Question about using JNDI to search Active Directory Global Catalog
Hi all,
What I would like to do is to perform a search against our Global Catalog in AD. I read through the post here http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15. The post provides a nice sample that works for me.
My question is what if I would rather not have to specify the domain server and perform some sort of lookup for the domain server? I read one of the posts further down about dns and that worked as well, but what I would like to understand is how does it all fit together? When I want to do a search, do I first query the Global Catalog, then what can I do? Do I query something to get a "primary" domain server or something? Then, I use that to gather the extra attributes?
Hopefully this seems clear.
Thanks,
Eric
[789 byte] By [
eborisowa] at [2007-11-26 20:08:19]
# 1
You have all of the pieces to the jigsaw puzzle laid out in front of you !
Now you just have to put them together.
There's one piece of information that you already have, which is the starting point for your journey. Namely, your client's IP configuration which includes it IP address & subnet mask, the address of its DNS server and the client's host & domain name.
From there you simply query DNS for the appropriate SRV records to locate the domain controllers.
Next you calculate your "closest" domain controller and connect to it.
If you want to initially connect to a GC, again they register specific SRV records in DNS.
Query a domain controller's RootDSE to find out everything else about the Active Directory domain such as its naming contexts and their fully distinguished names. Essentially RootDSE is the Table of Contents for a LDAP directory.
If you're really clever, you wander over to the configuration naming context, read the schema and corresponding display specifiers to retrieve & cache the localised display names for the attributes and classes.
Based on a user's LDAP query search base, either perform a search against a DC or a GC.
Follow referrals to DC's if you want to update create/delete/modify objects or retrieve attributes that are not stored on a GC.
Use some of the computed attributes such as allowedAttributes, allowedAttributesEffective, allowedChildClasses and allowedChildClassesEffective to create dynamic UI.
Use paging and range retrieval to efficiently return all of the results. Use efficient LDAP queries to make effective use if indexes.
Hell, you can even determine the replication topology and replication status using LDAP. (perhaps a topic for one of those rainy days !)
It's not that hard !
Fifty thousand million zillion users do this everyday on their Windows based networks, and it seems to work pretty well :-)
Amd Microsoft even provides lots of information on their web site, http://msdn2.microsoft.com/en-us/library/ms808539.aspx
Good luck...
# 2
Thanks for the help.
I hope you don't mind helping me through some of this, but I am feverishly trying to figure this out. So, the first thing I would like to do is get the DNS server for my current machine.
I found this piece of code:
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
DirContext ictx = new InitialDirContext(env);
String dnsServers = (String) ictx.getEnvironment().get("java.naming.provider.url");
System.out.println("DNS Servers: " + dnsServers );
For me, that returns 3 DNS servers. The second DNS servers in the list show the same addresses that appear when I do ipconfig /all. The first one looks like a local address. Do you know if there is a reliable way to determine the local machines primary DNS?
Here was my list of dns servers:
dns://192.168.1.1 dns://162.xx.xxx.xx3 dns://162.xx.xxx.x9
Thanks,
Eric
