How do I Get memberOf attribute from ldap DirContextOperations

Question

I am tring to get a list of groups a user is a member of, currently I can get most attributes as follows

CustomLdapUserDetails.Essence essence = new CustomLdapUserDetails.Essence();
essence.setDn(dn);
Object passwordValue = ctx.getObjectAttribute(passwordAttributeName);
String givennameValue = (String)ctx.getObjectAttribute("givenname");
String snValue = (String)ctx.getObjectAttribute("sn");
String titleValue = (String)ctx.getObjectAttribute("title");
essence.setFirstname(givennameValue);
essence.setLastname(snValue);

but I cannot figure out how to get the memberOf attribute. If I output the whole DirContextOperations as a String I get the following

org.springframework.ldap.core.DirContextAdapter: dn=uid=emp123 {rdn=uid=emp123,
whenCreated=20110816063203.0Z,
objectCategory=CN=fompanyPerson,CN=Schema,CN=Configuration,CN={9F17F445-56C4-42D9-
B7C6-B630FFEA7F07}, badPwdCount=0, otherTelephone=123-456789, businessUnit=IREIRE BU, 
ntAccount=DMN1\emp123, managerID=emp987, objectGUID=5?
?e6A??????/, [email protected], uid=emp123, companyWorkRelationship=EMP, 
memberOf[0]=CN=ABC IREIRE,OU=AutoGroups,DC=entdir,DC=gtn,DC=com, 
memberOf[1]=CN=azgEntJazzUsers,OU=AutoGroups,DC=entdir,DC=gtn,DC=com, companySite=DBL, 
companyCostCenter=91827, companyBusinessGroup=IREIRE BG, ntDomain=DMN1, instanceType=4, 
corpID=emp123, objectSid=  I???&?C?k?J???????, st=XX, badPasswordTime=0, vdejoindn=P-
ENTDIRXXX-1:uid=emp123,DC=entdirXXX,DC=gtn,DC=com, companySourceSystem=C-WORKSYSTEM, 
objectClass[0]=top, objectClass[1]=person, objectClass[2]=organizationalPerson, 
objectClass[3]=user, objectClass[4]=inetOrgPerson, objectClass[5]=fompanyPerson, 
company=ABC DEV, name=emp123, sn=Smith, exchangeAlias=emp123, telephoneNumber=1-987-6543, 
ntDomainRelative=DMN1, uSNChanged=999111, physicalDeliveryOfficeName=DXI, 
ntAccountRelative=DMN1\emp123, cn=Smith, John, exchangeServer=someServer, 
documentumUserName=Smith JOHN emp123, title=SOFTWARE ENGINEER/DEVELOPER, 
[email protected], msDS-UserAccountDisabled=TRUE, 
managerName=Bloggs, Joe, givenName=John, uSNCreated=18418957, displayName=Smith, John, 
pwdLastSet=629579433359695509, fompanyPersonStatus=A, whenChanged=20120266070711.0Z, 
o=IREIRE BU, distinguishedName=uid=emp123,DC=entdirXXX,DC=gtn,DC=com, eDARevoke=N, 
division=SEF-GL , manager=uid=emp987,DC=entdirXXX,DC=gtn,DC=com, 
exchangeDirectory=SMXZG1DB, samAccountName=emp123, sametimeServer=cvxcluster}

What I need to get is the CN value of each memberOf into an array of Strings, I have tried:

ctx.getObjectAttribute("memberOf[1]"))
ctx.getObjectAttribute("memberOf"))
ctx.getObjectAttribute("memberOf=CN")) 

I've seen examples online of setting but I could not find any examples of getting, is it really that much more complex then getting the other Attributes?

Any advice would be greatly appreciated

Answer 1

You probably only miss one "s" from the end. Try:

ctx.getObjectAttributes("memberOf")

The javadoc clarifies what's the difference between the singular and plural form method. (The former only returns the first value even if the given attribute is multi-valued.)

Answer 2

Are you using Active Directory as your LDAP provider? Not all LDAP providers have a memberOF attribute on the user.

The proper method to get groups of a user would be to search groups for a filter like:

(member=<fully distinguished name of user>)

Returning attribute "CN".