I have successfully used the code below to authenticate users in an LDAP environment for a number of years. Now, I have a client who wants me to log into to the LDAP directory (it's an Active Directory LDAP environment) prior to authentication and then do the authentication. In other words, I would pass two sets of credentials to the server, one to gain access to the LDAP directory, and the second to actually do the authentication. Is there an easy way to modify my existing code to do this? Are their alternative code patterns that would allow this to be done easily?
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class ADAuthenticator {
private String domain;
private String ldapHost;
private String searchBase;
public ADAuthenticator()
{
this.domain = "<your domain>";
this.ldapHost = "ldap://<your AD controller>";
this.searchBase = "your AD root e.g. dc=abbl,dc=org";
}
public ADAuthenticator(String domain, String host, String dn)
{
this.domain = domain;
this.ldapHost = host;
this.searchBase = dn;
}
public Map authenticate(String user, String pass)
{
String returnedAtts[] ={ "sn", "givenName", "mail" };
String searchFilter = "(&(objectClass=user)(sAMAccountName=" + user + "))";
//Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapHost);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, user + "#" + domain);
env.put(Context.SECURITY_CREDENTIALS, pass);
LdapContext ctxGC = null;
try
{
ctxGC = new InitialLdapContext(env, null);
//Search objects in GC using filters
NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
Map amap = null;
if (attrs != null)
{
amap = new HashMap();
NamingEnumeration ne = attrs.getAll();
while (ne.hasMore())
{
Attribute attr = (Attribute) ne.next();
amap.put(attr.getID(), attr.get());
}
ne.close();
}
return amap;
}
}
catch (NamingException ex)
{
ex.printStackTrace();
}
return null;
}
}
Related
I am currently working on a project like this. When the username and password are entered, the check will be made via LDAP and if it is correct, I need to return a successful transaction, otherwise I want a failed transaction. In short, I will log in via LDAP. We have an ldap server ready now. We have an ldap server ready now. So domain, host, and searchBase have it all. But I'm trying to understand the logic, can I do this using Spring Boot? Because in most tutorials, the name and password are entered manually. But I want the input to be entered by any client, not manually, and check if it exists on my server. If such a thing is not possible in spring boot, how can I check the username and password values sent to the method by LDAP by verifying and returning them in the code we have written below?
package az.expressbank.ldap.test;
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/**
*
*/
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class ControlDomainLogin {
private String domain;
private String ldapHost;
private String searchBase;
public ControlDomainLogin() {
this.domain = "domain.com";
this.ldapHost = "ldap://url";
this.searchBase = "DC=something,DC=com"; // YOUR SEARCH BASE IN LDAP
}
Map<String, Object> amap = null;
// public ADAuthenticator(String domain, String host, String dn)
// {
// this.domain = domain;
// this.ldapHost = host;
// this.searchBase = dn;
// }
public Map<String, Object> authenticate(String user, String pass) {
String[] returnedAtts = {"sn", "givenName", "name", "userPrincipalName", "displayName", "memberOf"};
String searchFilter = "(&(objectClass=User)(sAMAccountName=" + user + "))";
// Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapHost);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, user + "#" + domain);
env.put(Context.SECURITY_CREDENTIALS, pass);
env.put(Context.SECURITY_PROTOCOL, "SSL");
LdapContext ctxGC = null;
NamingEnumeration<SearchResult> answer = null;
Attributes attrs = null;
SearchResult sr = null;
NamingEnumeration<?> ne = null;
Attribute attr = null;
try {
ctxGC = new InitialLdapContext(env, null);
answer = ctxGC.search(searchBase, searchFilter, searchCtls);
if (answer != null) {
while (answer.hasMoreElements()) {
sr = (SearchResult) answer.next();
attrs = sr.getAttributes();
if (attrs != null) {
amap = new HashMap<String, Object>();
ne = attrs.getAll();
attr = (Attribute) ne.next();
amap.put(attr.getID(), attr.get());
ne.close();
}
ctxGC.close(); // Close and clean up
}
} else {
System.out.println("Answer from domen controller is null!");
}
} catch (NamingException ex) {
System.out.println("Exception: " + ex.toString());
} finally {
System.out.println("");
}
return amap;
}
}
I want me to do this by creating an API. So I will call this method in my service layer and send my username and password there. My method successfully checks the username and password sent to it. For example
#Override
public Optional login(String username, String password, String type) {
/*
for example when I send username and password to the following method
*/
Map<String, Object> authenticate = controlDomainLogin.authenticate(username, password);
/*
I want to match the value of method of login of parametr returned from the following method of authenticate of returned value , if they match, I want to print the correct operation, otherwise the wrong input operation.
*/
return null;
}
What changes can I make to my LDAP authentication method so that I can get the correct password and name values checked there?
