7 Replies Latest reply: Apr 7, 2011 11:06 AM by 853690 RSS

    search in AD domain - subdomain setup returns inconsistent results Pls help

    812817
      Hi everyone,

      I am facing a very peculiar and confusing problem when I perform a LDAP search in an Active Directory environment with a main domain and its subdomain.

      DETAILS:
      =======
      domain: ohm-ad.novell.com
      subdomain: subdomain.ohm-ad.novell.com
      There are only 2 computers in the domain - the domain DC and the subdomain DC.
      Binding using userPrincipalName on port 389
      search base is dc=ohm-ad,dc=novell,dc=com
      I have set the Context.REFERRAL to "follow" to follow the referrals automatically.
      I have set the search scope to SUBTREE_SCOPE so that the child domains are also searched.
      My search filter is (objectClass=computer) because I want all the computers in the domain and the subdomain.
      PROBLEM:
      =======
      The problem is that the same search( ) call returns different results at different instances.

      At one instance, I get both the domain DC computer and the subdomain DC computer in the search result as expected.
      At another instance, I get only the domain DC computer in the search result which is unexpected.

      Why am I getting inconsistent search results even though the same client code is executed every time?

      Also, if I bind to the global catalog port 3268 instead of 389 in the client code, I consistently get both the domain DC computer and subdomain DC computer in the search result. Also, if i perform the same search using the miscrosoft provided AD search tool called "ldp" with the same search parameters on port 389, I consistently get both the domain DC computer and subdomain DC computer in the search result.

      I am very confused and stuck up. Please help urgently. Any kind of help would be appreciated.

      Regards,
      Sanjay

      CODE SNIPPET:
      ===========
                private static DCQueryResults getServersInternal (String domainController, int portDC,String certLocation,String certPass,String domainName, String loginName, String password,boolean walkThrough,boolean isSSL, boolean isTest) {
                     
                     DCQueryResults results = new DCQueryResults(); 
                    ArrayList<String> svrList = new ArrayList<String>();
                     
                     Hashtable<String, String> envDC = new Hashtable<String, String>();
                     
                     LdapContext ctxDC = null;
      //                Start TLS once the context is initialized.
                     StartTlsResponse tls = null;
                
      
                     try {
            
                     /* use the AD "userPrincipalName" attribute i.e loginName@domainName for the LDAP query 
                      * so that the user object can be located in any container in the AD tree */
                     String adminName = loginName+"@"+domainName;//$NON-NLS-1$
                     
                     String adminPassword = password;
            
                     String urlDC = "ldap://"+domainController+":"+portDC; //$NON-NLS-1$ //$NON-NLS-2$
                     
                     
                     if (isSSL) {
                     
                          System.setProperty("javax.net.ssl.trustStore",certLocation); //$NON-NLS-1$
                          System.setProperty("javax.net.ssl.trustStorePassword",certPass); //$NON-NLS-1$
                          //               specify use of ssl                    
                          envDC.put(Context.SECURITY_PROTOCOL,"ssl"); //$NON-NLS-1$
                          envDC.put(Context.SECURITY_AUTHENTICATION,"simple");       //$NON-NLS-1$
                     }
                     else
                          envDC.put(Context.SECURITY_AUTHENTICATION,"simple"); //$NON-NLS-1$
                     
            
                     
                     envDC.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); //$NON-NLS-1$
                     
           
                     //set security credentials, note using simple cleartext authentication 
                     
                     envDC.put(Context.SECURITY_PRINCIPAL,adminName);
                     envDC.put(Context.SECURITY_CREDENTIALS,adminPassword);
                     
                     envDC.put(Context.PROVIDER_URL,urlDC);
                     
                     //We need to chase referrals when retrieving attributes from the DC
                     //as the object may be in a different domain
                     envDC.put(Context.REFERRAL,"follow"); //$NON-NLS-1$
                     
                     ctxDC = new InitialLdapContext(envDC,null);
                
                     //Create the search controls           
                     SearchControls searchCtls = new SearchControls();
                     if (isTest) {
                          searchCtls.setCountLimit(1);//If it is test just get 1 entry for making it sufficient.
                     }
      
                     //Specify the attributes to return
                     String returnedAtts[]={"dNSHostName","cn","networkAddress"}; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
                     searchCtls.setReturningAttributes(returnedAtts);
                
                     searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
           
                     //specify the LDAP search filter
                     String searchFilter = "(objectClass=computer)"; //$NON-NLS-1$
       
                     //Specify the Base for the search
                     String searchBase = makeSearchDomainBaseName(domainName);
       
                     //initialize counter to total the results
                     int totalResults = 0;     
                
                     NamingEnumeration answer = ctxDC.search(searchBase, searchFilter, searchCtls);
                  
                     //Loop through the search results
                     while (answer.hasMoreElements()) {
                          SearchResult sr = (SearchResult)answer.next();
       
                          totalResults++;       
      
                
                               //Now retrieve attributes from the DC
                               Attributes DCattrs = ctxDC.getAttributes(sr.getNameInNamespace());
                               
                               try {
                                    logger.log (Level.FINEST,"   DNS-Name :" +  " Common-Name :" + DCattrs.get("cn").get()+" Network-Name : "); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$
                                    //logger.log (Level.FINEST,"   DNS-Name :" + DCattrs.get("name").get());
                               }
                               catch (NullPointerException e)     {
                                    logger.log (Level.SEVERE,"Problem listing attributes from Domain Controller: " + e); //$NON-NLS-1$
                                    throw e;
                               }
                               if (!walkThrough) {
                                    if (!isSubTreeEntry(makeServerName(sr.getNameInNamespace()),domainName))
                                      svrList.add( makeServerName(sr.getNameInNamespace()));
                               }
                               else
                               svrList.add( makeServerName(sr.getNameInNamespace()));
                     
                          } 
            
                           logger.log (Level.FINEST,"Total results: " + totalResults); //$NON-NLS-1$
                 
            
                     } 
                     catch (Exception e) {
                          logger.log (Level.SEVERE,"Problem searching DomainController directory: " + e.toString()); //$NON-NLS-1$
                          ExceptionHandler.handle(logger, e);
                          svrList = null;
                          results.setIsException(true);
                          results.setExcMsg(e.toString());
                     }
                     finally {
                          try {
                               if (ctxDC != null)
                                    ctxDC.close();
                               if (isSSL && tls != null)
                                     tls.close();
                          } catch (Exception e) {
                               //Don't need to do anything other than logging.
                               logger.log (Level.SEVERE,"Problem Closing the DomainController context references.: " + e.toString()); //$NON-NLS-1$
                               ExceptionHandler.handle(logger, e);
                          }                    
                          
                     }
                     results.setSvrList(svrList);
                     
                     return  results;
                }
                     
      Edited by: 809814 on Nov 11, 2010 2:52 AM

      Edited by: 809814 on Nov 11, 2010 2:56 AM

      Edited by: 809814 on Nov 11, 2010 2:57 AM

      Edited by: 809814 on Nov 11, 2010 3:43 AM