I am new to LDAP. And I did the authentication part using LDAP INITIAL_CONTEXT_FACTORY ("com.sun.jndi.ldap.LdapCtxFactory"). Code of what I did is as follows.
String url = ldap_url;
String uname = request.getUsername();
String pwd = request.getPassword();
boolean authentication = false;
boolean error = true;
String msg, attributes, search;
String ldapDn = String.format("%s%s", searchFilter,uname);
// create env for initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapDn);
env.put(Context.SECURITY_CREDENTIALS, pwd);
try {
DirContext ctx = new InitialDirContext(env);
authentication = true;
error = false;
ctx.close();
} catch (Exception e) {
} finally {
if (!error) {
msg = "Login success!!!";
} else {
msg = "Authentication failed!";
}
}
Now I need to fetch the "employee_id" which returns with the LDAP result. I went through few examples in the internet and I could not make it happen. It will be great if anyone can suggest me a better way to search this attribute.
Related
I'm looking for a way to change the OU of a user in my Oracle LDAP, using Java. So far I found only the DirContext.rename method, but that results in a corrupted LDAP entry. Below is the code I tried.
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.REFERRAL, "follow");
environment.put(Context.PROVIDER_URL, "ldap://localhost:10389");
environment.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
environment.put(Context.SECURITY_CREDENTIALS, "admin");
DirContext ctx = null;
try {
ctx = new InitialDirContext(environment);
String oldCn = "uid=wso21,ou=wso2,ou=Users,dc=WSO2,dc=ORG";
String newCn = "uid=wso21,ou=vodafone,ou=Users,dc=WSO2,dc=ORG";
ctx.rename(oldCn, newCn);
} catch (NamingException e) {
e.printStackTrace();
} finally {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
After this is executed, the moved entry is there but no attributes are present.
TIA!
Please modify try Block:
try {
ctx = new InitialDirContext(environment);
String oldDn = "uid=wso21,ou=wso2,ou=Users,dc=WSO2,dc=ORG";
String newDn = "uid=wso21,ou=vodafone,ou=Users,dc=WSO2,dc=ORG";
String newCn="newCN";
String newSn="newSN";
Attributes attrs = ctx.getAttributes(oldDn);
ctx.rename(oldDn,newDn);
attrs.remove("cn");
attrs.remove("sn");
//if needed remove more attributes
attrs.put("cn",newCn);
attrs.put("sn",newSn);
//if needed add more attributes
ctx.modifyAttributes(newDn, DirContext.ADD_ATTRIBUTE, attrs);
}
I'm trying to do an LDAP authentication using Java but this always return a null result and usrNamespace. Also was able to confirm that the username and password passed are correct.
With the username I use cn, i tried changing (uid=" + username + ") to cn but still gives me the same result
If anyone can help me that would be greatly appreciated. Thank you!
public class LdapAuthenticationAdapter implements AuthenticationAdapter {
#Override
public boolean authenticate(String username, String password) throws Exception {
Properties prop = new Properties();
//set the property value
SECURITY_AUTHENTICATION = prop.getProperty("eq.SECURITY_AUTHENTICATION");
SECURITY_PRINCIPAL = prop.getProperty("eq.SECURITY_PRINCIPAL");
SECURITY_CREDENTIALS = prop.getProperty("eq.SECURITY_CREDENTIALS");
PROVIDER_URL = prop.getProperty("eq.PROVIDER_URL");
// Get admin user, password(encrypted), host, port and other LDAP parameters
// from equationConfiguration.properties
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
env.put(Context.SECURITY_CREDENTIALS, "secret");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389/dc=main,dc=com");
// env.put("java.naming.ldap.attributes.binary", "objectSID"); // validate this line if applicable
InitialDirContext context = new InitialDirContext(env);
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[] { "givenName", "sn","memberOf" });
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<javax.naming.directory.SearchResult> answers = null;
SearchResult result = null;
String usrNamespace = null;
try {
answers = context.search("ou=bankfusionusers", "(uid=" + username + ")", ctrls); // Get directory context
result = answers.nextElement();
usrNamespace = result.getNameInNamespace();
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://localhost:10389/dc=main,dc=com");
props.put(Context.SECURITY_PRINCIPAL, usrNamespace);
props.put(Context.SECURITY_CREDENTIALS, password);
System.err.println("Entry 1");
context = new InitialDirContext(props);
}catch(NullPointerException e){
System.err.println("Unsuccessful authenticated bind " + e + "\n");
return false;
}
return true;
}//end method
}
I changed your code a little bit, and it works on mine.
public static void main(String[] args) throws NamingException {
Properties initialProperties = new Properties();
initialProperties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
initialProperties.put(Context.PROVIDER_URL, "ldap://192.168.0.179:389");
initialProperties.put(Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
initialProperties.put(Context.SECURITY_CREDENTIALS, "dirmanager");
initialProperties.put(Context.SECURITY_AUTHENTICATION, "simple");
InitialDirContext context = new InitialDirContext(initialProperties);
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[] { "cn", "sn","givenname" });
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<javax.naming.directory.SearchResult> answers = null;
SearchResult result = null;
String usrNamespace = null;
try {
String username = "user.997"; // I added this, I removed some of your code as well
answers = context.search("dc=example,dc=com", "(uid=" + username + ")", ctrls); // Get directory context
result = answers.nextElement();
usrNamespace = result.getNameInNamespace();
System.out.println("result variable shows : " + result);
System.out.println("usrNamespace variable shows: " + usrNamespace);
}catch(NullPointerException e){
System.err.println("Unsuccessful authenticated bind " + e + "\n");
}
}
}
In my console, I see
User logs in with the user id which is the samaccountname. How do I authenticate the user id through active directory using ldap when i dont know the full distinguised namejust the samaccountname (JAVA).
This is how my code is:
public class LoginClass {
public static void main(String args[]){
boolean b= false;
Scanner scan = new Scanner(System.in);
System.out.println("Enter username : ");
String username = scan.next();
System.out.println("Enter password : ");
String password = scan.next();
Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env
.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389");
// Authenticate as S. User and give incorrect password
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn="+username+", cn=Users, dc=server,dc=domain");
env.put(Context.SECURITY_CREDENTIALS, password);
try {
System.out.println(env);
// Create initial context
DirContext ctx = new InitialDirContext(env);
b=true;
// Close the context when we're done
ctx.close();
} catch (NamingException e) {
b=false;
}
finally{
if(b==true){
System.out.println("Login Successful");
}
else{
System.out.println("Login Failed");
}
}
}
}
I am building a web application with the Play Framework. To authenticate the users of my application I use LDAP. I am new to the play framework and async programming. I wanted the LDAP authentication to be async and do not block my app. So I created a Promise and put the LDAP authentication code in it. My code is working but I am not sure if it is Async or not. How can I verify that it is really Async. Here is my code
public class ActiveDirectoryServices {
public static final String ldapURL = Play.application().configuration().getString("ActiveDirectory.url");
public static final String domainName = Play.application().configuration().getString("ActoveDirectory.DomainName");
public static final int timeout = Play.application().configuration().getInt("ActoveDirectory.timeout");
private static final String account = "account";
private static final String pass = "password";
public static Promise<Boolean> authenticate(String username, String password) throws AuthenticationException, CommunicationException, NamingException{
Hashtable<String, String> env = new Hashtable<String,String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.connect.timeout", ""+(timeout*1000));
env.put(Context.PROVIDER_URL, ldapURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username+domainName);
env.put(Context.SECURITY_CREDENTIALS, password);
DirContext authContext = null;
authContext = new InitialDirContext(env);
return Promise.pure(Boolean.TRUE);
}
}
Then in a controller I use the above code as following:
try {
Promise<Boolean> promiseActiveDirectoryCheck = ActiveDirectoryServices.authenticate(userName, password);
return promiseActiveDirectoryCheck.flatMap(response -> {
if(response){
return Promise.pure(ok("access granted"));
}
});
}catch (AuthenticationException exp) {
return Promise.pure(ok("access denied"));
}catch (CommunicationException exp) {
return Promise.pure(ok("The active directory server is not reachable"));
}catch (NamingException exp) {
return Promise.pure(ok("active directory domain name does not exist"));
}
I'm trying to change the mail and password attributes of Active Directory using java. To do this, it was generated a security certificate and imported into the certificate store of the jvm (carcerts). The connection is made using ssl successfully however when trying to change any field, eg mail,I get the following error message:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002035: LdapErr: DSID-0C090B3E, comment: Operation not allowed through GC port, data 0, v1db1
source code:
// change mail
private void salvarEmailESenhaNoAd() throws IOException, NamingException {
Properties mudaSenhaProperties = new PropertiesFactory().propertiesByJndi("mudaSenha");
ADUtil adUtil = null;
try
{
