My Java web project needs to get a user's phone# by using his/her username(intranet login name), so I think the employee's phone# is available from company's Active Directory, so I am trying to access the access Active Directory to get the phone#, but I have problem to get it, basically, I need to bind the server by using employee's user ID and password, but there is no way I can get all employee's password to get their information (phone#), I also can not use Admin's password in my java codes. something like this example:
Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
ldapEnv.put(Context.SECURITY_PRINCIPAL, "cn=jean paul blanc,ou=MonOu,dc=dom,dc=fr");
Is there anyway to get the employee's data (phone#) without using any authentication (userID and password)? basically, I just need to read (search) the active Directory by employee's username, not need to do any updating.
basically, I need to make anonymous queries to Active Directory. I need to make anonymous queries to return employee's phone# by using his/her username without needing to configure Active Directory to allow these queries. from this post: http://support.microsoft.com/kb/320528 it seems that I have to configuration, but I do not want to do any configuration for my company's active directory just due to my this simple request.
I appreciate is anybody have any good example. thanks a lot,
What I've done in the past is let the sysadmins setup one single account with read-only access to the AD, then use that account. You still need to authenticate, but with only one account, not each separate account.
Rob Spoor wrote:What I've done in the past is let the sysadmins setup one single account with read-only access to the AD, then use that account. You still need to authenticate, but with only one account, not each separate account.
thanks a lot, if we an confirm that there is no way to access (even just read access) Active Directory without provide the authenticatation( I mean to provide user id and password), in another word ,to access it anonymously, then I think that is the only solution.
But the thing is that I do not want to bother Admin people to create a new account just for this purpose, and they may not like to do it.
Any other ideas?
It is possible to set up anonymous access on AD. How to do it varies depending on which server you are using. It is also disabled by default (as it's a potential security hole) so you will need to bother Admin people whichever route you take.
Joanne Neal wrote:It is possible to set up anonymous access on AD. How to do it varies depending on which server you are using. It is also disabled by default (as it's a potential security hole) so you will need to bother Admin people whichever route you take.
Thanks a lot for your help, can I ask how many AD server normally used? can you give some examples?
The versions of Windows Server that you will probably still find in use are 2012, 2008 and possibly 2003. The process for enabling anonymous LDAP access is different on each of these, but your admin should know how to do it.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop