8 Replies Latest reply: May 4, 2011 3:00 AM by 569738 RSS

    LDAP

    569738
      Hope you all are fine;

      I have being given this php file, the company need me to change it to java authentication, but I am stuck with some error of binding..

      PHP Code
      $q = $_GET["q"];
      if ($q) {
          $ds = ldap_connect("ip address") or die(ldap_error($r));  // must be a valid LDAP server!
          if ($ds) {
              ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
              ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
              $r = ldap_bind($ds, "username", "password");
          }
          $sr = ldap_search($ds, "cn=Users, DC=mycompany,DC=com", "(cn=$q)") or die(ldap_error($r));
          $info = ldap_get_entries($ds, $sr);
          foreach ($info as $item) {
              $re[] = $item;
          }
          ldap_close($ds);
          $list = $re;
      }
      
      
      if ($list)
          foreach ($list as $key => $value) {
              echo "<b>$key</b><br>";
              if (is_array($value))
                  foreach ($value as $k => $v) {
                      if (eregi("[a-z]", $k))
                          echo "$k={$v[0]}<br>";
                  }
              echo "<br><br>";
          }
      my java code: this code i got it from different place through alot of googling...
      Properties env = new Properties();
      
              String sp = "com.sun.jndi.ldap.LdapCtxFactory";
              env.put(Context.INITIAL_CONTEXT_FACTORY, sp);
      
              String ldapUrl = "ldap://ipaddr:389/dc=mycompany, dc=com";
              env.setProperty(Context.SECURITY_PRINCIPAL, "cn=username");
              env.setProperty(Context.SECURITY_CREDENTIALS, "password");
              env.put(Context.PROVIDER_URL, ldapUrl);
      
              DirContext dctx = new InitialDirContext(env);
      
              String base = "ou=Exchange Administrative Group";
      
              SearchControls sc = new SearchControls();
              String[] attributeFilter = {"cn", "Users"};
              sc.setReturningAttributes(attributeFilter);
              sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
      
              //String filter = "(&(sn=W*)(l=Criteria*))";
              String filter = "(cn=ab*)";
              //cn=Users, DC=zantel,DC=com,(cn=$q)
      
              NamingEnumeration results = dctx.search(base, filter, sc);
              while (results.hasMore()) {
                  SearchResult sr = (SearchResult) results.next();
                  Attributes attrs = sr.getAttributes();
      
                  Attribute attr = attrs.get("cn");
                  System.out.print(attr.get() + ": ");
                  attr = attrs.get("mail");
                  System.out.println(attr.get());
              }
              dctx.close();
      The error
      Exception in thread "main" javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
           at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
           at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
           at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
           at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
           at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
           at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
           at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
           at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
           at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
           at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
           at javax.naming.InitialContext.init(InitialContext.java:223)
           at javax.naming.InitialContext.<init>(InitialContext.java:197)
           at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
           at ldaptest.ldap.main(ldap.java:30)
      Java Result: 1
      Please need you help on this...
        • 1. Re: LDAP
          802316
          Are you sure the full path of the user is correct? could it be something like "cn=username, cn=Users, DC=mycompany, DC=com"
          • 2. Re: LDAP
            569738
            the second this is that, i am new to LDAP.

            but as you can see on the i mention them as follows;
            env.setProperty(Context.SECURITY_PRINCIPAL, "cn=name");
                    env.setProperty(Context.SECURITY_CREDENTIALS, "password");
            Edited by: Gurnah on May 2, 2011 4:42 PM
            • 3. Re: LDAP
              569738
              Error: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

              Cause: The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:

              Pointed to non-user DN
              Pointed to a non-existent user, but in existing DN
              Pointed to non existent DN
              Pointed to an existing user, but non existing DN
              Pointed to an incorrect admin DN, uid instead of cn
              Pointed to a non administrator user
              Pointed to a valid admin but password is incorrect
              • 4. Re: LDAP
                802316
                So the first five suggestions match what I suggested. I repeat, have you checked the fully qualified name is correct.
                • 5. Re: LDAP
                  EJP
                  env.setProperty(Context.SECURITY_PRINCIPAL, "cn=name");
                  Not adequate. The user principal requires the entire DN, not just the RDN.
                  • 6. Re: LDAP
                    569738
                    the problem is on binding.. i did some googling again.. found out this;
                           Properties env = new Properties();
                            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                            env.put(Context.PROVIDER_URL, "ldap://ip:389");
                            env.put(Context.SECURITY_AUTHENTICATION, "simple");
                            // CN=FName LName,OU=OrgUnit_the_user_stored_in,DC=Domain_name,DC=Domain_suffix
                    
                            env.setProperty(Context.SECURITY_PRINCIPAL, "CN=usernamei,ou=Exchange Administrative Group (FYDIBOHF23SPDLT),DC=mycompnay,DC=com");
                            env.setProperty(Context.SECURITY_CREDENTIALS, "pwd");
                            
                    
                            DirContext dctx = new InitialDirContext(env);
                    the error is on binding... i dont know what to do.. please enlighten me here
                    • 7. Re: LDAP
                      EJP
                      $r = ldap_bind($ds, "username", "password");
                      Whatever you are passing here should work as the principal and credentials to JNDI.
                      • 8. Re: LDAP
                        569738
                        I managed the first part is was a simple thing...
                               Properties env = new Properties();
                                env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                                env.put(Context.PROVIDER_URL, "ldap://ipaddr:389");
                                env.put(Context.SECURITY_AUTHENTICATION, "simple");
                                env.setProperty(Context.SECURITY_PRINCIPAL, "myusername");
                                env.setProperty(Context.SECURITY_CREDENTIALS, "password");
                                DirContext dctx = new InitialDirContext(env);