You might find yourself in a position where you want to add, edit or delete accounts in your Active Directory. The OSB itself doesn’t have an adapter for it so how do you resolve this?
One of the options is to write a custom java library, add it to your domain and invoke it using a java-callout. Let’s start by making a simple Java project making use of Maven and Spring to connect to a Active Directory. Spring has a LDAP component which make it easy to connect to directories. Our pom file will look like this:
4.0.0nl.redrockActiveDirectoryAdapterjar1.0Java Active Directory adapter3.0.2.RELEASE1.6jssecacertsorg.apache.maven.pluginsmaven-compiler-plugin${java.version}${java.version}org.apache.maven.pluginsmaven-surefire-pluginjavax.net.ssl.trustStore${ssl.trustStore}org.apache.maven.pluginsmaven-dependency-plugincopy-dependenciesprepare-packagecopy-dependencies${project.build.directory}/libfalsefalsetrueorg.apache.maven.pluginsmaven-jar-plugintruenl.roceindhoven.service.ActiveDirectoryServiceorg.apache.maven.pluginsmaven-pmd-plugin2.5trueutf-8100${java.version}org.apache.maven.pluginsmaven-checkstyle-plugin2.7org.codehaus.mojofindbugs-maven-plugin2.3.2truetarget/siteorg.apache.maven.pluginsmaven-jxr-plugin2.3org.springframework.ldapspring-ldap-core1.3.1.RELEASEorg.springframework.ldapspring-ldap-core-tiger1.3.1.RELEASEorg.springframework.ldapspring-ldap-odm1.3.1.RELEASEorg.springframework.ldapspring-ldap-ldif-core1.3.1.RELEASEorg.springframework.ldapspring-ldap-ldif-batch1.3.1.RELEASEjunitjunit4.7testspring-releasehttp://maven.springframework.org/release
With this setup, all the required libraries are included to connect to your AD. Next up is our applicationContext.xml. In here we define our beans which we can use to access the AD. This looks like this:
There are a few things to watch for. For example any spaces in the BASE or USERDN variable. Make sure you remove them so it looks like this: “OU=prd,DC=redrock,DC=nl” instead of this: “OU=prd, DC=redrock, DC=nl”. This might cause problems. Also remember that you can only set passwords for a user when you connect to the directory using HTTPS. This only changes the connection string from ldap://YOUR_SERVER:389 to ldaps://YOUR_SERVER:636. These are default ports btw.
Now we can create the UserDaoSpringImpl class and it’s UserDao interface. The UserDao can be quite simple. Let’s start with just looking up people in the Active Directory. The UserDao looks like this then:
package nl.redrock.dao;
import java.util.List;
import nl.redrock.domain.User;
import nl.redrock.domain.UserDetails;
/**
* The User Data Access Object interface which can be used to manipulate users
* in the active directory
*
* @author Hugo Hendriks
*
*/
public interface UserDao {
/**
* retrieve all the users from the active directory
*
* @return a list of Users
*/
public List getAllUsers();
}
An implementation of this would look like this:
package nl.redrock.dao.impl;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import nl.redrock.dao.UserDao;
import nl.redrock.domain.User;
import nl.redrock.domain.UserDetails;
import nl.redrock.exception.DuplicateUserException;
import nl.redrock.exception.LdapException;
import nl.redrock.exception.PasswordStrengthException;
import nl.redrock.utils.ActiveDirectoryUtils;
import nl.redrock.utils.UserContextMapper;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.OperationNotSupportedException;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.Filter;
/**
* The implementation of the User Data Access Object.
*
* @author Hugo
*
*/
public class UserDaoSpringImpl implements UserDao {
// Attribute names
private static final String USER_ACCOUNT_CONTROL_ATTR_NAME = "userAccountControl";
private static final String ACCOUNT_EXPIRES_ATTR_NAME = "accountExpires";
private static final String PWD_LAST_SET_ATTR_NAME = "pwdLastSet";
private static final String PASSWORD_ATTR_NAME = "unicodepwd";
private static final String DISTINGUISHED_NAME_ATTR_NAME = "distinguishedname";
private static final String MEMBER_ATTR_NAME = "member";
// usercontrol params
private static final int FLAG_TO_DISABLE_USER = 0x2;
private static final int ADS_UF_DONT_EXPIRE_PASSWD = 0x10000;
private static final int USER_CONTROL_NORMAL_USER = 512;
private LdapTemplate ldapTemplate;
ActiveDirectoryUtils activeDirectoryUtils = new ActiveDirectoryUtils();
/**
* {@inheritDoc}
*/
@SuppressWarnings("unchecked")
public List getAllUsers() {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
return ldapTemplate.search("", "(objectclass=person)", controls,
new UserContextMapper());
}
public LdapTemplate getLdapTemplate() {
return ldapTemplate;
}
public void setLdapTemplate(LdapTemplate ldapTemplate) {
this.ldapTemplate = ldapTemplate;
}
}
As you can see from the import I have more methods on the interface but I’m leaving them behind here due too the large nature of code then.
You can then write a class which creates the UserDao and exposes its methods….something like this:
package nl.redrock.service;
import java.util.List;
import nl.redrock.dao.UserDao;
import nl.redrock.dao.impl.UserDaoContextImpl;
import nl.redrock.dao.impl.UserDaoSpringImpl;
import nl.redrock.domain.User;
import nl.redrock.domain.UserDetails;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
public class ActiveDirectoryService {
/**
* Return all users
*
* @return
*/
public static List getAllUsers() {
return createDao().getAllUsers();
}
/**
* Create the userDao
*
* @return UserDao
*/
private static UserDao createDao() {
Resource resource = new ClassPathResource("/applicationContext.xml");
BeanFactory factory = new XmlBeanFactory(resource);
return(UserDaoSpringImpl) factory.getBean("ldapUserDAOBean");
}
}
The last thing to do now to see if it works is to write a test.
package nl.redrock.service;
import java.util.Iterator;
import java.util.List;
import junit.framework.TestCase;
import nl.redrock.domain.User;
import nl.redrock.domain.UserDetails;
public class ActiveDirectorySpringServiceTest extends TestCase {
public void testGetAllUsers() {
List result = ActiveDirectoryService.getAllUsers();
assertTrue(!result.isEmpty());
for (Iterator iterator = result.iterator(); iterator.hasNext();) {
User user = (User) iterator.next();
System.out.println(user.toString());
}
}
}
Run the test and you should be able to see all your user in the Active Directory from the base you have set. If you get an PKIX exception when running, it means you have a problem connecting over SSL to the AD. Your truststore is propably not set yet with the right certificate. You can use the InstallCert.java class to connect to the AD and generate a jssecacerts file. Put this file the root of you project and you should be fine running the test with maven as you have configured in the pom that it uses this JKS to run the tests.
I really would like to book mark this post, âUsing Java and Spring to connect
to an Active Directory « Hugo Hendriks @ RUBIX.nlâ on my personal
web-site. Do you really care in the event Ido it? Thanks a lot ,Marcela
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptRead More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Pingback: Using Groovy to connect to Active Directory « Hugo Hendriks @ RUBIX.nl
I really would like to book mark this post, âUsing Java and Spring to connect
to an Active Directory « Hugo Hendriks @ RUBIX.nlâ on my personal
web-site. Do you really care in the event Ido it? Thanks a lot ,Marcela
Hey Marcella, no problem at all. Go right ahead!
Regards, Hugo