Java – Connect Windows Active Directory Through LDAP @ 1

The Java Naming and Directory Interface (JNDI) is the standard Java API for multiple naming and directory services such as Lightweight Directory Access Protocol (LDAP).

Active Directory is a group of network services like account authentication and it supports LDAP. Therefore, you can write a Java program using JNDI in order to obtain the account credentials in the Active Directory of a Windows Server. Here comes the example.

I have already setup Windows Server with Active Directory and created my account there.


The following Java program could connect to the above Windows Server through LDAP. Please note that you have to use the User logon name (username@domain) for Context.SECURITY_PRINCIPAL.

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class LdapContextCreation {

	public static void main(String[] args) {
		try {
			// Create a LDAP Context
			Hashtable env = new Hashtable();  
			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");  
			env.put(Context.SECURITY_AUTHENTICATION, "simple");  
			env.put(Context.SECURITY_PRINCIPAL, "");  
			env.put(Context.SECURITY_CREDENTIALS, "your password here");  
			env.put(Context.PROVIDER_URL, "ldap://cecid-03server:389");
			LdapContext ctx = new InitialLdapContext(env, null);  
			System.out.println("Connection Successful.");

			// Print all attributes of the name in namespace
			Attributes attributes = null;
			attributes = ctx.getAttributes(ctx.getNameInNamespace());
			for (NamingEnumeration ae = attributes.getAll(); ae.hasMoreElements();) {
				Attribute attr = (Attribute);
				String attrId = attr.getID();
				for (NamingEnumeration vals = attr.getAll(); vals.hasMore();) {
					String thing =;
					System.out.println(attrId + ": " + thing);
		} catch (NamingException e) {
			System.out.println("LDAP Connection: FAILED");  


Done =)

Reference: Active Directory Access Authentication using LDAP and Java


4 thoughts on “Java – Connect Windows Active Directory Through LDAP @ 1”

  1. Hi,
    There is a requirement for my application to support multiple AD instances(replica). That means authentication against secondary AD instance if primary would be down. Please suggest how can I implement the same using java. As the above example only connect to one instance at a time and if we want to connect o another instance we need to change the code.env.put(Context.PROVIDER_URL, “ldap://cecid-03server:389”);
    But I m looking for a way so that code will handle the switching.


    1. Hi Ravinder,

      That’s really out of my knowledge. What i found in Google is…

      Java LDAP will switch to the next URL in context if it couldn’t make the connection. But this is only valid when the LdapContext has not yet initialized.

      Reference: switching LDAP contexts for failover

      In order words, you can set the server URL as follow

      env.put(Context.PROVIDER_URL, "ldap://ldap1 ldap://ldap2 ldap://ldap3";);

      Reference: LDAP Failover

      If it cannot make the connection with ldap://ldap1, then it will try ldap://ldap2 and so on. but once the connection is setup, there is switching mechanism to handle failover. If you really wants to do client side failover, i found this proprietary library. UnboundID – LDAP SDK for Java



  2. Hi all,

    I’m Rahayya. I have done as suggested to switching LDAP failover. But it’s took more than 10 mins to open my website to look for the secondary LDAP. Any suggestion for my problem. Please help me.

    Thank you.


    1. I suggest you to check what are being done during that 10 mins. do you know where is the bottleneck?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.