Java LDAP - Determine if user in a given group?

Question

We logon users to Active Directory via LDAP using the Java LDAP API. We want to enhance our logon functionality to further check if the user is in a given AD group. Does a

Answer 1

Unfortunately the answer varies with installations of AD as well as other types of LDAP server.

We had to solve the same problem. In the end we allowed the system administrator to provide us with an LDAP query-pattern where we substitute the user name (and group name if that needs to be variable too) into the pattern.