How to validate referral support implemented for Active Dircetory server?
Posted
by
user146560
on Server Fault
See other posts from Server Fault
or by user146560
Published on 2012-11-22T09:58:13Z
Indexed on
2012/11/22
11:04 UTC
Read the original article
Hit count: 206
Filed under:
active-directory
|java
Please suggest me some utility or application, using which i want to test referral settings done.
I want to test cross forest referenced reference. Among two DNS say 1 firstDNS.com user([email protected]) 2 SecondDNS.com user([email protected])
Below java code written to test active directory server setting.
public void authenticateUser(String user, String password, String domain) throws AuthenticationException, NamingException {
List<String> ldapServers = findLDAPServersInWindowsDomain("first.com");
if (ldapServers.isEmpty())
throw new NamingException("Can't locate an LDAP server (try nslookup type=SRV _ldap._tcp." + "first.com"+ ")");
Hashtable<String, String> props = new Hashtable<String, String>();
String principalName = "testUserFirst"+ "@" + "First.com";
props.put(Context.SECURITY_PRINCIPAL, principalName);
props.put(Context.SECURITY_CREDENTIALS, password);
props.put(Context.REFERRAL,"follow");
//props.put(Context.SECURITY_AUTHENTICATION, "anonymous");
Integer count = 0;
for (String ldapServer : ldapServers) {
try {
count++;
DirContext ctx = LdapCtxFactory.getLdapCtxInstance("ldap://" + ldapServer, props);
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[]={"sn","givenName","mail"};
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(sAMAccountName="
testUserSecond)(userPassword=usertest@3))";
//Specify the Base for the search
String searchBase = "DC=second,DC=com";
//initialize counter to total the results
int totalResults = 0;
// Search for objects using the filter
NamingEnumeration<SearchResult> answer = ctx.search(searchBase, searchFilter, searchCtls);
return;
} catch (CommunicationException e) { // this is what'll happen if one of the domain controllers is unreachable
if (count.equals(ldapServers.size())) {
// we've got no more servers to try, so throw the CommunicationException to indicate that we failed to reach an LDAP server
throw e;
}
}
}
}
private List<String> findLDAPServersInWindowsDomain(String domain) throws NamingException {
List<String> servers = new ArrayList<String>();
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
env.put("java.naming.provider.url", "dns://");
DirContext ctx = new InitialDirContext(env);
Attributes attributes = ctx.getAttributes("_ldap._tcp." + domain, new String[] { "SRV" }); // that's how Windows domain controllers are registered in DNS
Attribute a = attributes.get("SRV");
for (int i = 0; i < a.size(); i++) {
String srvRecord = a.get(i).toString();
// each SRV record is in the format "0 100 389 dc1.company.com."
// priority weight port server (space separated)
servers.add(srvRecord.split(" ")[3]);
}
ctx.close();
return servers;
}
© Server Fault or respective owner
