Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

LDAP Authentication

 
Mahesh Malviya
Ranch Hand
Posts: 39
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to authenticate users in the Domino server directory.
I wrote following code in jsp.



<%@ page import="java.util.Properties" isErrorPage="true" autoFlush="true"%>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.directory.*"%>
<%
Properties env = null;
env = new Properties();
String tCtx="com.sun.jndi.ldap.LdapCtxFactory";
String tURL="ldap://abc:389";
env.put(Context.INITIAL_CONTEXT_FACTORY, tCtx);
env.put(Context.PROVIDER_URL, tURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "CN=Db Signer,O=PERL");
env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");

DirContext ctx=null;
DirContext authenticationctx=null;
authenticationctx = new InitialDirContext(env);

%>
<%=authenticationctx.getEnvironment()%>



But it works fine if I do not provide any password. I mean if I write
env.put(Context.SECURITY_CREDENTIALS, "");
instead of
env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");

it gives no error, but if I provide password it throws

javax.servlet.ServletException: [LDAP: error code 48 - Bind failed: Invalid credentials for CN=Db Signer/O=PERL]


Please help me.

Thanks and regards
Mahesh Malviya
 
Rob Connaughton
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have the Internet Password set in that persons 'Person' document, as it uses that password to check against, not the one stored in the notes id.
 
Mahesh Malviya
Ranch Hand
Posts: 39
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rob,
Thanks for the reply.
I am using internet password in

env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");
 
Mahesh Malviya
Ranch Hand
Posts: 39
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rob,
Thanks for the reply.
I am using internet password in

env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");

Please suggest me which could be more reasons beacuase with blank password the code runs fine. It does not throw any exception. Context.SECURITY_AUTHENTICATION type is "simple". If it is "simple" then it password entered should be accurate it should not take blank password as well. I am stuck...

Thanks

Mahesh Malviya
 
Rob Connaughton
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My code that seems to work ok is like this:

Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL,"ldap://servername:389");
props.put(Context.SECURITY_PRINCIPAL,"cn=" + name);
props.put(Context.SECURITY_CREDENTIALS,password);
ctx = new InitialDirContext(props);
verification = true;

What happens if you leave out the SECURITY_AUTHENTICATION line as I don't use it?
 
Mahesh Malviya
Ranch Hand
Posts: 39
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob, I am glad to get your reply. But I tried with your code as well. It is allowing everyone with blank password. Yes ofcourse it allows with the original password and do not allow for wrong password. But it allows for blank password.
I tried with your code at my environment

<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*" %>
<%@ page import="javax.naming.directory.*" %>
<% Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL,"ldap://abc:389");
props.put(Context.SECURITY_PRINCIPAL,"cn=" + "amember");
props.put(Context.SECURITY_CREDENTIALS,"");
DirContext ctx = new InitialDirContext(props);
String verification = "true";
%>
<%=verification%>

I do not get any exception with blank password.

Thanks
Mahesh Malviya
 
Sigit Raharjo
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try using sAMAccountName instead of CN on setting security principal:

props.put(Context.SECURITY_PRINCIPAL,"username");

Sometimes it works, depend on the LDAP server setting.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic