[jcifs] Obtaining username to/from NT SID

eglass1 at attbi.com eglass1 at attbi.com
Wed Oct 30 23:36:47 EST 2002 

Possibly; we are currently beginning deployment of AD 
within our organization, so I haven't done too much with 
it.  At the moment I'm using JNDI against an Exchange 
server.

The biggest stumbling block I'm encountering is that the 
Exchange LDAP schema doesn't provide an attribute for 
the domain (or a reliable username, for that 
matter; "uid" is usually, but not necessarily, the same 
as the username).  So what I'm doing is retrieving the 
Assoc-NT-Account attribute (which is a SID) and 
resolving it to a domain and username via 
LookupAccountSid.

I'm not familiar with Active Directory's schema, but if 
you have any suggestions I would be quite interested.  
This is kind of off-topic for the jCIFS list, I know, 
but hopefully someone out there has had to do something 
similar.
> 
> 	You should be able to obtain this information using JNDI LDAP querying 
> NT's ActiveDirectory...	Is this an option for you in your environment?
> 
> -----Original Message-----
> From: Michael B. Allen [mailto:miallen at eskimo.com]
> Sent: Wednesday, October 30, 2002 6:41 AM
> To: eglass1 at attbi.com
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] Obtaining username to/from NT SID
> 
> 
> This needs DCE/RCP and LsarLookupSids or similar (p67 DCE/RPC over SMB)
> which we just don't support. We have up to TransactNamedPipe functions
> but it requires a PDU layer, some crypto, and a lot of patience. I just
> cannot bring myself to start doing it. Don't hold your breath.
> 
> On Tue, 29 Oct 2002 12:54:28 +0000
> eglass1 at attbi.com wrote:
> 
> > I'm currently working on a project where I have the need 
> > to match a user's NT SID to their username.  Previously, 
> > I was using a native call to LookupAccountSid with the 
> > SID to retrieve the username.  However, I was wondering 
> > if it would be possible via jCIFS to either do this or 
> > go the other way -- i.e., the user has authenticated via 
> > NTLM, and I want to retrieve the SID (using perhaps the 
> > NtlmPasswordAuthentication object?).  I essentially have 
> > 2 sources (one with the SID and one with a username), 
> > and I need to match them.  Anyone have any ideas?  
> > Ideally, I would like to do this in pure Java (I can 
> > already do it natively, but that ties me to a specific 
> > platform).
> > 
> > Eric
> 
> 
> -- 
> A  program should be written to model the concepts of the task it
> performs rather than the physical world or a process because this
> maximizes  the  potential  for it to be applied to tasks that are
> conceptually  similar and, more important, to tasks that have not
> yet been conceived. 
> 
> ------------------------------------------------------------------------------
> This message and any attachment is confidential and may be privileged or > otherwise protected from disclosure.  If you have received it by mistake please 
> let us know by reply and then delete it from your system; you should not copy 
> the message or disclose its contents to anyone.
> 
> 
> 
>

More information about the jcifs mailing list