Accessing windows 2000 active directory with Java

Hello,

I am doing at the moment a practical:

I wanna make a java app where an IT teacher is logging into the java app (he can only login the app when he belongs to the "spec" group in the AD of the windows 2000 domain. This teacher must be able to set authorizations to a class folder or school folder. He should be able to delete directorys, rename them and fill all the read data into a database which is located on the it teachers client pc where he runs the java app.


I have browsed the www and used google and found many solutions but as a java network stuff n00b i cant filter which solution is best for me but i have already a little idea of what fits best for me:

1.) JNDI: OLD stuff where i have to do everything manually, and its not so easy to use.

http://java.sun.com/products/jndi/tutorial/trailmap.html

2.) Spring LDAP: Cares for most encoding/coding stuff etc. can read the AD, but can it also write permissions of a certain user? I havent found a proper method in the respective classes.

http://www.springframework.org/ldap

3.) OpenLDAP: This site seems outdated to me but do not really know

http://www.openldap.org/jldap/

4.) J-Integra: this one cost money at least after 30 days...

http://j-integra.intrinsyc.com/support/com/doc/#other_examples/Creating_an_NT_User_via_ADSI_from_Java.htm

So much about what is possible maybe.

Can someone help me and give me a proper advise!?

Thank you very much for at least answering me which should cheer me up a bit

It depends upon what application server you are using. Most app servers provide JAAS compliant login modules to use Active Directory. If your server does not provide one then you have to build a login module. Here is a an example of JAAS login module

http://download-west.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#CFIHIIAB

regards
Debu

Originally posted by Debu Panda:
It depends upon what application server you are using. Most app servers provide JAAS compliant login modules to use Active Directory. If your server does not provide one then you have to build a login module. Here is a an example of JAAS login module

http://download-west.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#CFIHIIAB

regards
Debu

Well until now I have thought it is enough to install java + spring ldap on the client pc where i develop the java application. So when i wanna execute the java app and get in contact with the active directory of the W2K server i need something like an interface on the server right? you call this interface "JAAS login module"

http://de.wikipedia.org/wiki/JAAS

wiki site says the JAAS is part of the java libraries already.

�javax.security.auth� what is better your OC4J or the internal java classes for auth login?

You speak of application server? Is a windows 2000 server not enough? or is there a misunderstanding? sorry my first language is not english ;-)

So in any case I need some app/interface whatever it is on the w2k server so i can login via java app running on the client right?

Instead of JAAS could I also use OpenLdap as an LDAP server and login with the help of LDAP ? There are so much possibilies i think very confusing for a java network n00b ;-)

[ April 03, 2007: Message edited by: Bastien Neyer ]
[ April 03, 2007: Message edited by: Bastien Neyer ]