3

I am trying to authenticate the user but it throws Exception.May be there is problem in configuration.

public class LdapApplication {
private static final String INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private static final String SECURITY_AUTHENTICATION ="simple";
private static final String NAMED_CONTEXT = "CN=Users";
private static final String SAM_ACCOUNT_NAME = "sAMAccountName=";

public static void main(String[] args) {

    Hashtable env = new Hashtable();

    env.put(Context.INITIAL_CONTEXT_FACTORY,INITIAL_CONTEXT_FACTORY);
    env.put(Context.PROVIDER_URL, "ldap://ip:portNo/dc=organisation,dc=in");
    env.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
    env.put(Context.SECURITY_PRINCIPAL, "cn=userName,cn=Users");
    env.put(Context.SECURITY_CREDENTIALS, "password" );
    DirContext context = null;

    NamingEnumeration namingEnumeration = null;
    try {
        context = new InitialDirContext(env);

        namingEnumeration = context.search(NAMED_CONTEXT, SAM_ACCOUNT_NAME+ userName, null);
        while (namingEnumeration.hasMore()) {
            SearchResult searchResult = (SearchResult) namingEnumeration.next();
            Attributes attributes = searchResult.getAttributes();

            System.out.println(" Person Common Name = " + attributes.get("cn"));
          System.out.println(" Person Display Name = " + attributes.get("displayName"));

            }catch(Exception e){
                System.out.println(e.getMessage());
                e.printStackTrace();

            }
        }
    } catch (Throwable e) {
        e.printStackTrace();
    } finally {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (Exception e) {
            }
        }
        if (context != null) {
            try {
                context.close();
            } catch (Exception e) {
            }
        }
    }

}

}

but if i mention Context.SECURITY_PRINCIPAL as "organisation\\userName" instead of "cn=userName,cn=Users" it works perfectly fine. Kindly suggest a possible solution because my requirement is to give SECURITY_PRINCIPAL something using cn or dc.

rahul
  • 1,062
  • 5
  • 15
  • 31

3 Answers3

2

You are using a relative distinguished name which will not work.

Change your code to use 

env.put(Context.SECURITY_PRINCIPAL, "cn=userName,cn=Users,dc=organisation,dc=in");

and also change your search context to:

private static final String NAMED_CONTEXT = "CN=Users,dc=organisation,dc=in";

Always use full distinguished names with LDAP.

mvreijn
  • 2,807
  • 28
  • 40
  • 1
    One thing I want to tell you that my `DN : "CN= User Name, CN=Users,dc=organisation,dc=in"` and my 'sAMAccountName: userName'. I want to use `sAMAccountName` in order to authenticate user – rahul Mar 14 '14 at 06:32
  • Then you will have to search for it using a proxy user first, in order to resolve the FDN. To my knowledge `sAMAccountName` is not a LDAP naming attribute in AD, iow you cannot use `sAMAccountName=userName,cn=Users,dc=organisation,dc=in`. – mvreijn Mar 14 '14 at 20:19
2

We were having the same issue in our code and we fixed it by adding the domain name before the user name. Instead of entering user:password, enter domain\user:password.

Hope this helps.

Dan
  • 9,391
  • 5
  • 41
  • 73
Amyuni Devteam
  • 21
  • 1
0

To do an LDAP bind you will need to use one of the a Unique return for one of the Ambiguous Name Resolution entries. Normally, one would use the Fully Distinguished name.

We have a JNDI Example showing how this could be done.

-jim

jwilleke
  • 10,467
  • 1
  • 30
  • 51