Search code examples
javaldap-query

how to get DN in LDAP with user ID using UnboundID LDAP SDK


I'm trying to get a DN ( could be more than one ) of a user when the only parameter i have is the user-id

also i'm using UnboundID LDap SDK as you can see:

public String getCustomerAdminDN(String uid)
{

    String result =null;
    String filter = "uid=" +uid;
    try {
        SearchResult searchResult = this.ldapConnection.search("",SearchScope.SUB,filter);

        result = searchResult.getMatchedDN();
    } catch (LDAPSearchException e) {
        throw new RuntimeException("Error in the searching query :" + e.getMessage());
    }

  return result;
}

let's assume my uid belongs to the following DN

Thanks from a head


Solution

  • The issue in this case is that the "matched DN" element isn't what you think it is. It isn't the DN of an entry that matched the search criteria (which could in fact be zero, one or multiple entries). The matched DN element of a response may be supplied if the target of the operation doesn't exist. For a search operation, if you had specified a search base DN that doesn't exist, then the matched DN might specify the DN of the closest entry to what you specified that actually does exist in the server. For example, if you had specified a search base DN of "ou=nonexistent,dc=example,dc=com", which doesn't exist but the entry "dc=example,dc=com" entry does exist, then the server may return a matched DN value of "dc=example,dc=com".

    If your search matches one or more entries, then (unless you used a search result listener, which wasn't the case in the example you provided above), the matching entries will be accessible through the getSearchEntries method. For example:

     List<SearchResultEntry> searchEntries = searchResult.getSearchEntries();
     if (searchEntries.size() != 1)
     {
       // The search didn't match exactly one entry.
     }
     else
     {
       SearchResultEntry entry = searchEntries.get(0);
       result = entry.getDN();
     }
    

    Also, you should be careful when constructing filters from their string representations when part of the value may come from user input, as that may allow for some kind of injection attack. LDAP injection is more difficult and usually more benign than SQL is, but it is not entirely nonexistent. It is therefore recommended that instead of:

     String filter = "uid=" + uid;
    

    you use:

     Filter filter = Filter.createEqualityFilter("uid", uid);