Java Access Windows Active Directory +active+directory

Source: Internet
Author: User
Tags ldap ldap search filter throw exception

1. Active Directory (AD)

Active directory is a directory service for Windows Server.

It stores information about the various objects on the network and makes that information easy for administrators and users to find and use.

The Active Directory directory service uses structured data storage as the basis for the logical hierarchy of directory information.

Integrates security into Active directory through logon verification and access control of objects in the directory.

Directory services, such as Active directory, provide a way to store directory data and make that data available to network users and administrators.

For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and allows other authorized users on the same network to access the information.


LDAP is a Lightweight Directory Access Protocol, and the English name is Lightweight Directory Access Protocol.

LDAP is based on the X.500 standard.

LDAP reduces the required system resource consumption only by using a subset of the functionality of the original X.500 Directory Access Protocol (DAP).

Unlike X.500, LDAP supports TCP/IP, which is necessary for accessing the Internet.

LDAP and relational database are two different levels of concept, the latter is the storage mode (the same level as the grid database, object database), the former is the storage model and access protocol.

LDAP is a storage concept higher than the abstraction level of relational database, which is the same level as the query language SQL of relational database.


Microsoft's ADSI (Active Directory service interface) can be used in Delphi to access the Active Directory.

ADSI is a set of directory services provided in the form of COM interfaces and is a generic interface for directory based services.

Some standard ADSI providers (Provider) have Winnt, IIS, LDAP, and NDS.

You can access four network directory structures through ADSI:

WinNT (Microsoft SAM database), LDAP (Lightweight Directory Access Protocol), NDS (NetWare Directory Service), and Nwcompat (Novell NetWare 3.x).

ADSI makes it easier for Windows NT administrators to work.

ADSI supports administrators to perform some general administrative tasks, such as adding new users, managing printers, security settings, and controlling NT domains.

Because ADSI uses COM interfaces, any programming language that supports COM, such as Delphi, BCB, VB, VC, can invoke ADSI.

If you call ADSI in Delphi, you need to introduce the Active Directory type library.

The operation is as follows:

In the IDE, Project--->import Type Library.

Select Active Ds Type Library (Version 1.0) and click Create Unit.

Delphi will do the corresponding package, generate Activeds_tlb.pas files.

Uses activeds_tlb, you can use ADSI in the Delphi program.

Package adoper; Import java.util.Hashtable;
Import Javax.naming.Context;
Import Javax.naming.ldap.LdapContext;
Import Javax.naming.ldap.InitialLdapContext;
Import javax.naming.NamingEnumeration;
Import javax.naming.NamingException;
Import java.util.Enumeration;
public class Adopertest {
Public Adopertest () {
public void Getadinfo () {
Hashtable hashenv = new Hashtable ();
String Ldap_url = "ldap://"; LDAP Access address
String adminname = "cn=oawebuser,cn=users,dc=hebmc,dc=com"; user name for//ad
String adminname = "Hebmc\oawebuser"; Note The user name: DomainUser or
AdminName = ""; Note The user name: DomainUser or
String AdminPassword = "CHENZUOOAUP02"; Password
Hashenv.put (Context.security_authentication, "simple"); LDAP Access security level
Hashenv.put (Context.security_principal, AdminName); AD User
Hashenv.put (Context.security_credentials, AdminPassword); AD Password
Hashenv.put (Context.initial_context_factory, "com.sun.jndi.ldap.LdapCtxFactory"); LDAP Factory class
Hashenv.put (Context.provider_url, Ldap_url);
try {
Ldapcontext CTX = new Initialldapcontext (hashenv, NULL);
Searchcontrols searchctls = new Searchcontrols (); Create The search controls
Searchctls.setsearchscope (Searchcontrols.subtree_scope); Specify the search scope
String searchfilter = "Objectclass=user"; Specify the LDAP search filter
String searchfilter = "Objectclass=organizationalunit";//specify the LDAP search filter
String searchbase = "dc=hebmc,dc=com"; Specify the Base for the search//Search domain node
int totalresults = 0;
Specify the attributes to return
String returnedatts[] = {"MemberOf"};//custom return property
String returnedatts[] = {
"url", "whenchanged", "EmployeeID", "name", "userPrincipalName",
"physicalDeliveryOfficeName", "Departmentnumber", "telephonenumber",
"HomePhone", "mobile", "department", "sAMAccountName", "whenchanged",
"Mail"}; Custom Return Properties
Searchctls.setreturningattributes (Returnedatts); Set return Property Set
Search for objects using the filter
Namingenumeration answer = (Searchbase, SEARCHFILTER,SEARCHCTLS);
while (Answer.hasmoreelements ()) {
SearchResult sr = (SearchResult) ();
System.out.println ("************************************************");
System.out.println (Sr.getname ());
Attributes attrs = Sr.getattributes ();
if (attrs!= null) {
try {
for (namingenumeration ne = Attrs.getall (); Ne.hasmore ();) {
Attribute Attr = (attribute) ();
System.out.println ("attributeid=" + Attr.getid (). toString ());
Reading property values
for (namingenumeration e = Attr.getall (); E.hasmore (); totalresults++) {
System.out.println ("attributevalues=" + (). toString ());
System.out.println ("---------------");
Reading property values
Enumeration values = Attr.getall ();
if (values!= null) {//Iteration
while (Values.hasmoreelements ()) {
System.out.println ("attributevalues=" + values.nextelement ());
System.out.println ("---------------");


catch (Namingexception e) {
System.err.println ("Throw Exception:" + e);
System.out.println ("Number:" + totalresults);
Ctx.close ();
catch (Namingexception e) {
E.printstacktrace ();
System.err.println ("Throw Exception:" + e);
public static void Main (String args[]) {
Adopertest ad = new Adopertest ();
Ad. Getadinfo ();


Use LADP to access the AD, note the user name: DomainUser or

If the user name is incorrect, the following exception may occur:

Javax.naming.AuthenticationException: [ldap:error code 49-80090308:ldaperr:dsid-0c090334, Comment: AcceptSecurityContext error, data 525, vece

Connecting Remote Desktop CMD



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.