LDAP Authentication using Java

Question

I need to do LDAP Authentication for an application.

I tried the following program:

import java.util.Hashtable;    import javax.naming.Context;   import javax.naming.NamingException;   import javax.naming.ldap.InitialLdapContext;   import javax.naming.ldap.LdapContext;     public class LdapContextCreation {       public static void main(String[] args) {           LdapContextCreation ldapContxCrtn = new LdapContextCreation();           LdapContext ctx = ldapContxCrtn.getLdapContext();       }       public LdapContext getLdapContext(){           LdapContext ctx = null;           try{               Hashtable env = new Hashtable();               env.put(Context.INITIAL_CONTEXT_FACTORY,  "com.sun.jndi.ldap.LdapCtxFactory");               env.put(Context.SECURITY_AUTHENTICATION, "Simple");               //it can be <domain\\userid> something that you use for windows login               //it can also be               env.put(Context.SECURITY_PRINCIPAL, "[email protected]");               env.put(Context.SECURITY_CREDENTIALS, "password");               //in following property we specify ldap protocol and connection url.               //generally the port is 389               env.put(Context.PROVIDER_URL, "ldap://server.domain.com");               ctx = new InitialLdapContext(env, null);               System.out.println("Connection Successful.");           }catch(NamingException nex){               System.out.println("LDAP Connection: FAILED");               nex.printStackTrace();           }           return ctx;       }    } 

Getting following exception:

 LDAP Connection: FAILED javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3053)     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2801)     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2715)     at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:305)     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:187)     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:205)     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:148)     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:78)     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:235)     at javax.naming.InitialContext.initializeDefaultInitCtx(InitialContext.java:318)     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:348)     at javax.naming.InitialContext.internalInit(InitialContext.java:286)     at javax.naming.InitialContext.init(InitialContext.java:308)     at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:99)     at LdapContextCreation.getLdapContext(LdapContextCreation.java:27)     at LdapContextCreation.main(LdapContextCreation.java:12) 

Few more points to consider:

1. Earlier I was using tomcat 5.3.5 but somebody told me that only tomcat 6 supports it so I downloaded tomcat 6.0.35 and currently using this version only.

2. Configured server.xml and added the following code -

   <Realm className="org.apache.catalina.realm.JNDIRealm"                     debug="99"                     connectionURL="ldap://server.domain.com:389/"                      userPattern="{0}" /> 

3. Commented the following code from server.xml -

   <!-- Commenting for LDAP   <Realm className="org.apache.catalina.realm.UserDatabaseRealm"      resourceName="UserDatabase"/> --> 

4. Steps 2 and 3 from article

5. Someone suggested that there are some jar files that are supposed to be copied to tomcat in order to run ldap authentication, is that something I need to do? And which jar files?

6. Also, I am using the correct credentials for sure, then what is causing this issue?

7. Is there a way I can figure out the correct attributes for LDAP in case I am using incorrect ones?

Answer 1

Following Code authenticates from LDAP using pure Java JNDI. The Principle is:-

1. First Lookup the user using a admin or DN user.
2. The user object needs to be passed to LDAP again with the user credential
3. No Exception means - Authenticated Successfully. Else Authentication Failed.

Code Snippet

public static boolean authenticateJndi(String username, String password) throws Exception{     Properties props = new Properties();     props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");     props.put(Context.PROVIDER_URL, "ldap://LDAPSERVER:PORT");     props.put(Context.SECURITY_PRINCIPAL, "uid=adminuser,ou=special users,o=xx.com");//adminuser - User with special priviledge, dn user     props.put(Context.SECURITY_CREDENTIALS, "adminpassword");//dn user password       InitialDirContext context = new InitialDirContext(props);      SearchControls ctrls = new SearchControls();     ctrls.setReturningAttributes(new String[] { "givenName", "sn","memberOf" });     ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);      NamingEnumeration<javax.naming.directory.SearchResult> answers = context.search("o=xx.com", "(uid=" + username + ")", ctrls);     javax.naming.directory.SearchResult result = answers.nextElement();      String user = result.getNameInNamespace();      try {         props = new Properties();         props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");         props.put(Context.PROVIDER_URL, "ldap://LDAPSERVER:PORT");         props.put(Context.SECURITY_PRINCIPAL, user);         props.put(Context.SECURITY_CREDENTIALS, password);     context = new InitialDirContext(props);     } catch (Exception e) {         return false;     }     return true; }