• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to use Java (eclipse) to get user's phone# by using his/her username from Active Directory?  RSS feed

 
Peter Cong
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My Java web project needs to get a user's phone# by using his/her username(intranet login name), so I think the employee's phone# is available from company's Active Directory, so I am trying to access the access Active Directory to get the phone#, but I have problem to get it, basically, I need to bind the server by using employee's user ID and password, but there is no way I can get all employee's password to get their information (phone#), I also can not use Admin's password in my java codes. something like this example:

....

Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://dom.fr:389");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, "cn=jean paul blanc,ou=MonOu,dc=dom,dc=fr");
ldapEnv.put(Context.SECURITY_CREDENTIALS, "pwd");
...
Is there anyway to get the employee's data (phone#) without using any authentication (userID and password)? basically, I just need to read (search) the active Directory by employee's username, not need to do any updating.

basically, I need to make anonymous queries to Active Directory. I need to make anonymous queries to return employee's phone# by using his/her username without needing to configure Active Directory to allow these queries. from this post: http://support.microsoft.com/kb/320528 it seems that I have to configuration, but I do not want to do any configuration for my company's active directory just due to my this simple request.


I appreciate is anybody have any good example. thanks a lot,
 
Rob Spoor
Sheriff
Posts: 21135
87
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What I've done in the past is let the sysadmins setup one single account with read-only access to the AD, then use that account. You still need to authenticate, but with only one account, not each separate account.
 
Peter Cong
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob Spoor wrote:What I've done in the past is let the sysadmins setup one single account with read-only access to the AD, then use that account. You still need to authenticate, but with only one account, not each separate account.
a
thanks a lot, if we an confirm that there is no way to access (even just read access) Active Directory without provide the authenticatation( I mean to provide user id and password), in another word ,to access it anonymously, then I think that is the only solution.
But the thing is that I do not want to bother Admin people to create a new account just for this purpose, and they may not like to do it.
Any other ideas?
 
Joanne Neal
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is possible to set up anonymous access on AD. How to do it varies depending on which server you are using. It is also disabled by default (as it's a potential security hole) so you will need to bother Admin people whichever route you take.
 
Peter Cong
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joanne Neal wrote:It is possible to set up anonymous access on AD. How to do it varies depending on which server you are using. It is also disabled by default (as it's a potential security hole) so you will need to bother Admin people whichever route you take.


Thanks a lot for your help, can I ask how many AD server normally used? can you give some examples?
 
Joanne Neal
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The versions of Windows Server that you will probably still find in use are 2012, 2008 and possibly 2003. The process for enabling anonymous LDAP access is different on each of these, but your admin should know how to do it.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!