Reading Operational Attributes using Spring LDAP
September 1st, 2009
Ldap Servers maintain operational attributes (introduced in version 3) for administrative purposes. For example, the Tivoli Directory Server maintains the pwdAccountLockedTime operational attribute to record the time a user’s account got locked.
These operational attributes are unique in the sense that they are not part of an object class and are not returned unless they are explicitly requested by name. Here are two ways of reading operational attributes using Spring Ldap:
Using lookup:
LdapTemplate ldapTemplate = new LdapTemplate(context);
ldapTemplate.lookup("USER_DN", new String[]{"OPERATIONAL_ATTR"}, new ContextMapper(){
@Override
public Object mapFromContext(Object ctx)
{
DirContextAdapter context = (DirContextAdapter)ctx;
return context.getStringAttributes("OPERATIONAL_ATTR");
} });
Using Search:
LdapTemplate ldapTemplate = new LdapTemplate(context);
ldapTemplate.search("SEARCH_BASE", "uid=UNIQUE_USER_NAME", 1, new String[]{"OPERATIONAL_ATTR"}, new ContextMapper(){
@Override
public Object mapFromContext(Object ctx)
{
DirContextAdapter context = (DirContextAdapter)ctx;
return context.getStringAttributes("OPERATIONAL_ATTR");
} });