Sun One Directory Server (iPlanet) - LDAP
Group/Member hierarchy as defined on LDAP server:
NHL
|
|__Atlantic
|
|__Philadelphia Flyers
|
|__Jeremy Roenick
LDAP lookup DOES NOT work hierarchially - must specify direct group of member to find member.
Groups do not have to be created in a hierarchy because it doesn't matter.
Members must be added separately to other groups if they need to span multiple groups.
Results:
java LDAPFinder 10.1.3.13 389 "cn=NHL ,ou=Groups, dc=HOME,dc=COM" "uid=JRoenick,ou=People, dc=HOME,dc=COM"
Not a member
java LDAPFinder 10.1.3.13 389 "cn=Atlantic ,ou=Groups, dc=HOME,dc=COM" "uid=JRoenick,ou=People, dc=HOME,dc=COM"
Not a member
java LDAPFinder 10.1.3.13 389 "cn=Philadelphia Flyers ,ou=Groups, dc=HOME,dc=COM" "uid=JRoenick,ou=People, dc=HOME,dc=COM"
Is a member
-----------------------------------------------------------------------------
Using a different program to show unique members of a specified group shows how only the immediate
"sub-group" is shown as a member, and nothing below that.
java RdEntry cn=NHL,ou=Groups, dc=HOME,dc=COM
Attributes:
cn NHL
uniqueMember
cn=Atlantic,ou=Groups, dc=HOME,dc=COM
java RdEntry cn=Atlantic,ou=Groups, dc=HOME,dc=MDE
Attributes:
cn Atlantic
uniqueMember
cn=Philadelphia Flyers,ou=Groups, dc=HOME,dc=COM
java RdEntry cn=Philadelphia Flyers,ou=Groups, dc=HOME,dc=COM
Attributes:
cn Philadelphia Flyers
uniqueMember
uid=JRoenick,ou=People, dc=HOME,dc=COM
/**** Code for LDAPFinder as used above ***/
public class LDAPFinder extends LDAPBasePropertySupport
{
public static void main( String[] args )
{
if (args.length != 4) {
System.out.println( "Usage: LDAPFinder host port group member" );
System.exit(1);
}
String host = args[0];
int port = Integer.parseInt(args[1]);
String group = args[2];
String member = args[3];
LDAPFinder finder = new LDAPFinder();
finder.authenticate(host, port, group, member);
}
private void authenticate(String host, int port, String group, String member)
{
LDAPConnection m_ldc;
boolean isMember = false;
int numDataEntries = 0;
// Search
try
{
m_ldc = new LDAPConnection();
connect( m_ldc, host, port);
String[] attrs = new String[4];
attrs[0] = "member";
attrs[1] = "uniqueMember";
attrs[2] = "memberOfGroup";
attrs[3] = "memberurl";
LDAPSearchResults results =
m_ldc.search( group,
LDAPConnection.SCOPE_BASE,
"objectclass=*",
attrs, false);
// Should be only one result, at most
LDAPEntry entry = null;
LDAPEntry currEntry = null;
while ( results.hasMoreElements() )
{
try
{
currEntry = (LDAPEntry)results.next();
if (numDataEntries == 0) {
entry = currEntry;
}
if (++numDataEntries > 1) {
System.out.println( "More than one entry found - ERROR!!");
break;
}
}
catch (LDAPReferralException e) {
continue;
}
catch (LDAPException e) {
continue;
}
}
// GET ATTRIBUTES OF ENTRY - LOOK FOR UNIQUENAME
if (numDataEntries == 1)
{
System.out.println( "Found LDAP Entry: " + entry.getDN() );
String normMember = normalizeDN( member );
// Good - exactly one entry found; get the attributes
LDAPAttributeSet attrset = entry.getAttributeSet();
Enumeration attrsenum = attrset.getAttributes();
System.out.println( "\tAttributes: " );
while ( attrsenum.hasMoreElements() )
{
LDAPAttribute attr =
(LDAPAttribute)attrsenum.nextElement();
System.out.println( attr.getName() + " = " );
Enumeration valuesenum = attr.getStringValues();
if (valuesenum != null)
{
while (valuesenum.hasMoreElements())
{
String val = (String)valuesenum.nextElement();
System.out.println( "\t\tValue: " + val );
String normFound = normalizeDN( val );
System.out.println( "Looking for Member = " + normMember );
System.out.println( "Existing Member of Group = " + normFound );
if ( normMember.equals( normFound ) )
{
isMember = true;
break;
}
}
}
else {
System.out.println("Failed to do string conversion for "+ attr.getName());
}
}
if ( !isMember ) {
System.out.println(normMember + " is not a member of Group.");
}
else {
System.out.println(normMember + " is a member of Group.");
}
}
}
catch (Exception e) {
System.out.println( "Failed to search for " + group + ": "
+ e.toString() );
}
}
private static String normalizeDN( String dn ) {
return new DN( dn ).toRFCString().toUpperCase();
}
}
