Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Active Directory Authentication

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't need connect to Active directory using Kerberos (GSSAPI), help, I Want change password in LDAP Server (Windows 2000), but display this Error :
javax.naming.AuthenticationException: GSSAPI. Root exception is com.sun.security.sasl.preview.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))]
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:102)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
... 21 more
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Thank's
---------------------------
Fernando Queiroz Fonseca
Uberl�ndia - MG - Brasil
wm@eletrica.ufu.br
---------------------------
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The questions that immediately come to my mind are -- is Windows installed in c:\winnt, is there a krb5.ini in there, and if not, is there a krb5.ini anywhere else on your harddrives (use Find)?
- Peter
 
Fernando Queiroz Fonseca
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
this is not the question.
I make authentication using LDAP,and... etc, but for change password in Active Directory (Windows 2000 Server) display this error :
-------------------------------------------------------------------------
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=1012065,OU=Alunos,DC=eletrica,DC=ufu,DC=br'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3061)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
-------------------------------------------------------------------------
I Want one method for change password in Active Directory, Any.
Thank's
Fernando.
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Fernando,
Please can you help me out.
what i want is : how to Access Micorsoft ADS to authenticate my application. So please help me to solve this problem. and please can you send me the simple application so access ADS
Thanks
Suresh
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Fernando Queiroz Fonseca:
I don't need connect to Active directory using Kerberos (GSSAPI), help, I Want change password in LDAP Server (Windows 2000), but display this Error :
javax.naming.AuthenticationException: GSSAPI. Root exception is com.sun.security.sasl.preview.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))]
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:102)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
... 21 more
Caused by: GSSException: Invalid name provided (Mechanism level: Could not load configuration file c:\winnt\krb5.ini (The system cannot find the file specified))
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:46)
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:159)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:456)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:151)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:86)
at com.sun.security.sasl.gsskerb.GssKerberosV5.<init>(GssKerberosV5.java:74)
at com.sun.security.sasl.gsskerb.ClientFactory.createSaslClient(ClientFactory.java:44)
at com.sun.security.sasl.preview.Sasl.createSaslClient(Sasl.java:334)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2569)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at ldap.TipoLogin.main(TipoLogin.java:35)
Thank's
---------------------------
Fernando Queiroz Fonseca
Uberl�ndia - MG - Brasil
wm@eletrica.ufu.br
---------------------------

 
fatima mourchid
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello,
did you solve the problem of changing password on a kdc and how did you this ?
I've to add a principal to the kerberos KDC, and i dont know how doing this ?
Thank you
 
Fernando Queiroz Fonseca
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For simple authenticate user using LDAP, follow one example :
for use simply create um Usuario(User) Object and set yours propertys and call method Valida(user) this method return null if user exists or the user whit properties fully set.
###################################################################
package br.com.fernandoqueiroz.ldap;
/**
* <p>Title: Leblocks Framework</p>
* <p>Description: Java Framework of Fernando Queiroz Fonseca</p>
* <p>Copyright: Copyright (c) 2003 - www.fernandoqueiroz.com.br</p>
* <p>Company: FernandoQueiroz.com.br - Analista e Programador de Sistemas Java/J2EE</p>
* @author Fernando Queiroz Fonseca
* @version 1.0 $Revision 3
*/

