I'm trying to get in contact with an AD. I have tried to use this code to connect, but it doesn't seem to connect at all. I'm sorry for not being able to be more specific than this, but that's simply all I know. Nothing happens. I've removed what I viewed as the non-essential part of this class, where the result is dealt with, because at this point there simply isn't any result at all to deal with. I don't get any errors in Netbeans, but.. Nothing happens when I try to connect.
What's going on? What am I doing wrong?
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.*;
import java.util.Hashtable;
import java.util.*;
public class AD {
public static void main(String[] args) {
String userName = "xx"; //AD username
String password = "xx"; //AD password
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://192.168.1.102:389/dc=agileworks,dc=com"); //AD Server URL - dc lader til at være "domain content"
//env.put(Context.SECURITY_AUTHENTICATION, "simple"); //virker ikke nødvendig
//env.put(Context.SECURITY_PRINCIPAL, new String("agileworks" + "\\" + userName));
env.put(Context.SECURITY_PRINCIPAL, "agileworks" + "\\" + userName); //måske er tabelnavn\\ ikke nødvendig?
env.put(Context.SECURITY_CREDENTIALS, password); //password
DirContext ctx = null; //initialisering
NamingEnumeration results = null; //initialisering
}
}
You need to create a context not just the variable. You basically just put some data into the hash table and that's it.
I don't specifically know about LDAP but with JNDI you'd need to call new InitialContext() in order to actually create a context. After that you might have to call a method on that context in order to make something happen.
So in case of an LDAP context you'd need something like this:
DirContext ctx = new InitialLdapContext(env, new Control[0]);
NamingEnumeration results = ctx.search(....);
Related
I tried to Authenticate the mobile user on IDAM-LDAP via NetIq. But for that we need some of the service or mechanism in which we can verify directly send our username and password and that will be validated by NetIq via LDAP.
I tried with simple java connection to LDAP for user authentication.
Below parameters are used
INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); \n
PROVIDER_URL, "ldap:// IP ADDRESS :10389");
SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
SECURITY_CREDENTIALS, "PASSWORD");
Apart from which parameters we can use to successful testing so that we can implement in java adapter.
package com.wipro.ibm;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
public class Testing {
public static void main(String[] args) throws Exception {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap:// ldap ip :10389");
props.put(Context.SECURITY_PRINCIPAL, "CN=Testnetiq.O=IBOM_test");
props.put(Context.SECURITY_CREDENTIALS, "Wipro#123");
InitialDirContext context = new InitialDirContext(props);
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[] { "givenName", "sn", "memberOf" });
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<javax.naming.directory.SearchResult> answers = context.search("o=IBOM_test",
"(uid=" + "Test123" + ")", ctrls);
javax.naming.directory.SearchResult result = answers.nextElement();
String user = result.getNameInNamespace();
try {
props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://ldap ip :10389");
props.put(Context.SECURITY_PRINCIPAL, user);
props.put(Context.SECURITY_CREDENTIALS, "Test#123");
context = new InitialDirContext(props);
} catch (Exception e) {
System.out.println("false");
}
System.out.println("True");
}
}
The error javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - Confidentiality Required indicates that you need to connect using TLS/SSL instead of connecting to the clear text port.
Normally that is port 636 but in your case it might be 10636 since your non-encrypted port is 10389.
I have the following code for Ldap user authentication:
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class LdapUtil {
public static final String PROVIDER_URL= "ldap://ourLdapServer";
public static final String SECURITY_AUTHENTICATION="simple";
public static final String SECURITY_PRINCIPAL_POSTFIX="#org.local";
private String ldapAttributes[] = null;
public boolean isCorrectUser(String user, String pass){
boolean result = false;
if (user == null || pass == null || "".equals(user) || "".equals(pass)) {
return result;
}
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, PROVIDER_URL);
env.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
env.put(Context.SECURITY_PRINCIPAL, user + SECURITY_PRINCIPAL_POSTFIX);
env.put(Context.SECURITY_CREDENTIALS, pass);
LdapContext ctxGC = new InitialLdapContext(env, null);
ldapAttributes = getUserBasicAttributes(user,ctxGC);
ctxGC.close();
result = true;
//System.out.println("LDAP authentication for " + username + " succeeded!");
} catch (Exception e) {
// Not authenticated
result = false;
//System.out.println("LDAP authentication for " + username + " failed!");
}
return result;
}
}
There is one main drawback - it works only for one Ldap server.
Now I would like to define alternative Ldap servers for fail-over purposes (e.g. when the main ldap is down or is not accessible - the program should try to query the secondary ldap, if that is not available next one etc.).
How would I achieve that?
And how would I minimise authentication time if the primary server would stay offline for a long time?
Thanks in advance.
Just add multiple LDAP PROVIDER_URLs:
// Specify list of [space-separated URL][1]s
env.put(Context.PROVIDER_URL,
"ldap://ourLdapServer " +
"ldap://ourLdapServer2 " +
"ldap://ourLdapServer3 " +
"ldap://ourLdapServer4");
I am developing a project in java and JSP that needs to access an active directory for login and retrieving some values. I have done the login part(authentication) but i am not able to get help over the retrieval part.I am completely new to active directory concept, so please aid me accordingly.
I am giving the code of the java class that i have used for user authentication:
package classes;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class AD_Auth {
private static final String CONTEXT_FACTORY_CLASS ="com.sun.jndi.ldap.LdapCtxFactory";
private static final String domainName = "#xyz.IN";
private static final String providerUrl = "ldap://srdeladc02.xyz.in:123";
public static boolean authenticate(String username, String password) {
try {
Hashtable<Object, Object> env = new Hashtable<Object, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, CONTEXT_FACTORY_CLASS);
env.put(Context.PROVIDER_URL, providerUrl);
env.put(Context.SECURITY_PRINCIPAL, username + domainName);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.SECURITY_AUTHENTICATION, "strong");
DirContext ctx = new InitialDirContext(env);
ctx.close();
return true;
} catch (NamingException e) {
System.out.println("Dear User, The username or password you have entered is in correct, please try again.");
}
return false;
}
public static void main(String[] args) {
// if someone emailid is myemail#icar.gov.in then username will be myemail
//System.out.println(AD_Auth.authenticate("username", "password"));
}
}
I am facing some difficulties while listing all the users in the Active Directory. I reached to the group, but unfortunately, I could not retrieve all the users. I am looking for the user Full Names, usernames, directorate. My code is:
package client;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.*;
import java.util.Enumeration;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.directory.*;
public class AD1 {
public AD1() {
super();
}
public static String usersContainer = "cn=XX,ou=XX,ou=Groups,dc=XX,dc=XX,dc=XXX";
public static void main(String[] args) {
try {
LdapContext ctx = null;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
//it can be <domain\\userid> something that you use for windows login
//it can also be
env.put(Context.SECURITY_PRINCIPAL, "username");
// env.put(Context.SECURITY_CREDENTIALS, "password");
try {
env.put(Context.SECURITY_CREDENTIALS, "password".getBytes("UTF8"));
}
catch (java.io.UnsupportedEncodingException e) { /* ignore */ }
//in following property we specify ldap protocol and connection url.
//generally the port is 389
env.put(Context.PROVIDER_URL, "ldap://IP:PORT");
ctx = new InitialLdapContext(env, null);
System.out.println("Connection Successful.");
DirContext ctx1 = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
String[] attrIDs = { "distinguishedName","cn","name","uid",
"sn",
"givenname",
"memberOf",
"samaccountname",
"userPrincipalName" };
ctls.setReturningAttributes(attrIDs);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//ctls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration answer = ctx1.search( usersContainer, "(objectClass=user)", ctls );
System.out.print("Out while loop");
while(answer.hasMore()) {
System.out.print("while loop11");
SearchResult rslt = (SearchResult)answer.next();
Attributes attrs = rslt.getAttributes();
System.out.println(attrs.get("uid"));
ctx1.close();
}
} catch(NamingException nex) {
System.out.println("Active Directory Connection: FAILED");
nex.printStackTrace();
}
}
}
Can anyone help.
As it's active directory and not real ldap your talking about, can you help us with more details about ldap/active directory configuration ?
It's kind hard to help you with informations you give
Edit 1:
your problem is here no ?
while(answer.hasMore()) {
System.out.print("while loop11");
SearchResult rslt = (SearchResult)answer.next();
Attributes attrs = rslt.getAttributes();
//System.out.println(attrs.get("uid"));
System.out.println(attrs.get("cn"));
ctx1.close();
}
I need to add some user accounts to a openDS server programmatically, but I don't know how to do it even after look through the openDS wiki. Could anyone help me?
The below code is using jndi. This will just add an user object with provided password. This is not much. But this might help you to get started.
Also I would prefer to stick with jndi compared to opends-sdk.
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.DirContext;
import javax.naming.directory.Attributes;
import javax.naming.directory.Attribute;
import javax.naming.NamingException;
public class App {
/* Ugly HardCoded stuff */
public static String ldapUri = "ldap://localhost:2389";
public static String admindn = "cn=Directory Manager";
public static String admincred = "password";
public static String usersContainer = "ou=users,dc=example,dc=com";
public static void main(String args[]){
if (args.length != 2) {
System.out.println("Usage: App userName password");
return;
}
String username = args[0];
String password = args[1];
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUri);
env.put( Context.SECURITY_PRINCIPAL, admindn );
env.put( Context.SECURITY_CREDENTIALS, admincred );
try {
DirContext ctx = new InitialDirContext(env);
Attributes attrs = new BasicAttributes(true);
Attribute objclass = new BasicAttribute("objectclass");
objclass.add("top");
objclass.add("inetorgperson");
Attribute surname = new BasicAttribute("sn");
surname.add(username);
Attribute pwd = new BasicAttribute("userpassword");
pwd.add(password);
attrs.put(objclass);
attrs.put(surname);
attrs.put(pwd);
ctx.createSubcontext("cn="+username+","+usersContainer, attrs);
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
To add programmatically user accounts in OpenDS, you need to use an LDAP client library for your OS and preferred programming language.
OpenDS has an LDAP library for Java, with many sample code.
http://www.opends.org/promoted-builds/sdk/20110126210001/
Sample are in the Example directory.
Here the code used in php working fine for me
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
</head>
<body>
<?php
$ldapconfig['host'] = 'PC100';
$ldapconfig['port'] = 1389;
$ldapconfig['basedn'] = 'dc=company,dc=com';
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
$password=1;
$username="cn=Directory Manager";
if ($bind=ldap_bind($ds, $username, $password)) {
echo("Login correct");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // IMPORTANT
$dn = "cn=roshanis,dc=example,dc=com";
$ldaprecord['cn'] = "roshanis";
$ldaprecord['givenName'] = "mkljl";
$ldaprecord['sn'] = "roshan";
$ldaprecord['objectclass'][0] = "inetOrgPerson";
$ldaprecord['objectclass'][1] = "test";
$ldaprecord['mail'] = "lkl#fh.com";
// add data to directory
$r = ldap_add($ds, $dn, $ldaprecord);
// $r= ldap_modify($ds, $dn, $ldaprecord);
} else {
echo("Unable to bind to server.</br>");
}
?>
</body>
</html>