Search code examples
javajakarta-eekerberosspnego

SPNEGO get user details

I have setup the spnego library in tomcat using the JNDIRealm. Followed following guide : https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w I would like to know I have could get the users group from LDAP in another java class I am using to create a user in my database. I would like to get all user details like email, phone etc.. as well as all the groups the user is part of.

Solution

  • See this list to get all the attributes you can retrieve from LDAP.

    For example, let's say you want the Name, Group, Job Title, Phone Number and E-mail of your users. (For consistancy with your question, I'll use the same "dummy value" as your link).

    The first step is to connect to LDAP in your Java class, for that I rather use a separate function :

    public static Hashtable<String, String> getContextEnv() {
  Hashtable<String, String> contextEnv = new Hashtable<String, String>();
  contextEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  contextEnv.put(Context.PROVIDER_URL, "ldap://dc.mydomain.com:3268");
  contextEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
  contextEnv.put(Context.SECURITY_PRINCIPAL, "CN=TECHNICAL_USER,DC=mydomain,DC=com");
  contextEnv.put(Context.SECURITY_CREDENTIALS, "TECHNICAL_USER_PASSWORD");
  contextEnv.put("java.naming.referral", "follow");
  contextEnv.put("java.naming.ldap.derefAliases", "never");
  contextEnv.put("com.sun.jndi.ldap.connect.pool", "true");
  contextEnv.put("com.sun.jndi.ldap.connect.timeout", "60000");

  return contextEnv;
}

    Where TECHNICAL_USER is the one you use to create your keytab with the ktpass command.

    Next step is to call that function, and create a SearchControls object. This is where you will put the attribute you want to get (see the link above for all the possibilities) and some paramaters (timeout for example) :

    Hashtable<String, String> contextEnv = getContextEnv();

DirContext ctx = new InitialDirContext(contextEnv);    

// UserID - Last Name - First Name - Group - Job Title - Phone Number - Email address
String[] attrIDs = { "sAMAccountName", "sn", "givenName", "memberOf", "title", "telephoneNumber", "mail"};
SearchControls searchControls = new SearchControls();
searchControls.setReturningAttributes(attrIDs);
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setTimeLimit(6000);

    Final step, you get the info of your current user where currentUser is the UserID your corporation use to identify the employees :

    NamingEnumeration<SearchResult> searchResults = ctx.search("DC=mydomain,DC=com", "(sAMAccountName=" + currentUser + ")", searchControls);

if (searchResults.hasMore()) {
  SearchResult currentSearchResult = searchResults.next();
  Attributes searchResultAttributes = currentSearchResult.getAttributes();

  String userID = searchResultAttributes.get("sAMAccountName");
  String lastName = searchResultAttributes.get("sn");
  String firstName = searchResultAttributes.get("givenName");
  String group = searchResultAttributes.get("memberOf");
  String jobTitle = searchResultAttributes.get("title");
  String phoneNumber = searchResultAttributes.get("telephoneNumber");
  String email = searchResultAttributes.get("mail");

  searchResults.close();
}

ctx.close();