Hi, we've had JLDAP enbedded in our project for 3-4 years and it's been
easy to maintain (actually no maintenance required!).
I now need to extend it and need to find out a few things - I must
confess to not knowing much about LDAP and what its query language is
capable of, so if I ask the question here I'm sure if it cannot be
answered easily then someone will recommend a good web resource :-)
Our first issue, currently we use LDAPConnection.search() to retrieve
all the users that are members of a group in a particular OU. This has
always been fine with small setups where admins have happily made
(manually) the users part of the group. However in larger LDAP setups,
where the users may already be in one of several groups, it 's a lot of
extra work (potentially) to manage them (making them all members also of
our group). What we'd ideally like is for the admins to be able to add
those existing groups themselves to our group.
This is possible of course, but when we are iterating over the search
results, we get all the existing individually added members, but when it
comes to an added group, we get just the group entry (no real surprise).
So my question is, can the search be written in a way that if the search
results was to include a group, all the members of that group are
actually returned in the results? (Sort of like 'auto-expand' groups.)
If that isn't possible then I assume we'll have to refactor our code to
automatically do another search within the search if we encounter a
group entry within the results?
BTW here is a trimmed-down version of the search code:
String aGroupname = "bob";
int searchScope = LDAPConnection.SCOPE_SUB;
String attrs[] = {
"msDS-UserAccountDisabled", "ms-DS-UserAccountAutoLocked",
"msDS-UserPasswordExpired",
"isDeleted", "CN", "sAMAccountName", "distinguishedName",
"givenName", "middleName", "sn",
"memberOf", "mail", "name", "employeeID"};
boolean attributeOnly = false;
String searchDN = "OU=....";
String searchFilterA = "(memberOf=CN="+aGroupname+","+searchDN + ")";
String searchFilterB =
"(memberOf=sAMAccountName="+aGroupname+","+searchDN + ")";
String searchFilter = "(|" + searchFilterA + searchFilterB + ")";
LDAPSearchConstraints cons = new LDAPSearchConstraints();
cons.setTimeLimit(10000);
LDAPSearchResults searchResults =
_lc.search(searchDN, // container to search
searchScope, // search scope
searchFilter, // search filter
attrs, // "1.1" returns entry name only
attributeOnly, // no attributes are returned
cons); // time out value
while (searchResults.hasMore())
.... etc ....
Cheers, Phil