LDAP user password authentication using JNDI

java ldap jndi
Nivek picture Nivek · Aug 11, 2010 · Viewed 15.9k times · Source 
public static void main(String[] args)
{
    String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
    String MY_HOST = "ldap://Localhost:1389";
    String MGR_DN = "cn=John,ou=Users,o=IT,dc=QuizPortal";
    String MGR_PW = "password";           

    //Identify service provider to use
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
    env.put(Context.PROVIDER_URL, MY_HOST);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
    env.put(Context.SECURITY_CREDENTIALS, MGR_PW);

    try
    {
        // Create the initial directory context
        InitialDirContext initialContext = new InitialDirContext(env);

        System.out.println("Context Sucessfully Initialized");
    }
    catch(Exception e)
    {
        System.err.println(e);
    }
}

I would like to ask when I set the MGR_DN = "cn=John,ou=Users,o=IT,dc=QuizPortal" to MGR_DN = "uid=103,ou=Users,o=IT,dc=QuizPortal". Basically changing from cn to uid, I would encounter an error 

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

I am authenticated when is specified as cn=John but not uid=103. Am I not allowed to specify by uid?

Answer

Bruno picture Bruno · Aug 11, 2010

If you don't know the exact DN in advance, you should do a search in the LDAP directory first. This can be done more or less like this (make sure you catch the relevant exceptions):

Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapServerUrl);
env.put(Context.SECURITY_AUTHENTICATION, "none");

SearchControls searchCtrls = new SearchControls();
searchCtrls.setReturningAttributes(new String[] {});
searchCtrls.setSearchScope(SearchControls.SUBTREE_SCOPE);

String filter = "(&(cn=" + identifier + "))";

DirContext ctx = null;
ctx = new InitialDirContext(env);
NamingEnumeration<SearchResult> answer = ctx.search(
   ldapBaseDN, filter, searchCtrls);

String fullDN = null;
if (answer.hasMore()) {
    fullDN = answer.next().getNameInNamespace();

    ctx.close();
    ctx = null;

    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, fullDN);
    env.put(Context.SECURITY_CREDENTIALS, password);

    ctx = new InitialDirContext(env);
    return true;
}
// Exception otherwise ...

Here, the search filter is "(&(cn=" + identifier + "))" (so, for example (&(cn=John))), but you could use the uid instead. Uniqueness of the results depends on the configuration of the LDAP server. The base DN also depends on the way it's set up (it could be ou=Users,o=IT,dc=QuizPortal in your example).

Related questions

How do a LDAP search/authenticate against this LDAP in Java

I am playing with LDAP and Java search. Here's my LDIF export with a simple organization version: 1 dn: dc=example,dc=com objectClass: organization objectClass: dcObject objectClass: top dc: example o: MyOrganization description: Test Description dn: ou=people, dc=example,…

Read More
javax.naming.CommunicationException: simple bind failed

When trying to connect to the LDAP server using a simple LDAP application I am getting an error which says "simple bind failed". I am assuming this is related to some sort of BIND. I have a bind property in …

Read More
how to accept self-signed certificates for JNDI/LDAP connections?

I need to connect to an LDAP directory over SSL. In non-production environments, we use self-signed certificates which, of course, fails to validate with: javax.naming.CommunicationException: simple bind failed: ldapserver:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.…

Read More