How to do an LDAP Search of Various fields

Requirement: retrieving various values such as Description, Office, etc. from LDAP after authentication.

An LDAP client retrieves attribute values (referred to as “fields” in the question) by transmitting a search request to the server and then reading the server’s response. A search request consists of at a minimum the following components:

  • base DN – the object at which to begin the search. No objects above the base DN are returned
  • scope – the scope of the search; this is base, one, or subtree
  • filter – a filter which limits the entries that are returned by the server

Additionally, a list of requested attributes can be transmitted with the search request. Many LDAP SDKs will simply return all user attributes and no operational attributes if no requested attributes list is provided. In this case, request the attributes description and office and any others that are required.

LDAP-compliant servers enforce an access control scheme which might cause the server to not return certain attributes. Consult with the LDAP administrators to determine if the authentication state of the LDAP client connections have permission to access the attributes desired.

see also

  • LDAP: Using ldapsearch: this article refers to the ldapsearch command line tool, but the concepts are the same as for programmatic access.

Code Ref:

public boolean authenticate(String userid, String pass, String domain) {
        boolean retval = false;
        String searchFilter ="(&(objectClass=user)(" + LDAP_UID_ATTR + "=" + userid + "))";

        try {
            System.out.println("Start: getLDAPAttrs");
            NamingEnumeration answer =
                getLDAPAttrs(userid, pass, searchFilter, domain);
            String uid = "";

            while (answer.hasMoreElements()) {
                SearchResult sr = (SearchResult);

                Attributes attrs = sr.getAttributes();

                try {
                    uid = attrs.get(LDAP_UID_ATTR).toString();
                    System.out.println("uid: " + uid);
                    uid = uid.substring(uid.indexOf(':') + 2);
                } catch (Exception err) {
//                    uid = "";

                // verify userid
                if (userid.equalsIgnoreCase(uid)) {
                    retval = true;

        } catch (NamingException ne) {
            System.out.println("In authenticateWithLDAP, LDAP Authentication NamingException : " +
        } catch (Exception ex) {
            System.out.println("In authenticateWithLDAP, LDAP Authentication Exception : " +

        return retval;
        //        return retval;

    private NamingEnumeration getLDAPAttrs(String userid, String pass,
                                           String searchFilter,
                                           String domain) throws NamingException,
                                                                 Exception {
        String host = getServerName();
        String port = getIP_Port();
        String dcPart1 = getDcPart1();
        String dcPart2 = getDcPart2();
//        String attrUserID = getLDAP_UID_ATTR();
//        String attrUserName = getLDAP_UNAME_ATTR();

        // set attribute names to obtain value of
        String[] returnedAtts = { "sAMAccountName", "cn","mail" };
        SearchControls searchCtls = new SearchControls();

        // specify the search scope

        // set search base
        String searchBase = "DC=" + dcPart1 + ",DC=" + dcPart2;

        // set ldap env values
        Hashtable environment = new Hashtable();
        environment.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port);
        environment.put(Context.SECURITY_AUTHENTICATION, "simple");
        environment.put(Context.SECURITY_PRINCIPAL, userid + "@" + domain);
        environment.put(Context.SECURITY_CREDENTIALS, pass);

        // set ldap context
        DirContext ctxGC = new InitialDirContext(environment);

        // perform search to obtain values
        NamingEnumeration answer =
  , searchFilter, searchCtls);
        return answer;

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.