1

I tried to Authenticate the mobile user on IDAM-LDAP via NetIq. But for that we need some of the service or mechanism in which we can verify directly send our username and password and that will be validated by NetIq via LDAP.

I tried with simple java connection to LDAP for user authentication.

Below parameters are used

INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); \n 
PROVIDER_URL, "ldap:// IP ADDRESS :10389");
SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
SECURITY_CREDENTIALS, "PASSWORD");

Apart from which parameters we can use to successful testing so that we can implement in java adapter.

package com.wipro.ibm;

import java.util.Properties;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;

public class Testing {

    public static void main(String[] args) throws Exception {
    Properties props = new Properties();
    props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    props.put(Context.PROVIDER_URL, "ldap:// ldap ip :10389");
    props.put(Context.SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
    props.put(Context.SECURITY_CREDENTIALS, "Wipro@123");

    InitialDirContext context = new InitialDirContext(props);

    SearchControls ctrls = new SearchControls();
    ctrls.setReturningAttributes(new String[] { "givenName", "sn", "memberOf" });
    ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);

    NamingEnumeration<javax.naming.directory.SearchResult> answers = context.search("o=IBOM_test",
            "(uid=" + "Test123" + ")", ctrls);
    javax.naming.directory.SearchResult result = answers.nextElement();
    String user = result.getNameInNamespace();

    try {
        props = new Properties();
        props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        props.put(Context.PROVIDER_URL, "ldap://ldap ip :10389");
        props.put(Context.SECURITY_PRINCIPAL, user);
        props.put(Context.SECURITY_CREDENTIALS, "Test@123");

        context = new InitialDirContext(props);
        } catch (Exception e) {
            System.out.println("false");
        }
        System.out.println("True");
    }

}
Impulse The Fox
  • 2,638
  • 2
  • 27
  • 52
attu
  • 11
  • 2
  • What is your query exactly? Is your current code failing? Or is not the LDAP responding? If your standalone code works , then you can implement it in a Java adapter as well. Send the username&password to the adapter in the payload body. – Vivin K Apr 27 '18 at 15:33
  • by using the ablove code we are getting ** javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - Confidentiality Required] – attu Apr 28 '18 at 06:45
  • And do you get the same issue when trying from a standalone Java code? This exception is not related to MFP. – Vivin K Apr 30 '18 at 10:10

1 Answers1

0

The error javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - Confidentiality Required indicates that you need to connect using TLS/SSL instead of connecting to the clear text port.

Normally that is port 636 but in your case it might be 10636 since your non-encrypted port is 10389.

Singleton
  • 77
  • 2
  • 9
  • Before conneecting through 636 is at any other method to to check it ? – attu Apr 30 '18 at 15:24
  • While connecting through 636 prt I am getting connection closed error. can you share some some standalone method to check the functionality forward. – attu Apr 30 '18 at 15:26
  • Try connecting to port 10636. Otherwise ask the administrator of the IDM system which port to use and if it is opened in the firewall. You can try downloading Apache Directory Studio LDAP Browser and try to connect with it instead. – Singleton Apr 30 '18 at 17:21
  • Thanks for suggesting the Apache Studio Browser but how to connect in java prograam. – attu May 02 '18 at 09:18
  • Post the stacktrace that you get when you try to connect to port 636 and port 10636 with your code. You might need to add props.put(Context.SECURITY_PROTOCOL, "ssl"); – Singleton May 02 '18 at 21:51