All geek questions in one place

Why doesn't Spring LDAP LdapTemplate return title, department & company attributes?

I am using spring-ldap-core-2.3.1.RELEASE.jar over JDK 1.8 and Tomcat 8.0 to access AD information via LdapTemplate . The title , department and company attributes are not returned by the ldapTemplate.search(..,.,..) method.

I use the following lines of code to search: -

 LdapQuery ldapQuery = LdapQueryBuilder.query() .where("objectclass").is("user") .and("objectcategory").is("person") .and("cn").like(strWildcardText+"*"); ldapTemplate.search(ldapQuery, new ADUserAttributesMapper());

The following is the ADUserAttributesMapper class: -

 public class ADUserAttributesMapper implements AttributesMapper<ADUserBean> { @Override public ADUserBean mapFromAttributes(Attributes attributes) throws NamingException { if(attributes==null) { return null; } adUserBean.setName((attributes.get("name")!=null) ? attributes.get("name").get().toString() : null); adUserBean.setCommonName((attributes.get("cn")!=null) ? attributes.get("cn").get().toString() : null); adUserBean.setDisplayName((attributes.get("displayname")!=null) ? attributes.get("displayname").get().toString() : null); adUserBean.setGivenName((attributes.get("givenname")!=null) ? attributes.get("givenname").get().toString() : null); // for FIRST NAME adUserBean.setMiddleName((attributes.get("initials")!=null) ? attributes.get("initials").get().toString() : null); // for MIDDLE NAME / INITIALS adUserBean.setLastName((attributes.get("sn")!=null) ? attributes.get("sn").get().toString() : null); // for LAST NAME adUserBean.setDepartment((attributes.get("department")!=null) ? attributes.get("department").get().toString() : null); adUserBean.setUserPrincipalName((attributes.get("userprincipalname")!=null) ? attributes.get("userprincipalname").get().toString() : null); // Logon Name adUserBean.setsAMAccountName((attributes.get("samaccountname")!=null) ? attributes.get("samaccountname").get().toString() : null); // Logon Name (pre-Windows 2000) adUserBean.setDistinguishedName((attributes.get("distinguishedname")!=null) ? attributes.get("distinguishedname").get().toString() : null); adUserBean.setMailID((attributes.get("mail")!=null) ? attributes.get("mail").get().toString() : null); adUserBean.setTitle((attributes.get("title")!=null) ? attributes.get("title").get().toString() : null); // Job Title adUserBean.setTelephoneNumber((attributes.get("telephonenumber")!=null) ? attributes.get("telephonenumber").get().toString() : null); adUserBean.setObjectCategory((attributes.get("objectcategory")!=null) ? attributes.get("objectcategory").get().toString() : null); return adUserBean; } }

The title , department and company attributes are for the Organization tab for the properties of the AD user, as shown in the figure below: enter image description here

In addition, on the General tab , the initials ( initials ) attribute is not initials / not specified Spring -LDAP LdapTemplate . The LdapQueryBuilder.query() object has access to the attributes(...) method, which takes a string array of attribute names to be retrieved. But even after mentioning them there, explicitly the values ​​for attributes such as initials , title , department and company not returned.

The LDAP Browser plugin in the Eclipse IDE lists the title , department and company properties on the Organization tab without any problems.

Even the com4j API returns title , department and company attributes.

Is there any configuration that restricts the list of attributes or is it a restriction using the Spring-LDAP API? Are these attributes not part of BasicAttributes ? How to get these attributes using Spring-LDAP?

UPDATE (01-Aug-2017): A simple Java JNDI approach / code DOES NOT return the department , company , title attributes (even if these attributes are explicitly specified in the attribute array), but surprisingly it returns the initials attribute value.

UPDATE (02-Aug-2017): Similar to the @Pierre suggestion (below), I tried the following code using the SearchControls object: -

 String strFilter= "(&(objectclass=top)(cn=cgma*))"; String[] attrs = new String[] {"cn","givenName","sn","initials","title","department","company"}; long maxResults = 10; // for example SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setReturningAttributes(attrs); searchControls.setCountLimit(maxResults); List<String> aLstOfADUsers = ldapTemplate.search("",strFilter,searchControls,new AttributesMapper<String>() { public String mapFromAttributes(Attributes attrs) throws NamingException { try { System.out.println(attrs.toString()); return attrs.get("cn").get().toString(); } catch(Exception ex) { ex.printStackTrace(); return null; } } }); return aLstOfADUsers;

Even this one does not return the value of the attributes initials , title , company and department .

+5
source share
2 answers

Face attributes can be internal attributes that are not returned by default. You can explicitly specify which attributes you want to return, but not in the search method you use (the one where you pass the LdapQuery object). If you look at the org.springframework.ldap.core.LdapTemplate class, it looks like you cannot pass the SearchControls object to the method you are using. Thus, to specify the attributes to retrieve, replace this:

 LdapQuery ldapQuery = LdapQueryBuilder.query() .where("objectclass").is("user") .and("objectcategory").is("person") .and("cn").like(strWildcardText+"*"); ldapTemplate.search(ldapQuery, new ADUserAttributesMapper());

Wherein:

  LikeFilter filter = new LikeFilter("cn", strWildcardText+"*"); // list of attributes to retrieve String[] attrs = new String[] {"title","department","company"}; long maxResults = 10; // for example SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setReturningAttributes(attrs); searchControls.setCountLimit(numResults); ldapTemplate.search(DistinguishedName.EMPTY_PATH, filter.encode(), searchControls, new ADUserAttributesMapper());

The above should work. You can also try something like this (I haven't tried it yet):

 ldapTemplate.search( "dc=yourorg,dc=com", "(&(cn=" +strWildcardText + "*)(&(objectClass=person)(objectcategory=person)))", SearchControls.SUBTREE_SCOPE, new String[]{ "title","department","company" }, new ADUserAttributesMapper() );

Finally, to return ALL attributes, ask to extract ALL attributes in the above code (my above example asked for only 3 attributes, this will return ALL of them):

  String[] attrs = new String[]{"*","+"};
+3
source

It depends on your AttributesMapper . I do not know what ADUserAttributesMapper , so you will have to provide this implementation.

Here's the javadoc for this interface. http://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/core/AttributesMapper.html

+1
source

Source: https://habr.com/ru/post/1270182/

More articles:


All Articles