Passwordless ActiveDirectory LDAP Bind

[Justin]

I am trying to write a command line utility to query Active Directory
and process the results into an Oracle database. We would like to have
this app run as a scheduled task, however I am not able to connect to
the LDAP server without entering a username and password in clear text
in some form (arguments, properties file, hard coded, etc). Ideally
this bind would occur as the currently logged in user (Run As in the
case of a schedule task). I have played around with JAAS, and while I
might be missing something, it does not seem to be what I am looking
for. It seems as though it is able to connect, however as an anonymous
user, which does not have query privileges. Can anyone provide any
help?

Thanks in advance.

Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + server + ":" + port);
env.put(Context.SECURITY_AUTHENTICATION, "simple");

//
//Does not work with these lines commented out.
//
//env.put(Context.SECURITY_PRINCIPAL, username+"@"+domain);
//env.put(Context.SECURITY_CREDENTIALS, password);

DirContext ctx = new InitialDirContext(env);

 

[iksrazal]

JAAS can be used with LDAP - I can show you how if you'd like - but
that really is for authenticating/authorizing the user for specific
priviledges at the app level.

What you really seem to be wanting is a secure, non-clear text SSL
connection to your LDAP servers - every one of them supports that. As
for property files and source, that could be protected at the OS level.


Take a look at ldapguru for specific vendor questions relating to
secure LDAP connections. Googling for SSL/Java/LDAP will turn up
plenty.

HTH,
iksrazal
http://www.braziloutsource.com/

 

[Justin]

Iksrazal,

You are correct - I want a way to authenticate to Active Directory
without showing a password in clear text. I am aware that I can secure
the properties file at the OS level, and this is the current method I
am using, however I would like to do a passwordless bind - pass the
current logged on user's credentials to the AD server rather than
providing a username and password at all. I know this partially defeats
the portability of Java, but in this case it will always be running on
a Windows server.

Thanks

 

[majied]

hi all,
can any one plz help me in getting info regarding
how to authenticate microsoft windows active directory users
using java program !
any links regarding this,any sample code etc
and also plz tell me which i should JNDI or JAAS or what ?

see i had used the similar to above program to authenticate the users
of openLdap
ie i installed Openldap.exe server on windows and Openldap.rpm linux
and used the similar authentication program worked properly and the
module was over!

now in my new module i need to authenticate microsoft windows active
directory users
ie their r users in one windows 2003 kerbos server created by using
active directory

i need to authenticate them by using java program, i just have no idea
how to start regarding this iam bit familar with ldap and directory
structures ie cn,dc,ou etc
but i this this is different !

plz suggest me how do i go about it next ???????