I'm trying to authenticate a set of credentials against an LDAP server and I was able to authenticate them successfully. Now am trying to get the full name or the display name of the user logged-in into the server. Am unable to get the same. Being new to LDAP concepts, am unable to figure out a way to get the full display name of the user. Can some please help me how to get the full display name of the user logged in.
Below is the shiro.ini file am using:
[main]
activeDirectoryRealm =
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
activeDirectoryRealm.systemUsername = adminusername
activeDirectoryRealm.systemPassword = adminpswd
activeDirectoryRealm.searchBase = "OU=User Accounts,DC=dmn,DC=net"
activeDirectoryRealm.url = ldaps://localhost:389
My Java code is as below:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ExampleActiveDirectory {
public static final String userName = "myusername";
public static final String password = "mypassword";
public static void main(String[] args)
{
//Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\auth.ini");
Factory<SecurityManager> factory = new IniSecurityManagerFactory("N:\\workspace\\LdapAuthentication\\src\\shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager( securityManager );
System.out.println( "userName is : " +userName);
System.out.println( "password is : " +password);
UsernamePasswordToken token = new UsernamePasswordToken( userName,password );
Subject currentUser = SecurityUtils.getSubject();
try
{
//currentUser.login( token ) ;
securityManager.login(currentUser,token).isAuthenticated();
System.out.println( "We've authenticated! :)" );
}
catch ( AuthenticationException e )
{
System.out.println( "We did not authenticate :(" );
e.printStackTrace();
}
}
}
Thanks for the info.
link - http://www.deepakgaikwad.net/index.php/2009/09/24/retrieve-basic-user-attributes-from-active-directory-using-ldap-in-java.html
Found a solution as below:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.web.tags.UserTag;
public class RetrieveUserAttributes {
public static void main(String[] args) {
RetrieveUserAttributes retrieveUserAttributes = new RetrieveUserAttributes();
retrieveUserAttributes.getUserBasicAttributes("username", retrieveUserAttributes.getLdapContext());
}
public LdapContext getLdapContext(){
LdapContext ctx = null;
try{
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, "adminusername");
env.put(Context.SECURITY_CREDENTIALS, "adminpswrd");
env.put(Context.PROVIDER_URL, "ldaps://localhost:389");
ctx = new InitialLdapContext(env, null);
System.out.println("Connection Successful.");
}catch(NamingException nex){
System.out.println("LDAP Connection: FAILED");
nex.printStackTrace();
}
return ctx;
}
UserTag getUserBasicAttributes(String username, LdapContext ctx) {
UserTag user=null;
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = { "distinguishedName",
"sn",
"givenname",
"mail",
"telephonenumber"};
constraints.setReturningAttributes(attrIDs);
//First input parameter is search bas, it can be "CN=Users,DC=YourDomain,DC=com"
//Second Attribute can be uid=username
NamingEnumeration answer = ctx.search("DC=domain,DC=com", "sAMAccountName="
+ "username", constraints);
if (answer.hasMore()) {
Attributes attrs = ((SearchResult) answer.next()).getAttributes();
System.out.println("distinguishedName "+ attrs.get("distinguishedName"));
System.out.println("givenname "+ attrs.get("givenname"));
System.out.println("sn "+ attrs.get("sn"));
System.out.println("mail "+ attrs.get("mail"));
System.out.println("telephonenumber "+ attrs.get("telephonenumber"));
}else{
throw new Exception("Invalid User");
}
} catch (Exception ex) {
ex.printStackTrace();
}
return user;
}
}
I am trying to fetch all the users from AD server. There are 7000 users in AD server but while I am running my java code it is returning only 1000 user names. Is there any restriction that it will fetch only max 1000 users at a time ?
Could any one please tell me how can I fetch all the 7000 users at a time.
Here is Java Code -
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class FetchAllUsers {
public static void main(String args[])
{
String username = "username";
String password = "password";
String ldapURL = "url";
String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
String securityAuthentication = "simple";
fetchUserList(username,password,ldapURL,contextFactory,securityAuthentication);
}
public static void fetchUserList(String username,String password,String ldapURL,String contextFactory,String securityAuthentication) {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
// set security credentials
env.put(Context.SECURITY_AUTHENTICATION, securityAuthentication);
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
// connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
try {
List<String> usersList = new ArrayList<String>();
LdapContext ctx = new InitialLdapContext(env, null);
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = "(&(objectCategory=user))";
// Specify the Base for the search
String searchBase = "DC=domain,DC=com";
// initialize counter to total the results
int totalResults = 0;
// Search for objects using the filter
NamingEnumeration<SearchResult> fetchData = ctx.search(searchBase, searchFilter, searchCtls);
// Loop through the search results
while (fetchData.hasMoreElements()) {
SearchResult sr = (SearchResult) fetchData.next();
totalResults++;
String names[] = sr.getName().split(",");
String name[] = names[0].split("=");
usersList.add(name[1]);
}
System.out.println("Total number of users in AD server : " + totalResults);
System.out.println(usersList);
} catch (NamingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
I am trying to find a user's OU within an LDAP tree in JSP. I can retrieve many of the user's LDAP attributes with the following code:
Hashtable<String, String> tenv = new Hashtable<String, String>();
tenv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
tenv.put(Context.PROVIDER_URL, "ldap://xx.xx.xx.xx:389/");
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
LdapContext lctx = new InitialLdapContext(tenv, null);
String filter = "cn=" + userid;
NamingEnumeration res = lctx.search ("dc=my,dc=dom,dc=org", filter, sc);
while (res.hasMore())
{
SearchResult s = (SearchResult) res.next();
Attributes attrs = s.getAttributes();
Attribute attr = attrs.get("SN");
out.println ("<font color=red>" + attr + "</font>");
}
When I run ldapsearch at the Linux command line, with similar search parameters, I can see a DN: which shows the OU the user is in (dn: uid=username,ou=users,dc=my,dc=dom,dc=org).
