I am writing a little tool, which can execute some operations within ldap (e.g. create user, delete user, assign user to group, read specific attributes, etc.) That works perfect.
Now I want to add a little security aspect. Only some users are allowed to execute these operations. That's why I want to check first, if the user who wants to do the executions is in a specific ldap-group (e.g. administrators). If the user is not in this group, he should get a message ("your are not authorized").
My standard login is like described everywhere:
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, LDAP_SERVER_URL + ":" + LDAP_PORT + "/" + LDAP_BASE_DN);
if (LDAP_SERVER_URL.startsWith("ldaps")) {
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.factory.socket", "com.ibm.devopscoc.ldap.util.LdapSSLSocketFactory");
InputStream truststoreStream = LdapSSLSocketFactory.class.getResourceAsStream("truststoreldap.jks");
LdapSSLSocketFactory.init(null, null, null, truststoreStream, "<password>", "JKS");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, probs.getAdminName());
env.put(Context.SECURITY_CREDENTIALS, probs.getAdminPassword());
env.put(Context.REFERRAL, "follow");
Where do I have to specify the group?
Thanks in advance.
