This discussion is archived
8 Replies Latest reply: May 4, 2011 1:00 AM by 569738 RSS

LDAP

569738 Newbie
Currently Being Moderated
Hope you all are fine;

I have being given this php file, the company need me to change it to java authentication, but I am stuck with some error of binding..

PHP Code
$q = $_GET["q"];
if ($q) {
    $ds = ldap_connect("ip address") or die(ldap_error($r));  // must be a valid LDAP server!
    if ($ds) {
        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
        $r = ldap_bind($ds, "username", "password");
    }
    $sr = ldap_search($ds, "cn=Users, DC=mycompany,DC=com", "(cn=$q)") or die(ldap_error($r));
    $info = ldap_get_entries($ds, $sr);
    foreach ($info as $item) {
        $re[] = $item;
    }
    ldap_close($ds);
    $list = $re;
}


if ($list)
    foreach ($list as $key => $value) {
        echo "<b>$key</b><br>";
        if (is_array($value))
            foreach ($value as $k => $v) {
                if (eregi("[a-z]", $k))
                    echo "$k={$v[0]}<br>";
            }
        echo "<br><br>";
    }
my java code: this code i got it from different place through alot of googling...
Properties env = new Properties();

        String sp = "com.sun.jndi.ldap.LdapCtxFactory";
        env.put(Context.INITIAL_CONTEXT_FACTORY, sp);

        String ldapUrl = "ldap://ipaddr:389/dc=mycompany, dc=com";
        env.setProperty(Context.SECURITY_PRINCIPAL, "cn=username");
        env.setProperty(Context.SECURITY_CREDENTIALS, "password");
        env.put(Context.PROVIDER_URL, ldapUrl);

        DirContext dctx = new InitialDirContext(env);

        String base = "ou=Exchange Administrative Group";

        SearchControls sc = new SearchControls();
        String[] attributeFilter = {"cn", "Users"};
        sc.setReturningAttributes(attributeFilter);
        sc.setSearchScope(SearchControls.SUBTREE_SCOPE);

        //String filter = "(&(sn=W*)(l=Criteria*))";
        String filter = "(cn=ab*)";
        //cn=Users, DC=zantel,DC=com,(cn=$q)

        NamingEnumeration results = dctx.search(base, filter, sc);
        while (results.hasMore()) {
            SearchResult sr = (SearchResult) results.next();
            Attributes attrs = sr.getAttributes();

            Attribute attr = attrs.get("cn");
            System.out.print(attr.get() + ": ");
            attr = attrs.get("mail");
            System.out.println(attr.get());
        }
        dctx.close();
The error
Exception in thread "main" javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
     at ldaptest.ldap.main(ldap.java:30)
Java Result: 1
Please need you help on this...
  • 1. Re: LDAP
    802316 Pro
    Currently Being Moderated
    Are you sure the full path of the user is correct? could it be something like "cn=username, cn=Users, DC=mycompany, DC=com"
  • 2. Re: LDAP
    569738 Newbie
    Currently Being Moderated
    the second this is that, i am new to LDAP.

    but as you can see on the i mention them as follows;
    env.setProperty(Context.SECURITY_PRINCIPAL, "cn=name");
            env.setProperty(Context.SECURITY_CREDENTIALS, "password");
    Edited by: Gurnah on May 2, 2011 4:42 PM
  • 3. Re: LDAP
    569738 Newbie
    Currently Being Moderated
    Error: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

    Cause: The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:

    Pointed to non-user DN
    Pointed to a non-existent user, but in existing DN
    Pointed to non existent DN
    Pointed to an existing user, but non existing DN
    Pointed to an incorrect admin DN, uid instead of cn
    Pointed to a non administrator user
    Pointed to a valid admin but password is incorrect
  • 4. Re: LDAP
    802316 Pro
    Currently Being Moderated
    So the first five suggestions match what I suggested. I repeat, have you checked the fully qualified name is correct.
  • 5. Re: LDAP
    EJP Guru
    Currently Being Moderated
    env.setProperty(Context.SECURITY_PRINCIPAL, "cn=name");
    Not adequate. The user principal requires the entire DN, not just the RDN.
  • 6. Re: LDAP
    569738 Newbie
    Currently Being Moderated
    the problem is on binding.. i did some googling again.. found out this;
           Properties env = new Properties();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://ip:389");
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            // CN=FName LName,OU=OrgUnit_the_user_stored_in,DC=Domain_name,DC=Domain_suffix
    
            env.setProperty(Context.SECURITY_PRINCIPAL, "CN=usernamei,ou=Exchange Administrative Group (FYDIBOHF23SPDLT),DC=mycompnay,DC=com");
            env.setProperty(Context.SECURITY_CREDENTIALS, "pwd");
            
    
            DirContext dctx = new InitialDirContext(env);
    the error is on binding... i dont know what to do.. please enlighten me here
  • 7. Re: LDAP
    EJP Guru
    Currently Being Moderated
    $r = ldap_bind($ds, "username", "password");
    Whatever you are passing here should work as the principal and credentials to JNDI.
  • 8. Re: LDAP
    569738 Newbie
    Currently Being Moderated
    I managed the first part is was a simple thing...
           Properties env = new Properties();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://ipaddr:389");
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.setProperty(Context.SECURITY_PRINCIPAL, "myusername");
            env.setProperty(Context.SECURITY_CREDENTIALS, "password");
            DirContext dctx = new InitialDirContext(env);

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points