jndi lookup for Active Directory 2003 server
Hi,
I am facing a problem while searching for the members of the group (where group name is in arabic) in active directory 2003 server. The ldap URL through which I am looking up is :
ldap://192.168.5.237:389/CN=<group name in arabic>,CN=Users,DC=boston,DC=us
Search string is : objectClass=*
The error message which I am getting is:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DS
ID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=boston,DC=us'
]; remaining name 'CN=DB-1,CN=Users,DC=boston,DC=us'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2942)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2863)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2669)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1757)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1680)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCon
text.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom
positeDirContext.java:328)
at com.sun.jndi.toolkit.url.GenericURLDirContext.search(GenericURLDirCon
text.java:340)
at com.sun.jndi.url.ldap.ldapURLContext.search(ldapURLContext.java:494)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.jav
a:238)
at ProcessRequest.searchGroup(ProcessRequest.java:1331)
at ProcessRequest.getGroupMembers(ProcessRequest.java:791)
at ProcessRequest.executeXml(ProcessRequest.java:126)
at ClientSocket.run(ClientSocket.java:103)
There is one more problem if I search a group (having name in English) only those group members which are in English are fetched from Active directory Server. The members which are in arabic are not fetched from the directory server.
Can anyone please help me.
Vibhor
# 1
One problem could be that your platform isn't rendering the Arabic characters. Does your workstation or JRE support the arabic character set ?
Active Directory is unicode enabled and supports double byte character sets. If you have a windows workstation or server, with the Arabic user interface, you should be able to view/manage objects in Active Directory that use Arabic characters with the Windows tools such as teh Active Directory Users & Computers snap-in.
Secondly, I don't understand your ldap query.
Is "CN=<group name in arabic>,CN=Users,DC=boston,DC=us" your search base, and "objectClass=*" your query filter ?
What is your search scope ? What is the ldap url for your initial context ?
My guy feel tells me that these should be your parameters:String ldapURL = "ldap://192.168.5.237:389";
String searchBase = "dc=boston",dc=us";
String searchFilter = "(&objectClass=group)(cn=arabic characters))";
String returnedAtts[]={"members"};
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
Finally, if you retrieve the value of the members attribute of a group (as shown above), it will return all of the values, not just those that use a specific character set.
# 2
Hi Steven,
Thanks for the help.
Let me explain the whole scenario once.
We are able to fetch the list of the groups from the Windows 2003 Active directory server. The groups are in english, arabic and Chinese. The problem is when we are selecting the arabic group from our interface which is displaying the group list fetched from ADS and trying to fetch the members of that arabic group we are getting that exception.
The parameters which we are passing to the ADS server are :
object name :
name="ldap://192.168.5.237:389/CN=<arabic group name>,CN=Users,DC=sus,DC=in";
search filter:
i have tried following option for that --
filter="objectClass=*"
filter="objectClass=group;lang-ar-ae"
filter="objectClass=group;lang-ar"
filter="objectClass=group";
(none of the above is working)
SearchControls srchCtrls = new SearchControls();
srchCtrls.setReturningObjFlag (true);
srchCtrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attList = {"members"};
srchCtrls.setReturningAttributes(attList);
now what I am doing is I am invoking the search method of DirContext as :
DirContext.search(name,filter,srchCtrls);
this method call is throwing the above mentioned exception as
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DS
ID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=boston,DC=us'
]; remaining name 'CN=DB-1,CN=Users,DC=boston,DC=us'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2942)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2863)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2669)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1757)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1680)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirCon
text.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCom
positeDirContext.java:328)
at com.sun.jndi.toolkit.url.GenericURLDirContext.search(GenericURLDirCon
text.java:340)
at com.sun.jndi.url.ldap.ldapURLContext.search(ldapURLContext.java:494)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.jav
a:238)
at ProcessRequest.searchGroup(ProcessRequest.java:1331)
at ProcessRequest.getGroupMembers(ProcessRequest.java:791)
at ProcessRequest.executeXml(ProcessRequest.java:126)
at ClientSocket.run(ClientSocket.java:103)
Hope to listen from you soon!!
Thanks and Regards,
Vibhor
# 3
This looks like it has nothing to do with character sets.
It appears as though you are trying to retrieve a group object
CN=<arabic group name>,CN=Users,DC=sus,DC=in
from a context that is bound to "CN=Users,DC=boston,DC=us"
The error message below:
"javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DS
ID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=boston,DC=us'
indicates that there is something wrong with the search.
Either the distinguished name for the group is invalid, you are performing the search against the wrong domain controller, perhaps you have multiple Active Directory forests (or at least multiple domains) and you are just not targetting the search correctly.
As I said earlier, my gut feel tells me that these should be your search criteria.String ldapURL = "ldap://192.168.5.237:389";
String searchBase = "dc=boston,dc=us";
String searchFilter = "(&(objectClass=group)(cn=arabic characters))";
String returnedAtts[]={"members"};
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
If that does not return a result, then there is no group with that name in your Active Directory domain.
If it returns an error "javax.naming.NameNotFoundException:....." then it means that your search base is not held on that domain controller.
In your case, it looks like somewhere your search base is being specified as "CN=DB-1,CN=Users,DC=boston,DC=us", yet your context is already bound to "'CN=Users,DC=boston,DC=us", resulting in a fully distinguished name of "CN=DB-1,CN=Users,DC=boston,DC=us,CN=Users,DC=boston,DC=us" which is obviously incorrect.
Also because your group name appears to be "CN=<arabic group name>,CN=Users,DC=sus,DC=in" it is quite obvious that the group object will not be on the domain controller that hosts the domain "DC=boston,DC=us".
I would also expect that you would be receiving a LDAP referral if "DC=SUS,DC=IN" was a domain in the same forest that hosts "DC=Boston,DC=US"
Why don't you have a look at the post titled "JNDI, Active Directory, Referrals and Global Catalog" at
http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15 to gain an understanding of how to search against multiple domains etc.
