Search Active Directory

Similar Messages

• Search Active Directory Entries without password authentication

  JNDI, Active Directory
  I am newbie to JDNI and Active Directory.
  I am trying to create a Web Application
  which provides domain users with the information
  of the Active Directory group user are belonging.
  I know how to access Active Directory and search Entries
  with JNDI like below codes.
  Hashtable env = new Hashtable();
  env.put(Context.PROVIDER_URL, "LDAP://URL:389");
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.SECURITY_AUTHENTICATION,"none");
  env.put(Context.REFERRAL, "follow");
  env.put("java.naming.ldap.version" , "3" );
  env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
  env.put(Context.SECURITY_CREDENTIALS, "secret");
  .....But I want know how to search Entries without Active Directory password
  because I don't tell users their Active Directory password.
  I don't have any idea. Could you give me good idea?
  Sorry for my English. Thank you.
  Danno

  It means to allow "Anonymous LOGON" and "Everyone" users to search entries in AD, I think.Sorry, can't help. In OpenLDAP it meansallow * searchor possiblyallow * auth
  You mean that if I do it, will the codes below be unnecessary in Java?That's not only what I meant, it is what I said, concerning the principal and credentials lines.
  You don't need the SECURITY_AUTHENTICATION line, I never use it with LDAP whether I'm providing credentials or not (and in the cases where you are supplying the principal and credentials, it certainly doesn't make any sense to specify 'none'.)

• Can't search Active Directory contacts even though domain binding succeeded

  My machine is bound to an Exchange 2003 AD server correctly but I can't search contacts from address book or Mail. In neither case do I see anything to indicate that I even should be able to search. What am I missing? Two colleagues are running 10.5 and they both see a "Directory" entry in their address book.
  Thanks,
  Simon

  bump

• Show Active Directory Property Page

  Hello everybody,
  I hope this topic is published in the correct forum. I try to find the API which shows the native property page of Active Directory objects. If possible with an example (VB.Net)? There exists an similar function named "openquerywindow" which
  used by dsquery.dll. Is there a library function that would do this (e.g.
  activeds.dll or dsprop.dll)?
  Thanks in advance,
  Matthias

  Hello Matthias,
  >> I try to find the API which shows the native property page of Active Directory objects.
  I do not quite understand what the native property page of Active Directory objects is, if it means the native Active Directory Service Interfaces (ADSI) object, you then could get it by using
  DirectoryEntry class:
  DirectoryEntry.NativeObject Property
  If not, since it is not very clear what you are trying to query from the active directory, there is a list which you could query from .NET, you could check if there are features that you want:
  Search Active Directory
  Here is a blog which provides a detail description about how to: Querying Active Directory which I think could be helpful.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

  Hi,
  I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
  in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller 
  When I run Farm configuration wizard to provision search service application, I get an error:
  ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
  The log file logged the details of this error as:
  ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
  that cannot be translated."
  After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
  be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
  I got some pointer from the below thread
  https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
  However, the above thread doesn't state that the solution worked.
  I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
  Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
  Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
  Thanks in advance.
  Himanshu

  Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
  Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Search a user in Active Directory by his name

  Hi all,
  Is there a way to search a user in an Active Directory with some attributes ? For example, I would like to find all the users whose firstName is "Guillaume".
  I use a Provider connected to an Active Directory to authenticate and it works fine. I have also implemented an UUP to get the profile of a user in this AD.
  But for the moment, the only way I can find a user by his name is to
  * get all the users from the AD (userProviderControl.getUserNames("*", SIZE_MAX))
  * Then for each username :
  - get his profile with PropertyControl and ProfileWrapper (each user has a ldap propertyset filled by the UUP) ==> propertyControl.getProperty(profileWrapper, PROPERTYSET_LDAP, PROPERTY_LDAP_FIRSTNAME) )
  * Browse all the user profiles retrieved and find the good one.
  Is there an API to do what I want ?
  I'm using Oracle WebLogic Portal 10.
  Thanks for your help
  Guillaume
  Edited by: user10185882 on 3 nov. 2008 06:07

  A DistinguishedName is of the form e.g. "cn=username, ou=Users,dc=hostname,dc=com". In other words it contains attribute names and values for each name component. Evidently your DN doesn't do that.

