Open in app

Sign in

Write

Sign in

How to enumerate own Active Directory groups in Java

Jakub Jóźwicki
2 min readOct 18, 2022

A lot of code lines must be written…

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
 
public class ADConnect extends javax.net.ssl.SSLSocketFactory {
 private static final String MEMBER_OF = “memberOf”;
 private static final SSLSocketFactory unsafeSslSocketFactory = getUnsafeSslFactory();
 
 private final static SSLSocketFactory getUnsafeSslFactory() {
 TrustManager[] trustAllCerts = new X509TrustManager[] { 
 new X509TrustManager() {
 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
 return new X509Certificate[0];
 }
 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
 }
 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
 }
 } 
 };try {
 SSLContext sc = SSLContext.getInstance(“SSL”);
 sc.init(null, trustAllCerts, new java.security.SecureRandom());
 return sc.getSocketFactory();
 }
 catch (Exception e) {
 throw new RuntimeException(“SSL static init error”, e);
 }
 }
 
 public static List<String> authenticate(String user,
 String securityToken,
 String domain) throws NamingException {
 
 Hashtable<Object,Object> env = new Hashtable<>();
 env.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”);
 env.put(Context.PROVIDER_URL, “LDAPS://PRIMARY_DOMAIN_CONTROLLER”);
 env.put(Context.SECURITY_AUTHENTICATION, “simple”);
 env.put(Context.SECURITY_PRINCIPAL, user + “@” + domain);
 env.put(Context.SECURITY_CREDENTIALS, securityToken);
 env.put(“java.naming.ldap.factory.socket”, ADConnect.class.getName());
 
 
 LdapContext ctx = new InitialLdapContext(env, new Control[] {});String[] dcParts = domain.split(“\\.”);
 String domainSearch = “”;
 for (String dcPart : dcParts) {
 domainSearch += “DC=” + dcPart + “,”;
 }
 domainSearch = domainSearch.substring(0, domainSearch.length() — 1);
 
 // Create the search controls
 SearchControls searchCtls = new SearchControls();
 String[] attributes = new String[]{MEMBER_OF};
 searchCtls.setReturningAttributes(attributes);
 
 // Specify the search scope
 searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
 // Search for objects using the filter
 NamingEnumeration<?> result = ctx.search(domainSearch,
 MessageFormat.format(“(SAMAccountName={0})”, user), searchCtls);
 
 //Get the first result
 SearchResult sr = (SearchResult) result.next();
 
 Attribute memberOf = sr.getAttributes().get(MEMBER_OF);
 List<String> memberOfGroups = new ArrayList<>();
 if (memberOf != null) {
 for (Enumeration<?> e1 = memberOf.getAll(); e1.hasMoreElements(); ) {
 memberOfGroups.add(e1.nextElement().toString());
 }
 }
 return memberOfGroups;
 }
 
 public static void main(String[] args) throws Exception{
 BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
 ADConnect.authenticate(“AD-USER”, br.readLine(), “corponet.t-mobile.pl”).forEach( g -> {
 System.out.println(g);
 });
 }@Override
 public String[] getDefaultCipherSuites() {
 return unsafeSslSocketFactory.getDefaultCipherSuites();
 }@Override
 public String[] getSupportedCipherSuites() {
 return unsafeSslSocketFactory.getSupportedCipherSuites();
 }@Override
 public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
 return unsafeSslSocketFactory.createSocket(s, host, port, autoClose);
 }@Override
 public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
 return unsafeSslSocketFactory.createSocket(host, port);
 }@Override
 public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
 throws IOException, UnknownHostException {
 return unsafeSslSocketFactory.createSocket(host, port, localHost, localPort);
 }@Override
 public Socket createSocket(InetAddress host, int port) throws IOException {
 return unsafeSslSocketFactory.createSocket(host, port);
 }@Override
 public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
 throws IOException {
 return unsafeSslSocketFactory.createSocket(address, port, localAddress, localPort);
 }
 
 public static SocketFactory getDefault() {
 return unsafeSslSocketFactory;
 }
}

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ldap
Active Directory
Jakub Jóźwicki
Jakub Jóźwicki

Written by Jakub Jóźwicki

21 Followers
14 Following

Cloud Security Engineer

No responses yet

Write a response

What are your thoughts?

More from Jakub Jóźwicki

See all from Jakub Jóźwicki

Recommended from Medium

Lists

Staff picks

827 stories1648 saves

Stories to Help You Level-Up at Work

19 stories948 saves

Self-Improvement 101

20 stories3355 saves

Productivity 101

20 stories2818 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams