2

in C#, I have written below code to connect to LDAP server and query the same. 

String ldapUrl = "LDAP://...";
            DirectoryEntry entry = new DirectoryEntry(ldapUrl);
            DirectorySearcher dSearch = new DirectorySearcher(entry);

            String Name = "ravi";
            dSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + Name + "))";

            foreach (SearchResult sResultSet in dSearch.FindAll())
            {
                String data =  "Login Name :" + (GetProperty(sResultSet, "cn")) + "\r\n" +
                    "First Name :" + (GetProperty(sResultSet, "givenName")) + "\r\n" +
                    "Middle Initials :" + (GetProperty(sResultSet, "initials")) + "\r\n" +
                    "Last Name : " + (GetProperty(sResultSet, "sn"));
            }

If you notice, no where I have provided the username and or password. I think it logs-in to the LDAP server using the OS logged in users credentials.

but in JAVA 

String url = "ldap://localhost:10389";
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(***Context.SECURITY_PRINCIPAL, "uid=admin,ou=system"***);
env.put(***Context.SECURITY_CREDENTIALS, "secret"***);

try {
    DirContext ctx = new InitialDirContext(env);
    System.out.println("connected");
    System.out.println(ctx.getEnvironment());

    ctx.close();

} catch (Exception ex) {
    System.out.println("error when trying to create the context");
}

Is there a way in java to bind to the LDAP server without providing the username and password? I tried bind to by setting the Context.SECURITY_AUTHENTICATION as NONE, but it them throws the exception for anonymous login not allowed. I don't what to use Anonymous user credentials but the OS logged in users credentials.

is this possible and how?

Regards,

Ravi
  • 329
  • 1
  • 5
  • 17
  • I am assuming you desire is to use Windows Integrated Authentication allowing the Windows OS to provide the credentials. The challenge is to obtain the credentials from the OS. Is your application http based? – jwilleke May 30 '16 at 12:54
  • yes, Windows Integrated Authentication, we are serving both the applications client as well as http based. This is a webservice running within WAS. The WAS is configured as windows service and is configured to run under a service account, who has permissions to query LDAP. The applications will provide me the username. I just need to make sure those users are having access to my service by querying the LDAP. I know WAS can be configured to do AD auth. but currently we are facing some cookie issue, so I cannot use it. – Ravi May 31 '16 at 02:45
  • so, this is not possible in JAVA? hmmm... I will have to write JNI wrapper for C# :( – Ravi Jun 03 '16 at 12:31
  • AFIK, yes, Not sure of your details. Might be able to use JAAS and Kerberos or may need to get to the LSA or SPPI from JNI. – jwilleke Jun 04 '16 at 12:56
  • I used JNI to invoke a C# dll... the problem is, JNI is very slow. it is taking almost 15-20 sec per call – Ravi Mar 28 '18 at 05:38

2 Answers2

0

I used JNI to invoke a C# dll... the problem is JNI is very slow. it is taking almost 15-20 sec per call

Ravi
  • 329
  • 1
  • 5
  • 17
0

Use command line (cmd), in JAVA, :: from this stack Overflow Answer

import com4j.Variant;
import com4j.typelibs.ado20.ClassFactory;
import com4j.typelibs.ado20._Command;
import com4j.typelibs.ado20._Connection;
import com4j.typelibs.ado20._Recordset;

public static void queryADForComputers() throws Exception{

    String query            = "cn,sn,givenName,department";
    String filter           = "(&(objectclass=user)(objectcategory=person))";
    String namingContext    = "OU=Desktops,OU=Workstations,OU=HO,DC=win";
    _Connection conn        = ClassFactory.createConnection();

    conn.provider("ADsDSOObject");
    conn.open("Active Directory Provider","","",-1);

    _Command cmd            = ClassFactory.createCommand();
    cmd.activeConnection(conn);
    cmd.commandText("<LDAP://" + namingContext + ">;" + filter + ";" + query + ";subTree");
    _Recordset rs = cmd.execute(null, Variant.getMissing(), -1);
    System.out.println("Found " + rs.recordCount() + " users/computers/whatever i was looking for");

//Then here you can use a while loop while(!rs.eof())
//in which you can get each value as rs.fields().item(i).value();
//in my case, i did rs.fields().item(i).value().toString()
//or you can check for its type and go from there. 
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Timetrax
  • 1,373
  • 13
  • 15