import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
import br.com.fernandoqueiroz.exceptions.*;
import javax.net.ssl.*;
import java.security.*;
import java.security.Security;
import java.io.UnsupportedEncodingException;
import javax.net.*;
public class ValidaUsuario {
public ValidaUsuario(){
}
private DirContext contexto = null;
//----------------------------------------------------------------------------
/**M�todo que valida um usu�rio no LDAP*/
public Usuario Valida(Usuario usuario, String host, int porta,boolean ssl) throws AutenticationException{
if(usuario==null)
throw new AutenticationException("Usu�rio n�o instanciado para Valida��o");
if(host==null)
throw new AutenticationException("N�o foi Informado um host para Valida��o");
if(usuario.getDN().equals(""))
throw new AutenticationException("N�o foi Informado O DN do usu�rio para Valida��o");
if(porta==0)
porta = 389;
try
{
Hashtable props = new Hashtable(11);
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
if(ssl)
{
props.put(Context.PROVIDER_URL, "ldap://" + host + ":" + porta + "");
props.put(Context.SECURITY_PROTOCOL, "ssl");
props.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
System.setProperty("javax.net.ssl.keyStore", "eletrica");
System.setProperty("javax.net.ssl.trustStorePassword", "fernando");
}
else
{
props.put(Context.PROVIDER_URL, "ldap://" + host + ":" + porta + "");
props.put(Context.SECURITY_AUTHENTICATION, "simple");
}
props.put(Context.SECURITY_PRINCIPAL, usuario.getDN());
props.put(Context.SECURITY_CREDENTIALS, usuario.getSenha());
SSLServerSocketFactory.getDefault();
DirContext ctx = new InitialDirContext(props);

this.contexto = ctx;
Attributes attrs = ctx.getAttributes(usuario.getDN());
usuario.setCN(String.valueOf(attrs.get("CN")));
usuario.setSAMAccountName(String.valueOf(attrs.get("sAMAccountName")));
usuario.setDescription(String.valueOf(attrs.get("description")));
usuario.setSN(String.valueOf(attrs.get("SN")));
usuario.setUserPrincipalName(String.valueOf(attrs.get("userPrincipalName")));
usuario.setPrimaryGroupID(String.valueOf(attrs.get("primaryGroupID")));
usuario.setObjectCategory(String.valueOf(attrs.get("objectCategory")));
usuario.setDistinguishedName(String.valueOf(attrs.get("distinguishedName")));
usuario.setHomeDirectory(String.valueOf(attrs.get("homeDirectory")));
usuario.setGivenName(String.valueOf(attrs.get("givenName")));
usuario.setMail(String.valueOf(attrs.get("mail")));
usuario.setDisplayName(String.valueOf(attrs.get("displayName")));
usuario.setMemberOf(String.valueOf(attrs.get("memberOf")));
}
catch(javax.naming.CommunicationException uhe)
{
usuario = null;
//throw new AutenticacaoException("Falha ao Cominicar com o host do"+
//" Servidor LDAP : " + host + " na porta "+ porta +", por favor verifique a sintaxe :: "+ uhe.getMessage());
uhe.printStackTrace();
}
catch(AuthenticationException ae)
{
usuario = null;
throw new AutenticationException("Falha ao autenticar o usu�rio"+
" no Servidor LDAP :" + host + ", Usu�rio e/ou Senha errado(s) ! :: "+ ae.getMessage());
}
catch (Exception e) {
usuario = null;
e.printStackTrace();
}
return usuario;
}
//----------------------------------------------------------------------------
/**M�todo que valida um usu�rio no LDAP usando a porta padr�o 389*/
public Usuario Valida(Usuario usuario, String host) throws AutenticationException{
return new Usuario();
}
//----------------------------------------------------------------------------
/**M�todo que valida um usu�rio no LDAP usando a porta padr�o 389 e localhost*/
public Usuario Valida(Usuario usuario) throws AutenticationException{
return new Usuario();
}
//----------------------------------------------------------------------------
/**Pega o Conext do usu�rio*/
public DirContext getContexto(){
return this.contexto;
}
/**Seta o Conext do usu�rio*/
public void setContexto(DirContext context){
this.contexto = context;
}
/**Fecha a conex�o com o Contexto LDAP*/
public void close() throws AutenticationException{
if(this.contexto!=null)
try {
this.contexto.close();
}
catch (NamingException ex) {
throw new AutenticationException("Erro ao fechar contexto ! : " + ex.getMessage());
}
}
//------------------------------------------------------------------------
}

any problem : Fernando Queiroz (Click here for Contact Page).
reply
    Bookmark Topic Watch Topic
  • New Topic