[jcifs] Obtaining username to/from NT SID
eglass1 at attbi.com
eglass1 at attbi.com
Wed Oct 30 23:36:47 EST 2002
Possibly; we are currently beginning deployment of AD
within our organization, so I haven't done too much with
it. At the moment I'm using JNDI against an Exchange
The biggest stumbling block I'm encountering is that the
Exchange LDAP schema doesn't provide an attribute for
the domain (or a reliable username, for that
matter; "uid" is usually, but not necessarily, the same
as the username). So what I'm doing is retrieving the
Assoc-NT-Account attribute (which is a SID) and
resolving it to a domain and username via
I'm not familiar with Active Directory's schema, but if
you have any suggestions I would be quite interested.
This is kind of off-topic for the jCIFS list, I know,
but hopefully someone out there has had to do something
> You should be able to obtain this information using JNDI LDAP querying
> NT's ActiveDirectory... Is this an option for you in your environment?
> -----Original Message-----
> From: Michael B. Allen [mailto:miallen at eskimo.com]
> Sent: Wednesday, October 30, 2002 6:41 AM
> To: eglass1 at attbi.com
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] Obtaining username to/from NT SID
> This needs DCE/RCP and LsarLookupSids or similar (p67 DCE/RPC over SMB)
> which we just don't support. We have up to TransactNamedPipe functions
> but it requires a PDU layer, some crypto, and a lot of patience. I just
> cannot bring myself to start doing it. Don't hold your breath.
> On Tue, 29 Oct 2002 12:54:28 +0000
> eglass1 at attbi.com wrote:
> > I'm currently working on a project where I have the need
> > to match a user's NT SID to their username. Previously,
> > I was using a native call to LookupAccountSid with the
> > SID to retrieve the username. However, I was wondering
> > if it would be possible via jCIFS to either do this or
> > go the other way -- i.e., the user has authenticated via
> > NTLM, and I want to retrieve the SID (using perhaps the
> > NtlmPasswordAuthentication object?). I essentially have
> > 2 sources (one with the SID and one with a username),
> > and I need to match them. Anyone have any ideas?
> > Ideally, I would like to do this in pure Java (I can
> > already do it natively, but that ties me to a specific
> > platform).
> > Eric
> A program should be written to model the concepts of the task it
> performs rather than the physical world or a process because this
> maximizes the potential for it to be applied to tasks that are
> conceptually similar and, more important, to tasks that have not
> yet been conceived.
> This message and any attachment is confidential and may be privileged or > otherwise protected from disclosure. If you have received it by mistake please
> let us know by reply and then delete it from your system; you should not copy
> the message or disclose its contents to anyone.
More information about the jcifs