javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]

Question

I'm a college student. Now, i'm doing a project that must use LDAP connection to authenticate the username and password of the user in log in process. So, my website is develop by use JSP. I try to solve the error of code but i can't. Did I makes some mistake on it?

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*" %>
<%@ page import="java.util.regex.*" %>
<%@ page import="javax.naming.directory.*" %>
<%@ page import="java.util.Hashtable.*" %>
<%@ page import="javax.naming.ldap.*" %>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <%
            String username = request.getParameter("email");
String password = request.getParameter("password");
            Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ldap-pj.sit.kmutt.ac.th");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);

try {
            //Connect with ldap
            new InitialLdapContext(env, null);  

            //Connection succeeded
            System.out.println("Connection succeeded!");
        } catch (AuthenticationException e) {

            //Connection failed
            System.out.println("Connection failed!");
            e.printStackTrace();
        }  
%>
    </body>
</html>

and I got this error msg from running the code.

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: An exception occurred processing JSP page /ldap_checking.jsp at line 33

30: 31: try { 32: //Connect with ldap 33: new InitialLdapContext(env, null); 34: 35: //Connection succeeded 36: System.out.println("Connection succeeded!");

Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:568) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:455) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) root cause

javax.servlet.ServletException: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:911) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:840) org.apache.jsp.ldap_005fchecking_jsp._jspService(ldap_005fchecking_jsp.java:212) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) root cause

javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3028) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:316) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) javax.naming.InitialContext.init(InitialContext.java:242) javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:153) org.apache.jsp.ldap_005fchecking_jsp._jspService(ldap_005fchecking_jsp.java:97) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) note The full stack trace of the root cause is available in the Apache Tomcat/7.0.27 logs.

Apache Tomcat/7.0.27

Answer 1

This is the important line: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]

You can look here: https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes

for what 34 means, but it looks like the distinguished name you are trying to use is incorrect. It looks like your principal could be formatted incorrectly. See this guide from oracle on doing ldap authentication: http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html

pay special attention to this part of it where they set up the environment entries:

env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=S. User, ou=NewHires, o=JNDITutorial");
env.put(Context.SECURITY_CREDENTIALS, "mysecret");

Answer 2

The "javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] " in your stack trace is the key. Your LDAP server doesn't like the value you are sending it. I would suggest fully qualifying the user name, something like cn=username, ou=some_container, o=mycompany. The actual syntax will be driven by your LDAP server.