javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

Quantum_Entanglement picture Quantum_Entanglement · May 16, 2014 · Viewed 39.1k times · Source

I'm new to ldap and I was trying what I thought was a trivial example to test the spring ldap module with an ldap instance that someone had already setup for testing.

Details about the ldap instance that I am using can be found here: http://blog.stuartlewis.com/2008/07/07/test-ldap-service/comment-page-3/

I've used an ldap browser/admin tool (Softerra LDAP Admin) and I can access the directory without any issues.

When I try it using java and spring-ldap (2.0.1) I get the Authentication Exception mentioned above. Before setting up my own ldap instance to try and troubleshoot this further I wanted to check here in case someone with more experience could point out something obvious that I missed.

Below is the code I am using:

import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;

import java.util.List;

public class LdapTest {


public List<String> getListing() {

    LdapTemplate template = getTemplate();

    List<String> children = template.list("dc=testathon,dc=net");

   return children;
}


private LdapTemplate getTemplate(){

    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setUrl("ldap://ldap.testathon.net:389");
    contextSource.setUserDn("cn=john");
    contextSource.setPassword("john");

    try {
        contextSource.afterPropertiesSet();
    } catch (Exception ex) {
        ex.printStackTrace();
    }


    LdapTemplate template = new LdapTemplate();

    template.setContextSource(contextSource);

    return template;

}


public static void main(String[] args){


    LdapTest sClient = new LdapTest();
    List<String> children = sClient.getListing();

    for  (String child :children) {
        System.out.println(child);
    }

}

}

Stack trace:

Exception in thread "main" org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)

Answer

Quantum_Entanglement picture Quantum_Entanglement · May 16, 2014

It turns out I just needed to include everything in the distinguished name(including the organization unit). Using

contextSource.setBase(...);

for some reason did not work. After making that correction all was fine.

contextSource.setUserDn("cn=john,ou=Users,dc=testathon,dc=net");