aspose file tools*
The moose likes Security and the fly likes Active Directory Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Active Directory Authentication" Watch "Active Directory Authentication" New topic
Author

Active Directory Authentication

Fernando Queiroz Fonseca
Greenhorn

Joined: Oct 10, 2003
Posts: 3
I don't need connect to Active directory using Kerberos (GSSAPI), help, I Want change password in LDAP Server (Windows 2000), but display this Error :
javax.naming.AuthenticationException: GSSAPI. Root exception is com.sun.security.sasl.preview.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))]
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:102)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
... 21 more
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Thank's
---------------------------
Fernando Queiroz Fonseca
Uberl�ndia - MG - Brasil
wm@eletrica.ufu.br
---------------------------
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
The questions that immediately come to my mind are -- is Windows installed in c:\winnt, is there a krb5.ini in there, and if not, is there a krb5.ini anywhere else on your harddrives (use Find)?
- Peter
Fernando Queiroz Fonseca
Greenhorn

Joined: Oct 10, 2003
Posts: 3
this is not the question.
I make authentication using LDAP,and... etc, but for change password in Active Directory (Windows 2000 Server) display this error :
-------------------------------------------------------------------------
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=1012065,OU=Alunos,DC=eletrica,DC=ufu,DC=br'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3061)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
-------------------------------------------------------------------------
I Want one method for change password in Active Directory, Any.
Thank's
Fernando.
Suresh Babu Akula
Greenhorn

Joined: Oct 27, 2003
Posts: 6
Hi Fernando,
Please can you help me out.
what i want is : how to Access Micorsoft ADS to authenticate my application. So please help me to solve this problem. and please can you send me the simple application so access ADS
Thanks
Suresh
fatima mourchid
Greenhorn

Joined: Jan 09, 2004
Posts: 3
Originally posted by Fernando Queiroz Fonseca:
I don't need connect to Active directory using Kerberos (GSSAPI), help, I Want change password in LDAP Server (Windows 2000), but display this Error :
javax.naming.AuthenticationException: GSSAPI. Root exception is com.sun.security.sasl.preview.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))]
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:102)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
... 21 more
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Thank's
---------------------------
Fernando Queiroz Fonseca
Uberl�ndia - MG - Brasil
wm@eletrica.ufu.br
---------------------------
fatima mourchid
Greenhorn

Joined: Jan 09, 2004
Posts: 3
hello,
did you solve the problem of changing password on a kdc and how did you this ?
I've to add a principal to the kerberos KDC, and i dont know how doing this ?
Thank you
Fernando Queiroz Fonseca
Greenhorn

Joined: Oct 10, 2003
Posts: 3
For simple authenticate user using LDAP, follow one example :
for use simply create um Usuario(User) Object and set yours propertys and call method Valida(user) this method return null if user exists or the user whit properties fully set.
###################################################################
package br.com.fernandoqueiroz.ldap;
/**
* <p>Title: Leblocks Framework</p>
* <p>Description: Java Framework of Fernando Queiroz Fonseca</p>
* <p>Copyright: Copyright (c) 2003 - www.fernandoqueiroz.com.br</p>
* <p>Company: FernandoQueiroz.com.br - Analista e Programador de Sistemas Java/J2EE</p>
* @author Fernando Queiroz Fonseca
* @version 1.0 $Revision 3
*/

