JNDI (LDAP): totally baffled!

J

John English

I'm trying to figure out how to authenticate a username and password
against an LDAP server in Java. This is how I would do it in PHP (with
error checking removed for simplicity):

$ldap = ldap_connect("ldap.bton.ac.uk");
ldap_bind($ldap);
$srch = ldap_search($ldap,"ou=people,dc=brighton,dc=ac,dc=uk",
"uid=$user",array("uid"));
$dn = ldap_get_dn($ldap,ldap_first_entry($ldap,$srch));
ldap_unbind($ldap);
$ldap = ldap_connect("ldap.bton.ac.uk");
if (@ldap_bind($ldap,$dn,$password)) {
print "$user authenticated";
}
else {
print "$user: authentication failed";
}

In Java I have tried this:

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"ldap://ldap.bton.ac.uk:389/cn="
+ user + ",ou=people,dc=brighton,dc=ac,dc=uk");
env.put(Context.SECURITY_AUTHENTICATION,
"simple");
env.put(Context.SECURITY_CREDENTIALS,
password);
ctx = new InitialDirContext(env);

This obviously ain't right; I get back an InitialDirContext no matter
what password I specify. Can anyone give me a word-of-one-syllable
explanation of how I can acheive the equivalent of my PHP snippet
above?

TIA,

-----------------------------------------------------------------
John English | mailto:[email protected]
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
 
I

iksrazal

"Can anyone give me a word-of-one-syllable
explanation of how I can acheive the equivalent of my PHP snippet
above? "

Luck :)

Make sure context is not just being returned as null. ACL's on some
LDAP servers may permit anonymous login - check with a simple ldap
browser if in doubt. Your Context.PROVIDER_URL looks wrong. try
skipping Context.SECURITY_AUTHENTICATION all together for now. Try the
root dn first, like:

private static void getDirContext() throws Exception
{
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"
);
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );

gctx = new InitialDirContext( env );
}

//ldap root distinguished name
sb = new StringBuffer();
sb.append("cn=");
sb.append(root_cn);
sb.append(",");
sb.append("o=");
sb.append(o);
sb.append(",");
sb.append("c=");
sb.append(c);
rootdn = sb.toString();

My ldapServerName is simply "localhost" . It defaults to 389.

Also, here's a good tutorial on getting you started using Java and
OpenLDAP on linux:

http://www.cris.com/~adhawan/tutorial/

HTH,
iksrazal
http://www.braziloutsource.com/
 
J

John English

"Can anyone give me a word-of-one-syllable
explanation of how I can acheive the equivalent of my PHP snippet
above? "

Luck :)
Click to expand...

Gee, thanks... :)
Make sure context is not just being returned as null. ACL's on some
LDAP servers may permit anonymous login - check with a simple ldap
browser if in doubt.
Click to expand...

It's not null; next thing I do is System.out.println(ctx), and it gives
me a meaningless (but non-null) output. Certainly no NamingException.
Your Context.PROVIDER_URL looks wrong. try
skipping Context.SECURITY_AUTHENTICATION all together for now. Try the
root dn first, like: [...snip...]
Click to expand...

Ta, I'll try that. Expect more whinging when it still doesn't quite
work. :-(
HTH,
Click to expand...

Me too!

-----------------------------------------------------------------
John English | mailto:[email protected]
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
 
N

Nigel Wade

John said:
I'm trying to figure out how to authenticate a username and password
against an LDAP server in Java. This is how I would do it in PHP (with
error checking removed for simplicity):

$ldap = ldap_connect("ldap.bton.ac.uk");
ldap_bind($ldap);
$srch = ldap_search($ldap,"ou=people,dc=brighton,dc=ac,dc=uk",
"uid=$user",array("uid"));
$dn = ldap_get_dn($ldap,ldap_first_entry($ldap,$srch));
ldap_unbind($ldap);
$ldap = ldap_connect("ldap.bton.ac.uk");
if (@ldap_bind($ldap,$dn,$password)) {
print "$user authenticated";
}
else {
print "$user: authentication failed";
}

In Java I have tried this:

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"ldap://ldap.bton.ac.uk:389/cn="
+ user + ",ou=people,dc=brighton,dc=ac,dc=uk");
Click to expand...

Try changing the above to:

env.put(Context.PROVIDER_URL,
"ldap://ldap.bton.ac.uk:389");
env.put(Context.SECURITY_PRINCIPAL, "cn="
+ user + ",ou=people,dc=brighton,dc=ac,dc=uk");
env.put(Context.SECURITY_AUTHENTICATION,
"simple");
env.put(Context.SECURITY_CREDENTIALS,
password);
ctx = new InitialDirContext(env);

This obviously ain't right; I get back an InitialDirContext no matter
what password I specify. Can anyone give me a word-of-one-syllable
explanation of how I can acheive the equivalent of my PHP snippet
above?
Click to expand...

Who it was attempting it bind as I don't know, possibly an anonymous bind,
and the password was ignored.
 
J

John English

John said:
Your Context.PROVIDER_URL looks wrong. try
skipping Context.SECURITY_AUTHENTICATION all together for now. Try the
root dn first, like: [...snip...]
Click to expand...

Ta, I'll try that. Expect more whinging when it still doesn't quite
work. :-(
Click to expand...

No whinging needed. This turns out to work fine:

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ldap.bton.ac.uk:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"uid=" + user + ",ou=people,dc=brighton,dc=ac,dc=uk");
env.put(Context.SECURITY_CREDENTIALS, password);
ctx = new InitialDirContext(env);

Many, many thanks.

-----------------------------------------------------------------
John English | mailto:[email protected]
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Authenticating via LDAP and JNDI 1
does this ldap code work? 1
ldap / active directory 3
LDAP/JNDI auto reconnect ? 0
Connection timed out - jndi ldap 0
Issue with too-slow LDAP queries 0
Java, JNDI, AD, Expired Passwords 2
Passwordless ActiveDirectory LDAP Bind 3

Members online

Total: 22 (members: 1, guests: 21)
Robots: 304

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top