jQuery in Action, 2nd edition*
The moose likes Security and the fly likes LDAP Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP Authentication" Watch "LDAP Authentication" New topic
Author

LDAP Authentication

Mahesh Malviya
Ranch Hand

Joined: Aug 20, 2004
Posts: 39
I want to authenticate users in the Domino server directory.
I wrote following code in jsp.



<%@ page import="java.util.Properties" isErrorPage="true" autoFlush="true"%>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.directory.*"%>
<%
Properties env = null;
env = new Properties();
String tCtx="com.sun.jndi.ldap.LdapCtxFactory";
String tURL="ldap://abc:389";
env.put(Context.INITIAL_CONTEXT_FACTORY, tCtx);
env.put(Context.PROVIDER_URL, tURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "CN=Db Signer,O=PERL");
env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");

DirContext ctx=null;
DirContext authenticationctx=null;
authenticationctx = new InitialDirContext(env);

%>
<%=authenticationctx.getEnvironment()%>



But it works fine if I do not provide any password. I mean if I write
env.put(Context.SECURITY_CREDENTIALS, "");
instead of
env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");

it gives no error, but if I provide password it throws

javax.servlet.ServletException: [LDAP: error code 48 - Bind failed: Invalid credentials for CN=Db Signer/O=PERL]


Please help me.

Thanks and regards
Mahesh Malviya
Rob Connaughton
Greenhorn

Joined: Aug 29, 2003
Posts: 4
Do you have the Internet Password set in that persons 'Person' document, as it uses that password to check against, not the one stored in the notes id.
Mahesh Malviya
Ranch Hand

Joined: Aug 20, 2004
Posts: 39
Hi Rob,
Thanks for the reply.
I am using internet password in

env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");
Mahesh Malviya
Ranch Hand

Joined: Aug 20, 2004
Posts: 39
Hi Rob,
Thanks for the reply.
I am using internet password in

env.put(Context.SECURITY_CREDENTIALS, "lotusnotes123");

Please suggest me which could be more reasons beacuase with blank password the code runs fine. It does not throw any exception. Context.SECURITY_AUTHENTICATION type is "simple". If it is "simple" then it password entered should be accurate it should not take blank password as well. I am stuck...

Thanks

Mahesh Malviya
Rob Connaughton
Greenhorn

Joined: Aug 29, 2003
Posts: 4
My code that seems to work ok is like this:

Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL,"ldap://servername:389");
props.put(Context.SECURITY_PRINCIPAL,"cn=" + name);
props.put(Context.SECURITY_CREDENTIALS,password);
ctx = new InitialDirContext(props);
verification = true;

What happens if you leave out the SECURITY_AUTHENTICATION line as I don't use it?
Mahesh Malviya
Ranch Hand

Joined: Aug 20, 2004
Posts: 39
Rob, I am glad to get your reply. But I tried with your code as well. It is allowing everyone with blank password. Yes ofcourse it allows with the original password and do not allow for wrong password. But it allows for blank password.
I tried with your code at my environment

<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*" %>
<%@ page import="javax.naming.directory.*" %>
<% Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL,"ldap://abc:389");
props.put(Context.SECURITY_PRINCIPAL,"cn=" + "amember");
props.put(Context.SECURITY_CREDENTIALS,"");
DirContext ctx = new InitialDirContext(props);
String verification = "true";
%>
<%=verification%>

I do not get any exception with blank password.

Thanks
Mahesh Malviya
Sigit Raharjo
Greenhorn

Joined: Jul 22, 2009
Posts: 1
Try using sAMAccountName instead of CN on setting security principal:

props.put(Context.SECURITY_PRINCIPAL,"username");

Sometimes it works, depend on the LDAP server setting.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: LDAP Authentication