1
votes

Currently, I'm using user and password as the connection credentials to ldap (in order to authenticate user of AD).

For authentication here I had created an initial context (for Active Directory) by using the InitialDirContext, where we supply a set of environment properties, which would be containing authentication information.

My code looks like:

env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ...);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ...);
env.put(Context.SECURITY_CREDENTIALS, ...);
env.put("com.sun.jndi.ldap.connect.timeout", ...);

try {
  ctx = new InitialLdapContext(env);
}
catch (NamingException e) {
    System.out.println("error")
}

I want to change this code, so it will authenticate entered user name and password as the credentials against the LDAP using NTLM.

Can you provide me any example?

NTLM – is a suite of Microsoft security protocol that provide - Authentication - Integrity - Confidentiality

2

2 Answers

0
votes

Forget it. There is no SASL support for NTLM in Java. Use GSS-API. Always abstain using proprietary thechnologies, there are a dead-end. And never use simple auth, it transports the password on cleartext. Use at least Digest MD5.

0
votes

I also wanted to connect to a Microsoft LDAP directory using NTLM.

Unfortunately Microsoft differences in LDAP admin permissions, depending on if you connect with Kerberos/NTLM vs. BIND/MD5 and I got sick on using the standard admin tools. And Kerberos is to restricted to user, users client and the LDAP server being in the same domain and needing to configure the errorprone JAAS config file for JRE.

Since its the most used directory around and since I also could not find any existing solution, I've tried to create an NTLM BIND solution myself, and i succeeded.

Its a single Java class file that extends the UnboundID Java LDAP SDK with an additional LDAP BIND class: https://sourceforge.net/projects/javaldapntlmbind/

The solution uses UnboundID Java LDAP SDK and for the NTLM Handling it uses samba.org's JCIF Java library. Due to using JCIF, it is platform independent and does not need to be run on Windows.