1

I am using Spring Boot/Spring Data Ldap.

When I query users I cannot read accountExpires attribute, even when the property is shown in GetADUser.

I tried something like this:

return readTemplate().search(query()
      .base(ou)
      .attributes(new String[]{"samaccountname", "givenName", "sn", "mail", "userAccountControl", "accountExpires", "memberof"})
      .where("objectClass").is("person"), userExtractor);

I am sure the user has accountExpires property set, I tested with accountExpires and accountexpires (to check case-sensitivity), even I omitted attributes to read all attributes, but no chance, not all attributes are returned (well accountExpires is one of the missing ones).

How can I read that attribute?

Improve this question

2 Answers 2

Reset to default
0

Your code is not failing because of case sensitivity or missing the attribute in your query, but because the data type returned by AD is not being handled correctly. You must explicitly handle it as long. Just for a little background, the accountExpires attribute in AD is an integer representing the number of 100ns intervals since Jan 1st, 1601. Spring LDAP needs to handle it as a long.

Create a custom AttributesMapper or ContextMapper to explicitly handle the accountExpires attribute.

Example (more or less like this):

    public class CustomContextMapper implements ContextMapper<User> {
        public User mapFromContext(Object ctx) {
            DirContextAdapter context (DirContextAdapter) ctx;
            User user = new User();
            // ... more attribute mappings here ...
            long accountExpires = context.getLongAttribute("accountExpires");
            // ... convert long to date object ...
            return user;
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The problem was on port of Active Directory I used. MS Active Directory exposes 2 ports 3268 which is readonly but return all results (even if result-set is so big) and 389 which is read/write but returns paged data.

My readTemplate was set to read from 3268, but I don't know why that port does not return some attributes including accountExpires.

When I read the data through writeTemplate (which was set on 389), I could read the attribute.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.