1
votes

Currently, I'm using user and password as the connection credentials to ldap (in order to search on this AD).

My code looks like:

env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ...);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ...);
env.put(Context.SECURITY_CREDENTIALS, ...);
env.put("com.sun.jndi.ldap.connect.timeout", ...);

try {
  ctx = new InitialLdapContext(env, null);
}
catch (NamingException e) {
    System.out.println("error")
}

I want to change this code, so it will not use user+password as the credentials against the LDAP. I want it to authenticate using NTLM.

How can I do it? Can you provide an example?

2

2 Answers

1
votes

https://sourceforge.net/projects/javaldapntlmbind/

The solution uses UnboundID Java LDAP SDK and for the NTLM Handling, it uses samba.org's JCIF Java library. Due to using JCIF, it is platform independent and does not need to be run on Windows.

0
votes

No chance, JGSS does not support NTLM as SASL mechanism. Use Kerberos (GSS-API) with SASL.