Here is my code currently. I'm making a java program that seaches Active Directory to determine what policies a user/computer has applied. This is currently working as followed. I will next add functionality to add policies to a user. However when checking the policies below no results are yielded if the user does not exist and also if the user has no policies. What I cant figure out is how to determine if the user does not exis开发者_JAVA技巧t? Any help would be appreciated.
public class memberOf {
ArrayList results;
memberOf(String computerName){
Hashtable env = new Hashtable();
//String adminName = "CN=Administrator,CN=Users,DC=ANTIPODES,DC=COM";
//String adminPassword = "XXXXXXX";
String ldapURL = "n";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,"u");
System.out.println("Enter password");
Scanner in = new Scanner(System.in);
String password = in.nextLine();
env.put(Context.SECURITY_CREDENTIALS,password);
//env.put(Context.SECURITY_PROTOCOL, "ssl");
//connect toSdomain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter= "CN="+computerName;
//Specify the Base for the search
String searchBase = "DC=n,DC=o";
//initialize counter to total the groups
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"memberOf"};
searchCtls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
results = new ArrayList();
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) {
String tempStr = (String)(e.next());
int start = tempStr.indexOf("_");
int end = tempStr.indexOf(",");
tempStr=tempStr.substring(start, end);
results.add(totalResults,tempStr);
}
}
}
catch(Exception e){
e.printStackTrace();
}
}
ctx.close();
}
catch (NamingException e) {
e.printStackTrace();
}
}
public ArrayList getResults(){
System.out.println(results.size());
if(results.size()==0){
results.add(0, "No Groups");
}
return(results);
}
}
You can't find it that way. You need to know an attribute to search for in the user (upn, samAccountName, etc), find them that way, and use the backlinked attribute in the user object to find their policies.
It looks like you are doing the reverse - looking at the policy and asking "Who is a member of this policy". That works great - but obviously cannot differentiate between
- user exists but is not member
- user doesn't exist at all.
精彩评论