Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java LDAP Authentication using username and password

I have a working code snippet by which i can authenticate a user by dn and password. My requirement is that the user will be entering his username(sAMAccountName) and I want to authenticate using sAMAccountName and password. How can I modify this code to achieve it?

    String userName = "John P R-Asst General Manager";
    String passWord = "asdfgh123";
    String base ="OU=SOU,DC=example,DC=com";
    String dn = "cn=" + userName + "," + base;

    String ldapURL = "ldap://mdsdc3.example.com:389";
    authEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    authEnv.put(Context.PROVIDER_URL, ldapURL);
    authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
    authEnv.put(Context.SECURITY_PRINCIPAL, dn);
    authEnv.put(Context.SECURITY_CREDENTIALS, password);

    try {
        DirContext authContext = new InitialDirContext(authEnv);
        return true;

    } catch (NamingException namEx) {
        return false;
    }
like image 647
Andromeda Avatar asked Jun 10 '11 06:06

Andromeda


People also ask

How does LDAP authentication work in Java?

To connect to an LDAP server, we first need to create a JNDI InitialDirContext object. When doing so, we need to pass environment properties into its constructor as a Hashtable to configure it. Amongst others, we need to add properties to this Hashtable for the user name and password that we wish to authenticate with.

How do I authenticate someone using LDAP?

In order to authenticate a user with an LDAP directory you first need to obtain their DN as well as their password. With a login form, people typically enter a simple identifier such as their username or email address. You don't expect them to memorise the DN of their directory entry.


2 Answers

I hope this helps many of you.

You don't need to all user hierarchy with CN, DN, etc.

You can login just passing domain\user and password.

I've my code working as it is bellow:

try
    {
        // Set up the environment for creating the initial context
        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://ldap_server:389");
        // 
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "domain\\user"); //we have 2 \\ because it's a escape char
        env.put(Context.SECURITY_CREDENTIALS, "test");

        // Create the initial context

        DirContext ctx = new InitialDirContext(env);
        boolean result = ctx != null;

        if(ctx != null)
            ctx.close();

        return result;
    }
    catch (Exception e)
    {           
        return false;
    }
like image 179
Paulo Martins Avatar answered Oct 16 '22 07:10

Paulo Martins


Can you try to complete Context.PROVIDER_URL like this :

String ldapURL = "ldap://mdsdc3.example.com:389/DC=example,DC=com";

I Think it would be better to use GSSAPI, perhaps you can have a look here and here

like image 26
JPBlanc Avatar answered Oct 16 '22 06:10

JPBlanc