import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
import br.com.fernandoqueiroz.exceptions.*;
import javax.net.ssl.*;
import java.security.*;
import java.security.Security;
import java.io.UnsupportedEncodingException;
import javax.net.*;
public class ValidaUsuario {
public ValidaUsuario(){
}
private DirContext contexto = null;
//----------------------------------------------------------------------------
/**M�todo que valida um usu�rio no LDAP*/
public Usuario Valida(Usuario usuario, String host, int porta,boolean ssl) throws AutenticationException{
if(usuario==null)
throw new AutenticationException("Usu�rio n�o instanciado para Valida��o");
if(host==null)
throw new AutenticationException("N�o foi Informado um host para Valida��o");
if(usuario.getDN().equals(""))
throw new AutenticationException("N�o foi Informado O DN do usu�rio para Valida��o");
if(porta==0)
porta = 389;
try
{
Hashtable props = new Hashtable(11);
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
if(ssl)
{
props.put(Context.PROVIDER_URL, "ldap://" + host + ":" + porta + "");
props.put(Context.SECURITY_PROTOCOL, "ssl");
props.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
System.setProperty("javax.net.ssl.keyStore", "eletrica");
System.setProperty("javax.net.ssl.trustStorePassword", "fernando");
}
else
{
props.put(Context.PROVIDER_URL, "ldap://" + host + ":" + porta + "");
props.put(Context.SECURITY_AUTHENTICATION, "simple");
}
props.put(Context.SECURITY_PRINCIPAL, usuario.getDN());
props.put(Context.SECURITY_CREDENTIALS, usuario.getSenha());
SSLServerSocketFactory.getDefault();
DirContext ctx = new InitialDirContext(props);

this.contexto = ctx;
Attributes attrs = ctx.getAttributes(usuario.getDN());
usuario.setCN(String.valueOf(attrs.get("CN")));
usuario.setSAMAccountName(String.valueOf(attrs.get("sAMAccountName")));
usuario.setDescription(String.valueOf(attrs.get("description")));
usuario.setSN(String.valueOf(attrs.get("SN")));
usuario.setUserPrincipalName(String.valueOf(attrs.get("userPrincipalName")));
usuario.setPrimaryGroupID(String.valueOf(attrs.get("primaryGroupID")));
usuario.setObjectCategory(String.valueOf(attrs.get("objectCategory")));
usuario.setDistinguishedName(String.valueOf(attrs.get("distinguishedName")));
usuario.setHomeDirectory(String.valueOf(attrs.get("homeDirectory")));
usuario.setGivenName(String.valueOf(attrs.get("givenName")));
usuario.setMail(String.valueOf(attrs.get("mail")));
usuario.setDisplayName(String.valueOf(attrs.get("displayName")));
usuario.setMemberOf(String.valueOf(attrs.get("memberOf")));
}
catch(javax.naming.CommunicationException uhe)
{
usuario = null;
//throw new AutenticacaoException("Falha ao Cominicar com o host do"+
//" Servidor LDAP : " + host + " na porta "+ porta +", por favor verifique a sintaxe :: "+ uhe.getMessage());
uhe.printStackTrace();
}
catch(AuthenticationException ae)
{
usuario = null;
throw new AutenticationException("Falha ao autenticar o usu�rio"+
" no Servidor LDAP :" + host + ", Usu�rio e/ou Senha errado(s) ! :: "+ ae.getMessage());
}
catch (Exception e) {
usuario = null;
e.printStackTrace();
}
return usuario;
}
//----------------------------------------------------------------------------
/**M�todo que valida um usu�rio no LDAP usando a porta padr�o 389*/
public Usuario Valida(Usuario usuario, String host) throws AutenticationException{
return new Usuario();
}
//----------------------------------------------------------------------------
/**M�todo que valida um usu�rio no LDAP usando a porta padr�o 389 e localhost*/
public Usuario Valida(Usuario usuario) throws AutenticationException{
return new Usuario();
}
//----------------------------------------------------------------------------
/**Pega o Conext do usu�rio*/
public DirContext getContexto(){
return this.contexto;
}
/**Seta o Conext do usu�rio*/
public void setContexto(DirContext context){
this.contexto = context;
}
/**Fecha a conex�o com o Contexto LDAP*/
public void close() throws AutenticationException{
if(this.contexto!=null)
try {
this.contexto.close();
}
catch (NamingException ex) {
throw new AutenticationException("Erro ao fechar contexto ! : " + ex.getMessage());
}
}
//------------------------------------------------------------------------
}

any problem : Fernando Queiroz (Click here for Contact Page).
 
Don't get me started about those stupid light bulbs.
 
subject: Active Directory Authentication