I've tried attrs.get("DN") and was returned null. How can I retrieve this DN: in JSP?
Apparently there is "there is no direct way of obtaining the Distinguished Name (DN) from the search results."
This code will do it:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.*;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
class GetAllAttrs
{
public static void main(String[] args)
{
String filter = "cn=myuser"; // this is the user to look for
String baseDN = "dc=my,dc=dom,dc=org";
String ldapURL = "ldap://192.168.101.1:389";
// Set up the environment for creating the initial context
Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
try
{
// Create the initial context
LdapContext ctx = new InitialLdapContext(env, null);
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration res = ctx.search (baseDN, filter, sc);
while (res.hasMore())
{
SearchResult s = (SearchResult) res.next();
// print user's DN
System.out.println(">>" + s.getNameInNamespace());
}
// Close the context when we're done
ctx.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
I've got a windows server 2008R2 with an active directory.
I want to create a Java program, what allows a 08/15-user to add new users to this AD.
I have found an [example][1] in the oracle forums and modified it for my AD.:
package model;
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
public class NewUser2 {
public static void main(String[] args) {
Hashtable<String,String> env = new Hashtable<String, String>();
String adminName = "CN=Administrator,CN=Users,DC=Dom215-01,DC=local";
String adminPassword = "g18";
String userName = "CN=Foo Bar,OU=Schueler,DC=Dom215-01,DC=local";
String groupName = "OU=Schueler,DC=Dom215-01,DC=local";
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, adminName);
env.put(Context.SECURITY_CREDENTIALS, adminPassword);
// connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://10.18.215.112");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env, null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", "Schueler");
attrs.put("samAccountName", "FooBar");
attrs.put("cn", "Foo Bar");
// These are some optional (but useful) attributes
attrs.put("givenName", "Foo");
attrs.put("sn", "Bar");
attrs.put("displayName", "Foo Bar");
attrs.put("description", "Test Subject");
/*
attrs.put("userPrincipalName", "asdf#asdf.com");
attrs.put("mail", "sdaf#sdaf.com");
attrs.put("telephoneNumber", "999 123 4567");
*/
// some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put(
"userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD
+ UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
StartTlsResponse tls = (StartTlsResponse) ctx
.extendedOperation(new StartTlsRequest());
tls.negotiate();
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT
+ UF_PASSWORD_EXPIRED)));
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
try {
ModificationItem member[] = new ModificationItem[1];
member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName, member);
System.out.println("Added user to group: " + groupName);
} catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
}
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
catch (IOException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
}
Everything looks Ok so far, but when it tries to create the result object in line 76 it crashes with an NoSuchAttributeException and LDAP error code 16 (no such attribute).
I've tried various modifications in the username string and the attributes, but nothing helped.
Does anyone have an idea why this error occurs?
Ok. Sorry, I'm new to this forum.
Anyway... Here the solution again :
package model;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class NewUser {
private static final String DOMAIN_NAME = "Dom215-01";
private static final String DOMAIN_ROOT = "DC=Dom215-01,DC=local";
private static final String DOMAIN_URL = "ldap://10.18.215.112:389";
private static final String ADMIN_NAME = "CN=Administrator,CN=Users,DC=Dom215-01,DC=local";
private static final String ADMIN_PASS = "g18";
private String userName, firstName, lastName, password, organisationUnit;
private LdapContext context;
public NewUser(String userName, String firstName, String lastName,
String password, String organisationUnit) {
this.userName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.password = password;
this.organisationUnit = organisationUnit;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
// connect to my domain controller
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
this.context = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addUser() throws NamingException {
// Create a container set of attributes
Attributes container = new BasicAttributes();
// Create the objectclass to add
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
// Assign the username, first name, and last name
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName
+ "#" + DOMAIN_NAME);
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
// Add password
Attribute userPassword = new BasicAttribute("userpassword", password);
// Add these to the container
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
container.put(userPassword);
// Create the entry
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
return false;
}
}
private static String getUserDN(String aUsername, String aOU) {
return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
}
}