Results 1 to 3 of 3
  1. #1
    syntel is offline Member
    Join Date
    Jul 2009
    Posts
    3
    Rep Power
    0

    Default Program to validate a user against LDAP for login Authentication

    Hi All ,
    I have a very basic issue in LDAP . I am using OPEN DS as my LDAP Server and JNDI API to access LDAP Server for authorization.
    After creating a new user in Open DS, I created an html with username & password as textfield. Then I created a servlet which connected succesfully to LDAP Server. However, I am getting the password from LDAP Server for the current user in encrypted / digested format and hence my authorization always fails.

    This is my code:
    ==============
    package com.login.servlet;

    import javax.naming.Context;
    import javax.naming.NamingException;
    import javax.naming.directory.Attributes;
    import javax.naming.directory.DirContext;
    import javax.naming.ldap.InitialLdapContext;
    ..
    public class LoginServlet extends HTTPServlet{
    private static DirContext createLdapContext() throws NamingException {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://172.30.91.123:389");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
    env.put(Context.SECURITY_CREDENTIALS, "opends");
    return new InitialLdapContext(env, null);
    }

    public void validateUser(HttpServletRequest request, SessionVO sessionVO) {
    try {
    String un=request.getParameter("username");
    String pwd = request.getParameter("password");
    DirContext dirContext = createLdapContext();
    Attributes attrs = dirContext.getAttributes("uid="un",ou=People,dc=ex ample,dc=com");
    String actualPwd = attrs.get("userPassword").toString();
    if(pwd.equals(actualpwd)){
    System.out.println("Password correct");
    }else {
    System.out.println("Password worng");
    // I am getting this message always for both correct and incorrect password.
    }
    } catch (NamingException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    }catch (Exception e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    }
    }
    }


    =======================================
    I beleive that the authentication of the user should happen against the directory server and not inside the application like done in the above code .
    Either way I am stuck without a sample to proceed.
    My question is, how to write a program using JNDI API to authorize an user from LDAP Server for a login Screen?
    Thanks in Advance !

  2. #2
    ff1959 is offline Member
    Join Date
    Jul 2009
    Posts
    1
    Rep Power
    0

    Default

    The authentication method used by LDAP is the BIND operation.

  3. #3
    ppo
    ppo is offline Member
    Join Date
    Apr 2010
    Posts
    10
    Rep Power
    0

    Default

    Hello,
    Im looking for some bind tutorial for authorization.

    Our customer sended me that they use php function ldap_bind.
    So im looking for easy java alternative, im now studing, DirContex.bind...but I think that this is not the same function.
    thank for your sugestion.
    Petr

Similar Threads

  1. Replies: 2
    Last Post: 12-23-2008, 07:35 PM
  2. Replies: 6
    Last Post: 12-17-2008, 04:37 PM
  3. Replies: 1
    Last Post: 10-20-2008, 08:55 PM
  4. Replies: 1
    Last Post: 08-05-2008, 11:18 AM
  5. Login user name - for all platforms.
    By Eranga in forum Advanced Java
    Replies: 0
    Last Post: 03-17-2008, 06:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •