supply all the information to validate the user, and if you just give user name it may not be validated ( not sure, at least in my case it didnt work).

May be you can install JXplorer( which is a freeware to look into ldap system. In that if you select a user and see properties, it should give how to frame above information.

Hope it helps.

Kj Reddy
Ranch Hand

Joined: Sep 20, 2003
Posts: 1704
The following link gives some more info:
I agree. Here's the link:
subject: LDAP Syntax - Don't Understand
It's not a secret anymore!