I have a requirement of retrieving various values such as Description, Office, etc. from LDAP after authentication.

I have been able to complete the authentication but i am not able to retrieve other values.

what names should i use to retrieve the complete data??

please help.

My code is as below:

    public boolean authenticate(String userid, String pass, String domain) {
        boolean retval = false;
        String searchFilter ="(&(objectClass=user)(" + LDAP_UID_ATTR + "=" + userid + "))";


        try {
            System.out.println("Start: getLDAPAttrs");
            NamingEnumeration answer =
                getLDAPAttrs(userid, pass, searchFilter, domain);
            String uid = "";

            while (answer.hasMoreElements()) {
                SearchResult sr = (SearchResult)answer.next();

                Attributes attrs = sr.getAttributes();

                try {
                    uid = attrs.get(LDAP_UID_ATTR).toString();
                    System.out.println("uid: " + uid);
                    System.out.println(attrs.get("mail"));
                    uid = uid.substring(uid.indexOf(':') + 2);
                } catch (Exception err) {
//                    uid = "";
                    System.out.println(err.getMessage());
                    err.printStackTrace();
                }

                // verify userid
                if (userid.equalsIgnoreCase(uid)) {
                    retval = true;

                    break;
                }
            }
        } catch (NamingException ne) {
            System.out.println("In authenticateWithLDAP, LDAP Authentication NamingException : " +
                               ne.getMessage());
        } catch (Exception ex) {
            System.out.println("In authenticateWithLDAP, LDAP Authentication Exception : " +
                               ex.getMessage());
        }

        return retval;
        //        return retval;
    }

    private NamingEnumeration getLDAPAttrs(String userid, String pass,
                                           String searchFilter,
                                           String domain) throws NamingException,
                                                                 Exception {
        String host = getServerName();
        String port = getIP_Port();
        String dcPart1 = getDcPart1();
        String dcPart2 = getDcPart2();
//        String attrUserID = getLDAP_UID_ATTR();
//        String attrUserName = getLDAP_UNAME_ATTR();

        // set attribute names to obtain value of
        String[] returnedAtts = { "sAMAccountName", "cn","mail" };
        SearchControls searchCtls = new SearchControls();
        searchCtls.setReturningAttributes(returnedAtts);

        // specify the search scope
        searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

        // set search base
        String searchBase = "DC=" + dcPart1 + ",DC=" + dcPart2;

        // set ldap env values
        Hashtable environment = new Hashtable();
        environment.put(Context.INITIAL_CONTEXT_FACTORY,
                        "com.sun.jndi.ldap.LdapCtxFactory");
        environment.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port);
        environment.put(Context.SECURITY_AUTHENTICATION, "simple");
        environment.put(Context.SECURITY_PRINCIPAL, userid + "@" + domain);
        environment.put(Context.SECURITY_CREDENTIALS, pass);

        // set ldap context
        DirContext ctxGC = new InitialDirContext(environment);

        // perform search to obtain values
        NamingEnumeration answer =
            ctxGC.search(searchBase, searchFilter, searchCtls);
        return answer;
    }

An LDAP client retrieves attribute values (referred to as "fields" in the question) by transmitting a search request to the server and then reading the server's response. A search request consists of at a minimum the following components:

• base DN - the object at which to begin the search. No objects above the base DN are returned
• scope - the scope of the search; this is base, one, or subtree
• filter - a filter which limits the entries that are returned by the server

Additionally, a list of requested attributes can be transmitted with the search request. Many LDAP SDKs will simply return all user attributes and no operational attributes if no requested attributes list is provided. In this case, request the attributes description and office and any others that are required.

LDAP-compliant servers enforce an access control scheme which might cause the server to not return certain attributes. Consult with the LDAP administrators to determine if the authentication state of the LDAP client connections have permission to access the attributes desired.

see also

• LDAP: Using ldapsearch: this article refers to the ldapsearch command line tool, but the concepts are the same as for programmatic access.

I found out what was wrong.

I had to include parameters in the returned attributes:

String[] returnedAtts = { "sAMAccountName", "cn","mail" };

or

String[] returnedAtts = { "sAMAccountName", "cn","mail","description" };

Then at time of getting the attribute use its values.

thanks