Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

How to use Java (eclipse) to get user's phone# by using his/her username from Active Directory?

 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My Java web project needs to get a user's phone# by using his/her username(intranet login name), so I think the employee's phone# is available from company's Active Directory, so I am trying to access the access Active Directory to get the phone#, but I have problem to get it, basically, I need to bind the server by using employee's user ID and password, but there is no way I can get all employee's password to get their information (phone#), I also can not use Admin's password in my java codes. something like this example:

....

Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://dom.fr:389");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, "cn=jean paul blanc,ou=MonOu,dc=dom,dc=fr");
ldapEnv.put(Context.SECURITY_CREDENTIALS, "pwd");
...
Is there anyway to get the employee's data (phone#) without using any authentication (userID and password)? basically, I just need to read (search) the active Directory by employee's username, not need to do any updating.

basically, I need to make anonymous queries to Active Directory. I need to make anonymous queries to return employee's phone# by using his/her username without needing to configure Active Directory to allow these queries. from this post: http://support.microsoft.com/kb/320528 it seems that I have to configuration, but I do not want to do any configuration for my company's active directory just due to my this simple request.


I appreciate is anybody have any good example. thanks a lot,
 
Sheriff
Posts: 22509
122
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What I've done in the past is let the sysadmins setup one single account with read-only access to the AD, then use that account. You still need to authenticate, but with only one account, not each separate account.
 
Peter Cong
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rob Spoor wrote:What I've done in the past is let the sysadmins setup one single account with read-only access to the AD, then use that account. You still need to authenticate, but with only one account, not each separate account.

a
thanks a lot, if we an confirm that there is no way to access (even just read access) Active Directory without provide the authenticatation( I mean to provide user id and password), in another word ,to access it anonymously, then I think that is the only solution.
But the thing is that I do not want to bother Admin people to create a new account just for this purpose, and they may not like to do it.
Any other ideas?
 
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is possible to set up anonymous access on AD. How to do it varies depending on which server you are using. It is also disabled by default (as it's a potential security hole) so you will need to bother Admin people whichever route you take.
 
Peter Cong
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Joanne Neal wrote:It is possible to set up anonymous access on AD. How to do it varies depending on which server you are using. It is also disabled by default (as it's a potential security hole) so you will need to bother Admin people whichever route you take.



Thanks a lot for your help, can I ask how many AD server normally used? can you give some examples?
 
Joanne Neal
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The versions of Windows Server that you will probably still find in use are 2012, 2008 and possibly 2003. The process for enabling anonymous LDAP access is different on each of these, but your admin should know how to do it.
reply
    Bookmark Topic Watch Topic
  • New Topic