Results 1 to 6 of 6
  1. #1
    ppo
    ppo is offline Member
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    0

    Default Ldap bind mechanism in java

    Hello all,
    Im facing solution find ldap bind similar to ldap_bind function in php.

    it seems easy and nice.
    I had look around the web ans some forums and got direction to use this

    But this is not similar solution as in php.
    ldap_bind use only conection, userName and password dont know nothing about password hash method and will verify credentials as valid or invalid.

    Anyone have informaiton or ideas how to do it in java?

    Petr, cz

  2. #2
    travishein's Avatar
    travishein is offline Senior Member
    Join Date
    Sep 2009
    Location
    Canada
    Posts
    684
    Rep Power
    6

    Default

    I have had good luck with the spring-ldap project. Their API can be used on its own (e.g. Java classes), but is also well suited for use with the springframework (e.g. with in an applicationContext.xml configured bunch of beans.

  3. #3
    ppo
    ppo is offline Member
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    0

    Default

    Quote Originally Posted by travishein View Post
    I have had good luck with the spring-ldap project. Their API can be used on its own (e.g. Java classes), but is also well suited for use with the springframework (e.g. with in an applicationContext.xml configured bunch of beans.
    Thank, it look good.
    Can I use this in no spring application?
    How I see I will need configure contextSource, so I will look to API.
    Hope that will find info how to use it in non spring project.

    Hmm I prepared soem example with manual creating LdapContexSource,

    when i will try do ctx = ctxSource.getContext("uid=user,ou=People,dc=firm,d c=cz", "pass");

    I will get LDAP: error code 49 - cannot bind the principalDn

    Im using ApacheDs 1.5.7, I found that maybe ApachaDs in this version didnt support it
    mere about it here
    I hope that I understand well, so im try configure open ldap, btw customer use openldap too. So it will help me too.
    Im little scare by openLDap configuration :], hope my mind will discover easy way

    Thank enjoy Friday.

    Petr
    Last edited by ppo; 05-21-2010 at 09:21 AM.

  4. #4
    ppo
    ppo is offline Member
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    0

    Default

    So I install and simple configure openLdap under windows.

    I created name context and one user

    have this code
    Java Code:
     public void testLdapContext() {
            try {
                String dnStrVal = "cn=manager,dc=envinet,dc=cz";
                LdapContextSource ctxSource = new LdapContextSource();
                ctxSource.setUrl("ldap://172.16.40.253:389");
                ctxSource.setUserDn(dnStrVal);
                ctxSource.setPassword("secret");
                ctxSource.setPooled(false);
                ctxSource.afterPropertiesSet();
                ctxSource.getReadWriteContext();
    
                DirContext ctx = null;
                try {
                  ctx = ctxSource.getContext("uid=petr.pokorny,dc=envinet,dc=cz", "pass");
    
                  assertNotNull(ctx);
                } catch (Exception e) {
                  // Context creation failed - authentication did not succeed
                    e.printStackTrace();
                  fail("Neprobehlo");
                } finally {
                  // It is imperative that the created DirContext instance is always closed
                  LdapUtils.closeContext(ctx);
                }
                 
            } catch (Exception e) {
                e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
            }
    
        }
    and I got
    Java Code:
    org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    Here is text from openLDAp console:
    Java Code:
    do_bind: version=3 dn="uid=petr.pokorny,dc=envinet,dc=cz" method=128
    bdb_dn2entry("uid=petr.pokorny,dc=envinet,dc=cz")
    => bdb_dn2id( "uid=petr.pokorny,dc=envinet,dc=cz" )
    <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

    If I put to the getContext manager data all is ok
    Java Code:
    ctx = ctxSource.getContext("uid=petr.pokorny,dc=envinet,dc=cz", "pass");
    
    ldap console
    do_bind: version=3 dn="cn=manager,dc=envinet,dc=cz" method=128
    do_bind: v3 bind: "cn=manager,dc=envinet,dc=cz" to "cn=manager,dc=envinet,dc=cz"

    Im no tmuch familiar with openLdap so Now Im think if is problem in openLdap configuration, or in created user in directory, or something in java code?

    anyone is welcome for helping with this.

    petr,cz
    Last edited by ppo; 05-21-2010 at 11:45 AM.

  5. #5
    ppo
    ppo is offline Member
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    0

    Default

    My example work, now.

    I copied full dn from my ldap manager and realized, that I have diferent dn.
    And some other atributes are missing, I dont know how it happend, but Im glad that it work now.

    thank for showing me spring ldap api.

    I cannot use diferent cn or any other atributte for bind.
    I need use only cn which is part of RDN.
    I will need use uid atribute.

    Why it is not possible by this way, do I need configure something in ldap server?

    Petr,cz
    Last edited by ppo; 05-21-2010 at 12:28 PM.

  6. #6
    travishein's Avatar
    travishein is offline Senior Member
    Join Date
    Sep 2009
    Location
    Canada
    Posts
    684
    Rep Power
    6

    Default

    I think you need to use the RDN for binding because from the outsite as a non-authenticated user, that is the only unique key to refer to the one user.

    You mean, uid is not your RDN. I thought it was uid=xxx, ...

    If wonder you want to bind / login using some other unique user attribute, if it would be possible to first search for the user and then determine the rdn and then attempt to bind with this. where to do this we need to configure an administrative ldap user to connect to the ldap repository to invoke this query on the user's behalf.

    I have only ever done this with spring framework as well with the spring-ldap, where i make use of their LdapTemplate to help me get the connection to the ldap server.

    For example, my authentcate by uid handler

    Java Code:
    public class LdapAuthenticationManager extends LdapTemplate {
    
      public boolean isValidAuthCredentials(String uid, String password) {
        
        // uses spring-ldap 3.0 convenience authenticate() method.
        // constructs a filter to find a user object, that is active, and has the given roles.
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("uid", uid));
            
        return authenticate(DistinguishedName.EMPTY_PATH, filter.toString(), password);
      }
      
    }
    This lets us build more attributes into the filter too, for example, we could instead search on "mail" attribute likely, or perhaps if we had a custom 'active' attribute, we could add these other attributes to this filter criteria to try to find the user by that other criteria.

    and the spring bean factory configuration :

    Java Code:
    <?xml version="1.0" ?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:aop="http://www.springframework.org/schema/aop"
           xmlns:tx="http://www.springframework.org/schema/tx"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd>
    
       <bean id="propertyConfigurer"
        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
        >
        <property name="locations">    
          <list>
            <value>WEB-INF/conf/application.properties</value>
          </list>
        </property>
      </bean>
      
      <bean
        id="contextSource"
        class="org.springframework.ldap.core.support.LdapContextSource">
        <property
          name="url"
          value="${ldap.url}" />
        <property
          name="base"
          value="${ldap.base}" />
        <property
          name="userDn"
          value="${ldap.userDn}" />
        <property
          name="password"
          value="${ldap.password}" />
      </bean>
    
      <bean
        id="ldapTemplate"
        class="org.springframework.ldap.core.LdapTemplate">
        <property
          name="contextSource"
          ref="contextSource" />
      </bean>
    
       <bean id="authenticationManager" parent="ldapTemplate"
        class="............LdapAuthenticationManager">
      </bean>
    </beans>
    where in this case i have that application.properties file in my WEB-INF/conf/ folder to contain the ldap.url, ldap.base, ldap.userDn, and ldap.password settings - this is for connecting to the server, but also the userDn here is the system ldap account that our application uses to connect to and invoke the query with.


    I guess you could try to wire up that ldap template without using a spring bean / applicationContext thing too, though the ldaptemplate is in the spring jar.
    Last edited by travishein; 06-10-2010 at 04:32 AM.

Similar Threads

  1. XML Based theming mechanism
    By Y. Progammer in forum New To Java
    Replies: 0
    Last Post: 02-27-2010, 08:16 PM
  2. Replies: 4
    Last Post: 12-19-2009, 11:16 AM
  3. bind slider to column in DB
    By nicromonicon in forum New To Java
    Replies: 0
    Last Post: 01-12-2009, 05:14 PM
  4. Replies: 0
    Last Post: 07-11-2008, 05:39 PM
  5. Configuring LDAP and JAVA
    By peiceonly in forum Advanced Java
    Replies: 2
    Last Post: 04-19-2007, 07:46 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •