Re: How do I bind to LDAP with a username/password
- From: laredotornado <laredotornado@xxxxxxxxxxx>
- Date: Thu, 12 Mar 2009 14:42:13 -0700 (PDT)
On Mar 12, 3:37 am, Nigel Wade <n...@xxxxxxxxxxxx> wrote:
laredotornadowrote:
On Mar 11, 9:15 am, Nigel Wade <n...@xxxxxxxxxxxx> wrote:
laredotornadowrote:
On Mar 11, 4:18 am, Nigel Wade <n...@xxxxxxxxxxxx> wrote:
laredotornadowrote:
Hi,
I'm using Java 1.5. Does anyone know how I can bind to an LDAP server
with a username and password? Note that this is different from
authenticating against an LDAP server with a username and password.
Authentication against LDAP normally works by attempting to bind with the
supplied credentials. Failure to bind indicates a failure to authenticate.
itwhichThe only other way to do it would be to bind with some master credentials
had full read access (including passwords), perform a search for the
SECURITY_PRINCIPAL, fetch the encrypted password for that DN and compare
to
the SECURITY_CREDENTIALS (after suitable encryption of said
SECURITY_CREDENTIALS).
That I can set up like so ...
Hashtable env = new Hashtable(5, 0.75f);
...
env.put(Context.SECURITY_PRINCIPAL, name+"@" + this.domain);
env.put(Context.SECURITY_CREDENTIALS, pass);
...
InitialLdapContext context = null;
context = new InitialLdapContext(env, null);
I was looking at ways of writing the LDAP connect string (http://
www.rlmueller.net/LDAP_Binding.htm), and there seems to be a place for
the bind username ("cn") but I can't see where the password would go.
testand this does the former method, i.e. binding as SECURITY_PRINCIPAL to
authentication.
Any help is appreciated, - Dave
I think you've already helped yourself, you just don't realize it....
boundWhat operation are you wanting to perform on the directory after you've
to
it?
means "add",P.S. Beware the very confusing terminology in JNDI where "bind"
yourather than in LDAP where it means "connect". When you "bind" with JNDI
are
adding an entry into the directory.
--
Nigel Wade
I'm so new to this I'm still not seeing the answer in your reply.
Often you connect anonymously to LDAP and then run a query passing in
different username/passwords to see if they authenticate.
I've never come across that method, and I don't see how it could work.
entriesYou can bind anonymously and run queries on the contents/attributes of
in the directory, but you will have limited success depending on the security
in the directory server, and what attributes are visible to anonymous binds.
You can attempt to bind with some given credentials, and you will either
succeed or fail depending on whether the credentials are valid. You can bind
with the master credentials and then run a query which ought to succeed.
In this
case I want to connect with master credentials and then run queries
authenticating others using the
env.put(Context.SECURITY_PRINCIPAL, name+"@" + this.domain);
env.put(Context.SECURITY_CREDENTIALS, pass);
syntax.
knowIt's not at all clear to me what you are wanting to achieve. If you want to
if some credentials will authenticate you attempt to bind with those
credentials. There is no query that I know of which you can run to test
authentication. AFAIK that just isn't part of the LDAP protocol.
But how do I connect as the master credentials?
ofYou supply the DN of that entry, and the password. To test the authenticity
other credentials you do exactly the same. The only reason you might want to
bind first with some other credentials is because you only have the uid, or
some other part of the identity, rather than the DN. So you'd bind with
credentials which had search access to the attributes you need, and with read
access to the DN.
For example if the user entry you want has a uid field
containing "n...@xxxxxxxxxxx" you would perform a search for a uid with that
value. If the search was successful you could extract the DN from the result
and use that to bind. If the search fails you know that user entry is not in
the directory.
IOW, what
code or other URL syntax should I be using before I can perform the
query operation above?
Thanks for your help, - Dave
--
Nigel Wade- Hide quoted text -
- Show quoted text -
In my situation, binding/connecting anonymously is not an option. So
what I'm trying to achive is
1. Connecting with master credentials
2. Then authenticating a user with some other username/password (which
I know how to do when I bind anonymously).
Why are you performing step 1?
It isn't necessary and doesn't achieve anything.
You supply the DN of that entry, and the password.
and do you do that through the same procedure as above, setting up a
Hashtable that is my environment and calling
context = new InitialLdapContext(env, null);
. If so, would I be doing this twice -- once for the master
credentials and then immediately after with the user I wish to
authenticate?
You would indeed. I see no reason whatsoever for the first step. Just bind as
the user you want to "authenticate", that's how you "authenticate" with LDAP.
--
Nigel Wade- Hide quoted text -
- Show quoted text -
So you're saying I never need to authenticate with master
credentials? Then this may be an unrelated question, but what is the
significance of the "cn" in the connect string and when is it
required?
Thanks, - Dave
.
- Follow-Ups:
- Re: How do I bind to LDAP with a username/password
- From: Nigel Wade
- Re: How do I bind to LDAP with a username/password
- References:
- How do I bind to LDAP with a username/password
- From: laredotornado
- Re: How do I bind to LDAP with a username/password
- From: Nigel Wade
- Re: How do I bind to LDAP with a username/password
- From: laredotornado
- Re: How do I bind to LDAP with a username/password
- From: Nigel Wade
- Re: How do I bind to LDAP with a username/password
- From: laredotornado
- Re: How do I bind to LDAP with a username/password
- From: Nigel Wade
- How do I bind to LDAP with a username/password
- Prev by Date: Re: auditing with context?
- Next by Date: Re: version of the JRE
- Previous by thread: Re: How do I bind to LDAP with a username/password
- Next by thread: Re: How do I bind to LDAP with a username/password
- Index(es):
Relevant Pages
|