adUtil = new ADUtil(mudaSenhaProperties);
adUtil.changeEmail("CN=018061671627,OU=SDS,OU=CS,OU=STI,OU=DG,OU=PRES,OU=TRERN,DC=tre-rn,DC=jus,DC=br", dadosUsuario.getEmail());
}
finally
{
if (adUtil != null)
{
adUtil.close();
}
}
}
public class ADUtil {
private LdapContext ldapContext = null;
public ADUtil(Properties properties) throws NamingException
{
ldapContext = createUserContext(properties);
}
private LdapContext createUserContext(Properties properties) throws NamingException {
String javaNamingFactoryInitial = properties.getProperty("java.naming.factory.initial");
String javaNamingProviderUrl = properties.getProperty("java.naming.provider.url");
String javaNamingSecurityAuthentication = properties.getProperty("java.naming.security.authentication");
String javaNamingSecurityPrincipal = properties.getProperty("java.naming.security.principal");
String javaNamingSecurityCredentials = properties.getProperty("java.naming.security.credentials");
String javaNamingSecurityProtocol = properties.getProperty("java.naming.security.protocol");
String javaNamingReferral = properties.getProperty("java.naming.referral");
String javaNetSslTrustStore = properties.getProperty("javax.net.ssl.trustStore");
String javaNetSslTrustStorePassword = properties.getProperty("javax.net.ssl.trustStorePassword");
Hashtable<String, String> env = new Hashtable<String, String>();
System.setProperty("javax.net.ssl.trustStore", javaNetSslTrustStore);
System.setProperty("javax.net.ssl.trustStorePassword", javaNetSslTrustStorePassword);
env.put(Context.INITIAL_CONTEXT_FACTORY, javaNamingFactoryInitial);
env.put(Context.SECURITY_AUTHENTICATION, javaNamingSecurityAuthentication);
env.put(Context.SECURITY_PRINCIPAL, javaNamingSecurityPrincipal);
env.put(Context.SECURITY_CREDENTIALS, javaNamingSecurityCredentials);
env.put(Context.SECURITY_PROTOCOL, javaNamingSecurityProtocol); // para poder modificar password y grupos del usuario.
env.put(Context.PROVIDER_URL, javaNamingProviderUrl);
env.put(Context.REFERRAL, javaNamingReferral);
return new InitialLdapContext(env, null);
}
public void changePassword(String userCN, String newPassword) throws NamingException, UnsupportedEncodingException, IOException {
modifyAdAttribute(userCN, "unicodePwd", converteString(newPassword));
System.out.println("Password changed for " + userCN);
}
public void changeEmail(String userDN, String newEmail) throws NamingException, UnsupportedEncodingException, IOException {
modifyAdAttribute(userDN, "mail", converteString(newEmail));
System.out.println("Email changed for " + newEmail);
}
private void modifyAdAttribute(String userCN, String attribute, Object value) throws NamingException{
ModificationItem[] modificationItem = new ModificationItem[1];
modificationItem[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute(attribute, value));
ldapContext.modifyAttributes(userCN, modificationItem);
}
private static byte[] converteString(String password) throws UnsupportedEncodingException{
String newQuotedPassword = "\"" + password + "\"";
return newQuotedPassword.getBytes("UTF-16LE");
}
public void close() throws NamingException
{
if (ldapContext != null)
{
ldapContext.close();
}
}
Reading the attributes is usually done with the code below:
public class TesteLdap {
/**
* #param args the command line arguments
*/
private static SearchControls getSimpleSearchControls() {
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setTimeLimit(30000);
//String[] attrIDs = {"objectGUID"};
//searchControls.setReturningAttributes(attrIDs);
return searchControls;
}
public static void main(String[] args) throws NamingException {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://rndc10.tre-rn.jus.br:3269");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.REFERRAL, "ignore");
String filter = "(&(objectClass=user)(CN=018061671627))";
LdapContext ctx = new InitialLdapContext(env, null);
ctx.setRequestControls(null);
NamingEnumeration<?> namingEnum = ctx.search("OU=DG,OU=PRES,OU=TRERN,DC=tre-rn,DC=jus,DC=br", filter, getSimpleSearchControls());
while (namingEnum.hasMore()) {
SearchResult result = (SearchResult) namingEnum.next();
Attributes attrs = result.getAttributes();
System.out.println(attrs.get("cn"));
System.out.println(attrs.get("displayname"));
System.out.println(attrs.get("mail"));
System.out.println(attrs.get("distinguishedName"));
}
namingEnum.close();
} catch (Exception e) {
e.printStackTrace();
My environment: Active Directory on Windows 2008R2 Standart, Open JDK 7 running on unbutu 12.10.
I would be grateful if someone help me because I've tried everything but I can not make it work.
The error seems to be self-explanatory. You should perform this operation over LDAPS using port 636.
Have you tried to use
env.put(Context.PROVIDER_URL, "ldaps://rndc10.tre-rn.jus.br:636");
(Note that ldaps:// is not mandatory if you specify ssl separately).
Do you have RODCs (Read only DCs) in your environment? And if so, is rndc10.tre-rn.jus.br a RODC?
Perhaps you should be pointing to a DC that is writeable?
Have you tried updating this string:
env.put(Context.PROVIDER_URL, "ldap://rndc10.tre-rn.jus.br:3269");
to:
env.put(Context.PROVIDER_URL, "ldaps://rndc10.tre-rn.jus.br:3269");
^