I am trying to authenticate users from LDAP with a service account created. Im getting below error on ctx = new InitialDirContext(env);
[LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 2030, v1db1
Can someone help me to understand where am I going wrong ?
This is my java file
/**
*
*/
package com.dei;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class LdapConnector {
private static final String LDAP_SERVER_PORT = "389";
private static final String LDAP_SERVER = "server";
private static final String LDAP_BASE_DN = "OU=role,OU=roles,OU=de,OU=apps,DC=meta,DC=company,DC=com";
private static final String LDAP_BIND_DN = "cn=service_account";//service account userid provided by LDAP team
private static final String LDAP_BIND_PASSWORD = "password";///service account pwd provided by LDAP team
public Boolean validateLogin(String userName, String userPassword) {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);
// To get rid of the PartialResultException when using Active Directory
env.put(Context.REFERRAL, "follow");
// Needed for the Bind (User Authorized to Query the LDAP server)
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);
env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException e) {
throw new RuntimeException(e);
}
NamingEnumeration<SearchResult> results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree
controls.setCountLimit(1); //Sets the maximum number of entries to be returned as a result of the search
controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds
String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";
results = ctx.search("", searchString, controls);
if (results.hasMore()) {
SearchResult result = (SearchResult) results.next();
Attributes attrs = result.getAttributes();
Attribute dnAttr = attrs.get("distinguishedName");
String dn = (String) dnAttr.get();
// User Exists, Validate the Password
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, userPassword);
new InitialDirContext(env); // Exception will be thrown on Invalid case
System.out.println("Login successful");
return true;
}
else
return false;
} catch (AuthenticationException e) { // Invalid Login
System.out.println("Login failed" +e.getMessage());
return false;
} catch (NameNotFoundException e) { // The base context was not found.
System.out.println("Login failed" +e.getMessage());
return false;
} catch (SizeLimitExceededException e) {
throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);
} catch (NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try { results.close(); } catch (Exception e) { /* Do Nothing */ }
}
if (ctx != null) {
try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }
}
}
}
}
The error 49 stands for invalid credentials, but the diagnostic string "AcceptSecurityContext error, data 2030", means "No such Object" i.e. the LDAP_BIND_DN "cn=service_account" could not be found in the directory. My guess is that "cn=service_account" is not the full DN of the account.
The bind operation has failed, typically due to a problem with the account.
Ensure the credentials for the bind account used to connect to the LDAP Server are correct.Error code data 2030 means that the DN of the user is invalid.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With