• Apply OID search filter for Active Directory Export Sync Profile

  - currenlty we have active directory export profile working successfully
  - the filter we apply at OID side is SynchronizeToAD!=OID
  that means synchronize all ldap data that has a attribute value other than "OID"
  - This works very well
  Problem:
  - We now need to make the export sync work based on a different condition. The condition being....
  SynchronizeToAD=AD3 ( Note the equality condition here, the previous one was not equal to )
  - The moment we set it to the above conditions it seems to invalidate the filter. Now it behaves as if there is no filter. All changes are synchronized regardless of the attribute value
  Question:
  1) Need a way to control synchronization based on attribute value.
  2) So far tried the below filter value with out success
  2a) (&(!(SynchronizeToAD=OID))(!(SynchronizeToAD=AD)))
  2b) SynchronizeToAD=AD3
  - In the directory we have 3 values for this attribute(SynchronizeToAD) - AD , AD3 and OID
  Please provide us with valid search filter to accomplish the above.
  The OID profile attribute that we are trying to set is odip.profile.oidfilter

  - currenlty we have active directory export profile working successfully
  - the filter we apply at OID side is SynchronizeToAD!=OID
  that means synchronize all ldap data that has a attribute value other than "OID"
  - This works very well
  Problem:
  - We now need to make the export sync work based on a different condition. The condition being....
  SynchronizeToAD=AD3 ( Note the equality condition here, the previous one was not equal to )
  - The moment we set it to the above conditions it seems to invalidate the filter. Now it behaves as if there is no filter. All changes are synchronized regardless of the attribute value
  Question:
  1) Need a way to control synchronization based on attribute value.
  2) So far tried the below filter value with out success
  2a) (&(!(SynchronizeToAD=OID))(!(SynchronizeToAD=AD)))
  2b) SynchronizeToAD=AD3
  - In the directory we have 3 values for this attribute(SynchronizeToAD) - AD , AD3 and OID
  Please provide us with valid search filter to accomplish the above.
  The OID profile attribute that we are trying to set is odip.profile.oidfilter

• How to search for data in active directory

  if i have an administrator priviledge, how can i search for user's data if i know his username from active directory.

  What form do you have the user's name in ?
  ANTIPODES\alberteString searchFilter = "(&(objectClass=user)(samAccountName=alberte))";[email protected] searchFilter = "(&(objectClass=user)(userPrincipalName=[email protected]))";Albert EinsteinString searchFilter = (&(objectClass=user)(givenName=Albert)(sn=Einstein))";or using Ambiguous Name Resolution (anr)String searchFilter = "(&(objectClass=user)(anr=Albert Einstein))";or it's even clever enough to useString searchFilter = "(&(objectClass=user)(anr=Einstein Albert))";

• 11gr2 Active Directory User Target Delete Recon Search Root

  Hi All,
  latest AD conector with the patch.
  Have a situation where I need to change the root or base search for the delete recon. by default it seams to want to search at the domain level but that won't work for us. Checked the doc and can't seem to find anyway to change this for the delete recon.
  Thanx in advance
  Fred

  Hi,
  The issue is still pending. I am specifying the following parameters for the scheduled job :
  Batch Size : 100
  Object Type : User
  Batch Start : 1
  Resource Object Name : AD User
  Filter : startsWith('samAccountName','c')
  Scheduled Task Name : Active Directory User Target Recon
  Incremental Recon Attribute : uSNChanged
  Search Base : <blank>
  IT Resource Name : Active Directory
  Search Scope : subtree
  Latest Token : <blank>
  Sort By : samAccountName
  Number of Batches : All
  Sort Direction : asc
  The job runs successfully but no records are reconciled into UD_ADUSER table and the job reports the following error in the logs :
  [2012-10-25T02:32:04.785-07:00] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-iamoimdev-v1.capgroup.com1351057898397_MisfireHandler] [userId: oiminternal] [ecid: 80eeb34d89d5ed80:-343bffe9:13a9150ba30:-8000-0000000000000005,1:24567] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
  org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
  at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
  at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
  at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
  Caused by: java.lang.NullPointerException
  at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
  at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
  at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
  at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
  at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
  Edited by: IDM_newbie on Oct 25, 2012 2:38 AM

• Search for specific user in an Active Directory group

  Hello,
  I have an OU containing a number of Groups. Each group contains a number of members.
  I'm currently retrieving the entire list of members from each group by searching for the members attrib for each group. This is not an ideal approach as the query execute time is a bit too long.
  from what I can tell, the group class is group (opposed to a groupofuniquenames). Is there a way to query for the specific member?
  Thanks

  Thanks for the reply.
  I have read the first post you gave, but not the second. I'm off to read that now.
  My main concern is that I don't have access to the DN of the user in the member attrib. I have access to their CN and uid (which is indexed). From what I can recall from when I last updated this code, I couldn't create a wildcard search filter e.g.,:
  (&(cn=All Scientists)(objectClass=Group)(member=CN=Albert Einstein*))
  If that's correct and I require a DN, is there any way around this?
  I was interested in the posixGroup and groupOfUniqueNames classes. I wasn't aware that these were available through Active Directory, but I see them listed in the AD schema (http://msdn.microsoft.com/en-us/library/ms683908(VS.85).aspx).
  If I'm correct, posixGroup would allow for a filter of (&(cn=All Scientists)(objectClass=posixGroup)(memberUid=AEinstein))
  I'm not sure how typical it is to use the posixGroup class in AD and I'll have to check with my AD team before moving forward with this. But I wanted to get some more direction/ideas before asking them to create some posixGroup objects for me.
  I'm now going to go and read the second post you linked, but I wanted to put the rest of my details out there.
  Thanks again.

• Search for single member in an Active Directory Group

  Hello all,
  I'm attempting to find a better method to search if a user is a member of a group in Active Directory. I currently retrieve the entire member attribute of the group.
  I need to reduce the time of the query. I would like to be able to search for a specific member (user) of the group instead of retrieving the entire member list of the group.
  I can post my current code if that would help.
  I believe the default Active Directory group object is the ldap group. I know that there are posixGroup and groupOfUniqueNames ldap classes available, but I'm not sure if Active Directory has access to those classes.
  Is my request possible using the group ldap object?

  Thanks for the reply.
  I have read the first post you gave, but not the second. I'm off to read that now.
  My main concern is that I don't have access to the DN of the user in the member attrib. I have access to their CN and uid (which is indexed). From what I can recall from when I last updated this code, I couldn't create a wildcard search filter e.g.,:
  (&(cn=All Scientists)(objectClass=Group)(member=CN=Albert Einstein*))
  If that's correct and I require a DN, is there any way around this?
  I was interested in the posixGroup and groupOfUniqueNames classes. I wasn't aware that these were available through Active Directory, but I see them listed in the AD schema (http://msdn.microsoft.com/en-us/library/ms683908(VS.85).aspx).
  If I'm correct, posixGroup would allow for a filter of (&(cn=All Scientists)(objectClass=posixGroup)(memberUid=AEinstein))
  I'm not sure how typical it is to use the posixGroup class in AD and I'll have to check with my AD team before moving forward with this. But I wanted to get some more direction/ideas before asking them to create some posixGroup objects for me.
  I'm now going to go and read the second post you linked, but I wanted to put the rest of my details out there.
  Thanks again.

• JNDI, Active Directory and Persistent Searches (part 2)

  The original post of this title which was located at http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 subsequently disappeared into the ether (as with many other posts).
  By request I am reposting the sample code which demonstrates receiving notifications of object changes on the Active Directory.
  Further information on both the Active Directory and dirsynch and ldap notification mechanisms can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp
  * ldapnotify.java
  * December 2004
  * Sample JNDI application that uses AD LDAP Notification Control.
  import java.util.Hashtable;
  import java.util.Enumeration;
  import javax.naming.*;
  import javax.naming.ldap.*;
  import com.sun.jndi.ldap.ctl.*;
  import javax.naming.directory.*;
  class NotifyControl implements Control {
       public byte[] getEncodedValue() {
               return new byte[] {};
         public String getID() {
            return "1.2.840.113556.1.4.528";
       public boolean isCritical() {
            return true;
  class ldapnotify {
       public static void main(String[] args) {
            Hashtable env = new Hashtable();
            String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
            String adminPassword = "XXXXXXXX";
            String ldapURL = "ldap://mydc.antipodes.com:389";
            String searchBase = "DC=antipodes,DC=com";
            //For persistent search can only use objectClass=*
            String searchFilter = "(objectClass=*)";
                 env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            //set security credentials, note using simple cleartext authentication
            env.put(Context.SECURITY_AUTHENTICATION,"simple");
            env.put(Context.SECURITY_PRINCIPAL,adminName);
            env.put(Context.SECURITY_CREDENTIALS,adminPassword);
            //connect to my domain controller
            env.put(Context.PROVIDER_URL,ldapURL);
            try {
                 //bind to the domain controller
                    LdapContext ctx = new InitialLdapContext(env,null);
                 // Create the search controls           
                 SearchControls searchCtls = new SearchControls();
                 //Specify the attributes to return
                 String returnedAtts[] = null;
                 searchCtls.setReturningAttributes(returnedAtts);
                 //Specify the search scope
                 searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                       //Specifiy the search time limit, in this case unlimited
                 searchCtls.setTimeLimit(0);
                 //Request the LDAP Persistent Search control
                       Control[] rqstCtls = new Control[]{new NotifyControl()};
                       ctx.setRequestControls(rqstCtls);
                 //Now perform the search
                 NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
                 SearchResult sr;
                       Attributes attrs;
                 //Continue waiting for changes....forever
                 while(true) {
                      System.out.println("Waiting for changes..., press Ctrl C to exit");
                      sr = (SearchResult)answer.next();
                            System.out.println(">>>" + sr.getName());
                      //Print out the modified attributes
                      //instanceType and objectGUID are always returned
                      attrs = sr.getAttributes();
                      if (attrs != null) {
                           try {
                                for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
                                     Attribute attr = (Attribute)ae.next();
                                     System.out.println("Attribute: " + attr.getID());
                                     for (NamingEnumeration e = attr.getAll();e.hasMore();System.out.println("   " + e.next().toString()));
                           catch (NullPointerException e)     {
                                System.err.println("Problem listing attributes: " + e);
            catch (NamingException e) {
                        System.err.println("LDAP Notifications failure. " + e);
  }

  Hi Steven
  How can I detect what change was made ? Is there an attribute that tell us ?
  Thanks
  MHM

• SharePoint Foundation Active Directory Problem

  Hey,
  I have a problem with the Active Directory connection to SharePoint Foundation.
  My Situation looks like this:
  I'm working on a kind of project controlling plattform. Each of our customers has its own site. Also each customer has an account in our Active Directory. For the administrative part, we have a list which contains some infos of the customer, the url to its
  site and the contact person.
  I wrote an import-script which creates a site and a new item in the list. To put the contact person in the list-item, I use a code-snippet like this:
  try
  user = web.EnsureUser(loginName);
  catch (Exception ex)
  throw new Exception("LoginName " + loginName + " not found");
  Now the problem is, that the try/catch block fails too often which means: SharePoint doesn't know the loginNames of some of our customers.
  Why does SharePoint not know maybe 1/5 of all our customers? All of them have an account in our active directory, none of them ever logged in the SharePoint (at the time they even doesn't know, that they have a SharePoint site for this project).
  I searched the internet for the problem but all I found where questions related to the synchronization of ad-properties to SharePoint Foundation. But I don't want to sync the phone-number or something like that - I want SharePoint only to know all the loginNames
  of our customers, not only 1/5 of them.
  How do I achive this, what am I doing wrong?
  Thank you!

  web.EnsureUser has nothing to do with the UPS at all. This has nothing to do with synchronisation (it does have a role but it's a maintenance one and nothing to do with authentication.
  The simplest answer is that the login names are being entered wrongly. Having said that there are a few areas you can look at to try to identify the problem:
  Does it fail repeatedly for the same username? Can you add that user to the site manually using a people picker control and if so will the script work afterwards? Are there any trends in the user accounts that SharePoint cannot find?

• Error while creating a user in Active Directory.

  Hi Guys,
  I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
  13:51:15,635 ERROR [STDERR] Data AccessException:
  13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
  SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
  at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
  at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
  at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
  at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
  at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
  at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
  at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
  at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
  at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
  at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
  at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
  at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
  at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
  at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
  at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
  at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
  at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
  at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
  at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
  at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
  at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
  at org.jboss.ejb.Container.invoke(Container.java:960)
  at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
  at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
  at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
  at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
  at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
  at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
  at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
  at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
  at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
  at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
  at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
  at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
  at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
  at $Proxy758.setProcessFormData(Unknown Source)
  at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
  at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
  at $Proxy803.setProcessFormData(Unknown Source)
  at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
  at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
  at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
  at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
  at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
  at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
  at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
  at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
  at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
  at java.lang.Thread.run(Thread.java:619)
  Thanks,
  Hemant

  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
  This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
  So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
  The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
  While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
  Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
  And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
  Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
  And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
  And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited.

• How do I get info from Active Directory and use it in my web-applications?

  I borrowed a nice piece of code for JNDI hits against Active Directory from this website: http://www.sbfsbo.com/mike/JndiTutorial/
  I have altered it and am trying to use it to retrieve info from our Active Directory Server.
  I altered it to point to my domain, and I want to retrieve a person's full name(CN), e-mail address and their work location.
  I've looked at lots of examples, I've tried lots of things, but I'm really missing something. I'm new to Java, new to JNDI, new to LDAP, new to AD and new to Tomcat. Any help would be so appreciated.
  Thanks,
  To show you the code, and the error message, I've changed the actual names I used for connection.
  What am I not coding right? I get an error message like this:
  javax.naming.NameNotFoundException[LDAP error code 32 - 0000208D: nameErr DSID:03101c9 problem 2001 (no Object), data 0,best match of DC=mycomp, DC=isd, remaining name dc=mycomp, dc=isd
  [code]
  import java.util.Hashtable;
  import java.util.Enumeration;
  import javax.naming.*;
  import javax.naming.directory.*;
  public class JNDISearch2 {
  // initial context implementation
  public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
  public static String MY_HOST = "ldap://99.999.9.9:389/dc=mycomp,dc=isd";
  public static String MGR_DN = "CN=connectionID,OU=CO,dc=mycomp,dc=isd";
  public static String MGR_PW = "connectionPassword";
  public static String MY_SEARCHBASE = "dc=mycomp,dc=isd";
  public static String MY_FILTER =
  "(&(objectClass=user)(sAMAccountName=usersignonname))";
  // Specify which attributes we are looking for
  public static String MY_ATTRS[] =
  { "cn", "telephoneNumber", "postalAddress", "mail" };
  public static void main(String args[]) {
  try { //----------------------------------------------------------        
  // Binding
  // Hashtable for environmental information
  Hashtable env = new Hashtable();
  // Specify which class to use for our JNDI Provider
  env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
  // Specify the host and port to use for directory service
  env.put(Context.PROVIDER_URL, MY_HOST);
  // Security Information
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
  env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
  // Get a reference toa directory context
  DirContext ctx = new InitialDirContext(env);
  // Begin search
  // Specify the scope of the search
  SearchControls constraints = new SearchControls();
  constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
  // Perform the actual search
  // We give it a searchbase, a filter and the constraints
  // containing the scope of the search
  NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);
  // Now step through the search results
  while (results != null && results.hasMore()) {
  SearchResult sr = (SearchResult) results.next();
  String dn = sr.getName() + ", " + MY_SEARCHBASE;
  System.out.println("Distinguished Name is " + dn);
  // Code for displaying attribute list
  Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
  if (ar == null)
  // Has no attributes
  System.out.println("Entry " + dn);
  System.out.println(" has none of the specified attributes\n");
  else // Has some attributes
  // Determine the attributes in this record.
  for (int i = 0; i < MY_ATTRS.length; i++) {
  Attribute attr = ar.get(MY_ATTRS);
  if (attr != null) {
  System.out.println(MY_ATTRS[i] + ":");
  // Gather all values for the specified attribute.
  for (Enumeration vals = attr.getAll(); vals.hasMoreElements();) {
  System.out.println("\t" + vals.nextElement());
  // System.out.println ("\n");
  // End search
  } // end try
  catch (Exception e) {
  e.printStackTrace();
  System.exit(1);
  My JNDIRealm in Tomcat which actually does the initial authentication looks like this:(again, for security purposes, I've changed the access names and passwords, etc.)
  <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
  connectionURL="ldap://99.999.9.9:389"
  connectionName="CN=connectionId,OU=CO,dc=mycomp,dc=isd"
  connectionPassword="connectionPassword"
  referrals="follow"
  userBase="dc=mycomp,dc=isd"
  userSearch="(&(sAMAccountName={0})(objectClass=user))"
  userSubtree="true"
  roleBase="dc=mycomp, dc=isd"
  roleSearch="(uniqueMember={0})"
  rolename="cn"
  />
  I'd be so grateful for any help.
  Any suggestions about using the data from Active directory in web-application.
  Thanks.
  R.Vaughn

  By this time you probably have already solved this, but I think the problem is that the Search Base is relative to the attachment point specified with the PROVIDER_URL. Since you already specified "DC=mycomp,DC=isd" in that location, you merely want to set the search base to "". The error message is trying to tell you that it could only find half of the "DC=mycomp, DC=isd, DC=mycomp, DC=isd" that you specified for the search base.
  Hope that helps someone.
  Ken Gartner
  Quadrasis, Inc (We Unify Security, www -dot- quadrasis -dot- com)