Inactivate users based on a LDAP GROUP for IBM Connections

One of our Connections customers has the following as a requirement:

Inactivate users based on LDAP GROUP


The solution I found was to create a text file based on LDAP group and run command and then run the command

The java program

The class bellow read the LDAP and verify if the user is a member of the group. I not found good information on how to use the ITDS API to check if a user is a member of a group, so i need to do it "manually".

import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.ldap.InitialLdapContext;

import javax.naming.*;


public class GroupSearch


     public static boolean compara(String nome, ArrayList grupo) {

             boolean blnFound = grupo.contains(nome.toUpperCase());
             return blnFound;

     @SuppressWarnings({ "rawtypes", "unchecked" })
     public static void main(String args[])


             InitialLdapContext ctx = null;

             Hashtable hashtable null;
             Properties prop = new Properties();

                     //load a properties file
                 prop.load(new FileInputStream(""));

            //get the property value and print it out
                 String url = "ldap://"+prop.getProperty("server");
                 String username = prop.getProperty("username");
                 String password = prop.getProperty("password");
                 String base = prop.getProperty("base");
                 String groupName = prop.getProperty("groupFilter");
                 String userFilter = prop.getProperty("userFilter");

                     // Set up LDAP config settings

                     hashtable = new Hashtable();

                     hashtable.put("java.naming.ldap.version", "3");


                     hashtable.put("", "Simple");

                     hashtable.put("java.naming.referral", "follow");

                     hashtable.put("java.naming.provider.url", url);

                     hashtable.put("", username);

                     hashtable.put("", password);

                     // Make LDAP connection

                     ctx = new InitialLdapContext(hashtable, null);

                     System.out.println("Connection established");

                     // Set up Search Controls"

                     SearchControls sc = new SearchControls();
                     SearchControls gc = new SearchControls();

                     sc.setReturningAttributes(new String [] { "uid","sn","cn"});

                     // perform search on directory
                     System.out.println("Searching the directory please wait.");
                     NamingEnumeration results =,userFilter,sc);
                     NamingEnumeration groupResult =,groupName, gc);
                     // loop until we have gotten all entries returned by search

                     // Arraylist with group members

                     ArrayList members = new ArrayList();
                     while (groupResult.hasMore()) {

                             SearchResult gr = (SearchResult);

                             Attributes gattrs = gr.getAttributes();
                             NamingEnumeration gattrsList = gattrs.getAll();

                             while (gattrsList.hasMore()) {

                                     Attribute gatribute = (Attribute);
                                     NamingEnumeration values = gatribute.getAll();

                                     while (values.hasMore()) {




                     // dump users to file
                     System.out.println("File createdrn BUILD SUCCESSFUL");
                     File file = new File ("");
                     if (!file.exists()){
                     FileWriter fw = new FileWriter (file.getAbsoluteFile());
                     BufferedWriter bw = new BufferedWriter(fw);
                     while (results.hasMore())


                             // get the SearchResult object

                             SearchResult sr = (SearchResult);
                             Attributes attributes=sr.getAttributes();
                             Attribute shortName = attributes.get("sn");
                             //ouptput DN of entry
                             String nome = sr.getName().toString()+","+base;
                             Attribute userName = attributes.get("uid");
                         String usuario = userName.toString();
                                //IF A USER ARE ON THE GROUP WRITE TO FILE                                
                             if (compara(nome,members)){
                                     String dn = usuario.replace("uid: ", "$dn:uid=")+","+base+"rn";
                                     String cnshortName.toString().replace("sn: ","uid:")+"rn"+"."+"rn";

                     // Close the connection to LDAP



             catch (Exception ex)


                     System.out.println("EXCEPTION = " + ex.toString());





The file set the parameters. GroupFilter is the filter for the desired group and userFilter is the filter to search for users on the ldap server. This filter must be the same used on the to avoid problems.

This file must be on the same folder of ExportLdap.jar

The file must have the following lines:


I put the files ExportLdap.jar and on /Wizards/TDIPopulation/linux/TDI

For example :

userFilter=  (&(uid=*)(objectclass=inetOrgPerson))

Running the solution

Put the files and ExportLdap.jar in the folder:


Run the  script

Run java –jar ExportLdap.jar

the program will genereate the file

The final step run ./ script