Java – ldap search in java – finding all groups with a specific user in it

javajndildap

Given the below ldap structure (more or less)

C=NO
-o=mydomain
--cn=groups
---cn=group1
----uid=bob,cn=users,o=mydomain,C=NO
---cn=group2
----uid=bob,cn=users,o=mydomain,C=NO
----uid=odd,cn=users,o=mydomain,C=NO
--cn=users
---uid=bob,cn=Robert,sn=Johnsen
---uid=odd,cn=Odd,sn=Olsen

I use the following url= ldap://server:port/o=mydomain,C=NO

Then I can retrieve basically the entire tree with a search somewhat like this:

NamingEnumeration results = ctx.search("cn=groups", "cn=*", constraints);

where constraints is

constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

However, I'd like to receive only the groups with a specific user in it. I've tried lots and lots of variants like

        NamingEnumeration results = ctx.search("cn=groups"
                , "(&(uid={0},cn=users,o=fund,C=NO)(cn=*))"
                        , new Object[] {"odd"}
                        , constraints);

but I get only empty results. All or nothing it seems… I suspect the problem is that cn=* and uid=odd are on different levels in the tree, eg. uid=is an attribute, but cn=* is a node one level above?

How would I go about to complete this search in a more effective manner than just retrieving everything and parse it clientside?

Best Answer

Your LDAP structure looks strange.

what is the class of objects like cn=group1 ? is this "organizationalUnit" or "group"?

In usual Directories users are created under objects based on the "organizationalUnits" class, and for administrative needs they are grouped in an attribute called "member" of objects of the class "group".

In this case the LDAP filter would be like :

(&(objectClass=group)(member=uid={0},cn=users,o=fund,C=NO))

With the architecture you discribe you may have a look to a feature called ExtensibleMatch which seems to be correctly explained in this wiki article .

Related Solutions

Java – Including all the jars in a directory within the Java classpath

Using Java 6 or later, the classpath option supports wildcards. Note the following:

Use straight quotes (")
Use *, not *.jar

Windows

java -cp "Test.jar;lib/*" my.package.MainClass

Unix

java -cp "Test.jar:lib/*" my.package.MainClass

This is similar to Windows, but uses : instead of ;. If you cannot use wildcards, bash allows the following syntax (where lib is the directory containing all the Java archive files):

java -cp "$(printf %s: lib/*.jar)"

(Note that using a classpath is incompatible with the -jar option. See also: Execute jar file with multiple classpath libraries from command prompt)

Understanding Wildcards

From the Classpath document:

Class path entries can contain the basename wildcard character *, which is considered equivalent to specifying a list of all the files in the directory with the extension .jar or .JAR. For example, the class path entry foo/* specifies all JAR files in the directory named foo. A classpath entry consisting simply of * expands to a list of all the jar files in the current directory.

A class path entry that contains * will not match class files. To match both classes and JAR files in a single directory foo, use either foo;foo/* or foo/*;foo. The order chosen determines whether the classes and resources in foo are loaded before JAR files in foo, or vice versa.

Subdirectories are not searched recursively. For example, foo/* looks for JAR files only in foo, not in foo/bar, foo/baz, etc.

The order in which the JAR files in a directory are enumerated in the expanded class path is not specified and may vary from platform to platform and even from moment to moment on the same machine. A well-constructed application should not depend upon any particular order. If a specific order is required then the JAR files can be enumerated explicitly in the class path.

Expansion of wildcards is done early, prior to the invocation of a program's main method, rather than late, during the class-loading process itself. Each element of the input class path containing a wildcard is replaced by the (possibly empty) sequence of elements generated by enumerating the JAR files in the named directory. For example, if the directory foo contains a.jar, b.jar, and c.jar, then the class path foo/* is expanded into foo/a.jar;foo/b.jar;foo/c.jar, and that string would be the value of the system property java.class.path.

The CLASSPATH environment variable is not treated any differently from the -classpath (or -cp) command-line option. That is, wildcards are honored in all these cases. However, class path wildcards are not honored in the Class-Path jar-manifest header.

Note: due to a known bug in java 8, the windows examples must use a backslash preceding entries with a trailing asterisk: https://bugs.openjdk.java.net/browse/JDK-8131329

Java – How to generate random integers within a specific range in Java

In Java 1.7 or later, the standard way to do this is as follows:

import java.util.concurrent.ThreadLocalRandom;

// nextInt is normally exclusive of the top value,
// so add 1 to make it inclusive
int randomNum = ThreadLocalRandom.current().nextInt(min, max + 1);

See the relevant JavaDoc. This approach has the advantage of not needing to explicitly initialize a java.util.Random instance, which can be a source of confusion and error if used inappropriately.

However, conversely there is no way to explicitly set the seed so it can be difficult to reproduce results in situations where that is useful such as testing or saving game states or similar. In those situations, the pre-Java 1.7 technique shown below can be used.

Before Java 1.7, the standard way to do this is as follows:

import java.util.Random;

/**
 * Returns a pseudo-random number between min and max, inclusive.
 * The difference between min and max can be at most
 * <code>Integer.MAX_VALUE - 1</code>.
 *
 * @param min Minimum value
 * @param max Maximum value.  Must be greater than min.
 * @return Integer between min and max, inclusive.
 * @see java.util.Random#nextInt(int)
 */
public static int randInt(int min, int max) {

    // NOTE: This will (intentionally) not run as written so that folks
    // copy-pasting have to think about how to initialize their
    // Random instance.  Initialization of the Random instance is outside
    // the main scope of the question, but some decent options are to have
    // a field that is initialized once and then re-used as needed or to
    // use ThreadLocalRandom (if using at least Java 1.7).
    // 
    // In particular, do NOT do 'Random rand = new Random()' here or you
    // will get not very good / not very random results.
    Random rand;

    // nextInt is normally exclusive of the top value,
    // so add 1 to make it inclusive
    int randomNum = rand.nextInt((max - min) + 1) + min;

    return randomNum;
}

See the relevant JavaDoc. In practice, the java.util.Random class is often preferable to java.lang.Math.random().

In particular, there is no need to reinvent the random integer generation wheel when there is a straightforward API within the standard library to accomplish the task.

Best Answer

Related Solutions

Java – Including all the jars in a directory within the Java classpath

Java – How to generate random integers within a specific range in Java

Related Topic