I connect to the Active Directory using LDAP. User gives his login and password, where login can be anything (CN, UPN, SAM, etc.). After successful bind I need to retrieve some attributes of the logged user (like distinguishedName or displayName). But the problem is that I don't know baseCtxDN, so I don't know where to search for the user. Is there a method to get attributtes of the current user without performing a search?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't know of any mechanism that Active Directory provides to get information about a user without performing a search (although the UnboundID Directory Server does provide a control that you can include in the bind request to accomplish this). Chances are you'll have to perform a search.
If you don't know the DN of the user, you may be able to use either the authorization identity request control (which you would include in the bind request) or the "Who am I?" extended operation. The LDAP SDK sports both of these features and the Javadoc documentation should include examples on how to use them. I'm not sure off the top of my head whether Active Directory supports either of those features, but you should be able to determine that from the root DSE. If all else fails, you could use the namingContexts attribute of the root DSE to know what potential search bases you could use.
Neil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I connect to the Active Directory using LDAP. User gives his login and password, where login can be anything (CN, UPN, SAM, etc.). After successful bind I need to retrieve some attributes of the logged user (like distinguishedName or displayName). But the problem is that I don't know baseCtxDN, so I don't know where to search for the user. Is there a method to get attributtes of the current user without performing a search?
I don't know of any mechanism that Active Directory provides to get information about a user without performing a search (although the UnboundID Directory Server does provide a control that you can include in the bind request to accomplish this). Chances are you'll have to perform a search.
If you don't know the DN of the user, you may be able to use either the authorization identity request control (which you would include in the bind request) or the "Who am I?" extended operation. The LDAP SDK sports both of these features and the Javadoc documentation should include examples on how to use them. I'm not sure off the top of my head whether Active Directory supports either of those features, but you should be able to determine that from the root DSE. If all else fails, you could use the namingContexts attribute of the root DSE to know what potential search bases you could use.
Neil