I am new to using JNDI and I am trying to connect to Active Directory using JNDI and I am facing either Authentication Error or Connection Time out. I am unable to understand what is the potential reason.This how my Active Directory looks like
I have tried the following code
public class ConnectAD {
static DirContext ldapContext;
public static void main(String[] args) throws NamingException {
try {
System.out.println("Début du test Active Directory");
Hashtable<String, String> ldapEnv = new Hashtable<String, String>();
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://172.16.1.179:389");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, "ou=Users,ou=Test1,dc=gigabyte,dc=local");
ldapEnv.put(Context.SECURITY_CREDENTIALS, "5uperCharger");
ldapContext = new InitialDirContext(ldapEnv);
//LdapContext ctx = new InitialLdapContext(ldapEnv,null);
I get the error at while creating the InitialDirContext.
I have an administrator user but I tried giving the cn=administrator but could not connect. I was getting an Authentication Error when I do so.
I also have a name to my ADServer which is GIGA(just trying to provide as much as i can)
Can you please let me know what can be the issue.
Related
I'm using JDeveloper 11g.
I want to create a new user programmatically in 'jazn-data.xml'. Is this possible and how can I do it?
public void createWeblogicUser() {
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL, "weblogic");
env.put(Context.SECURITY_CREDENTIALS, "welcome1");
env.put(Context.PROVIDER_URL, "t3://127.0.0.1:7101");
InitialContext ctx = new InitialContext(env);
MBeanServer wls = (MBeanServer) ctx.lookup("java:comp/env/jmx/runtime");
wls.invoke(new ObjectName(" Security:Name=myrealmDefaultAuthenticator")
, "createUser"
, new Object[] {"wls_user5555", "password123","User created programmatically."}
, new String[] {"java.lang.String", "java.lang.String","java.lang.String"}
);
ctx.close();
}
catch(Exception ex) {
ex.printStackTrace();
}
}
Yes, is possible.
Technically speaking, you do not create users in jazn-data.xml, this is just a file used at development time. At runtime, you create users in weblogic.
Please find below a link:
Creating WebLogic users programmatically from a standalone Java client
I am trying to connect to AD using Anonymous binding and do some operations like search a user DN using CN, find mail id etc ....
Here is the code:
public class TestADAnanymousConnection {
public static void main(String[] args) throws NamingException {
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"ldap://localhost:389/dc=myad,dc=com");
env.put(Context.SECURITY_AUTHENTICATION, "none");
DirContext ctx;
ctx = new InitialDirContext(env);
System.out.println(ctx.lookup("cn=Administrator"));
}
}
It shows error message as below:
Exception in thread "main" javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: **In order to perform this operation a successful bind must be completed on the connection**., data 0, v1db1 remaining name 'cn=Administrator'
at line System.out.println(ctx.lookup("cn=Administrator"));
Can somebody please let me know whether I missed anything in the code?
Thanks.
You cannot. Anonymous binding is only possible for quering root DN. That's it.
I've a java code which uses JNDI to acess a Directory and get user/password to login inside a samba.
What I need is a way to covnert it to .Net code. However I read this MSDN article and couldn't understand. I've tried to use DirectorySearcher class in many different ways.
There's a small piece of java code:
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
env.put(Context.PROVIDER_URL, jndiServerURL);
ic = new InitialContext(env);
fileSystemProxy = (T3FileSystemProxy) ic.lookup("Credential");
}
catch (Exception e) {
e.printStackTrace();
}
Does somebody know how to implement it?
Unfortunately I couldn't implement JNDI because it's an interface for Java. I've had to get the UNC path and to authenticate using network credential.
using (new UNCPathAccess(Path.GetDirectoryName(pathPdf), username, string.Empty, password))
{
Email.Send(subject, body, email, attachments);
}
I have implemented method:
public static LdapContext buildContext(String username, String password) {
LdapContext context = null;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
context = new InitialLdapContext(env, null);
} catch (NamingException e) {
}
return context;
}
I do not know the full CN/DN string. I only pass the name of a user (f.e. Tom) and password.
I have no info about groups etc..
Thank you in advance!
Search for the entry using what information you have. The search result will contain the number of entries that matched the search and the DN of each entry that matched, therefore the search should be as restrictive as possible in order to return just the one entry for which you're looking. Then use that DN to BIND to the server,
What Terry said.
We have an example of performing Basic JNDI Search with Administration Account
public static void main(String[] args)
{
String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
String MY_HOST = "ldap://Localhost:1389";
String MGR_DN = "cn=John,ou=Users,o=IT,dc=QuizPortal";
String MGR_PW = "password";
//Identify service provider to use
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
try
{
// Create the initial directory context
InitialDirContext initialContext = new InitialDirContext(env);
System.out.println("Context Sucessfully Initialized");
}
catch(Exception e)
{
System.err.println(e);
}
}
I would like to ask when I set the MGR_DN = "cn=John,ou=Users,o=IT,dc=QuizPortal" to MGR_DN = "uid=103,ou=Users,o=IT,dc=QuizPortal". Basically changing from cn to uid, I would encounter an error
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
I am authenticated when is specified as cn=John but not uid=103. Am I not allowed to specify by uid?
If you don't know the exact DN in advance, you should do a search in the LDAP directory first. This can be done more or less like this (make sure you catch the relevant exceptions):
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapServerUrl);
env.put(Context.SECURITY_AUTHENTICATION, "none");
SearchControls searchCtrls = new SearchControls();
searchCtrls.setReturningAttributes(new String[] {});
searchCtrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(cn=" + identifier + "))";
DirContext ctx = null;
ctx = new InitialDirContext(env);
NamingEnumeration<SearchResult> answer = ctx.search(
ldapBaseDN, filter, searchCtrls);
String fullDN = null;
if (answer.hasMore()) {
fullDN = answer.next().getNameInNamespace();
ctx.close();
ctx = null;
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, fullDN);
env.put(Context.SECURITY_CREDENTIALS, password);
ctx = new InitialDirContext(env);
return true;
}
// Exception otherwise ...
Here, the search filter is "(&(cn=" + identifier + "))" (so, for example (&(cn=John))), but you could use the uid instead. Uniqueness of the results depends on the configuration of the LDAP server. The base DN also depends on the way it's set up (it could be ou=Users,o=IT,dc=QuizPortal in your example).
You have to specify the DN or distinguished name. That's the name the user is bound as in the directory. You can't just select any chain of attributes. If your users are bound via the 'cn' attribute then only the 'cn' attribute is part of the DN.
It looks like a server configuration issue. Here's a similar problem including a solution. Basically you'll have to specify whether to use uid or cn for authentication in ldap-authentication.properties.