I'd like to be ask an LDAP server if the provided username and password are correct in a Java application.
I ended up using jndi with this function (it is a test function I am using to explore LDAP that returns the exception message):
public static String checkCredentials(String securityPrincipal,
String password,
String ldapUrl,
String securityAuthentication)
{
String userVerify = "";
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, securityAuthentication);
env.put(Context.SECURITY_PRINCIPAL, securityPrincipal);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
DirContext authContext = new InitialDirContext(env);
userVerify = testDescription + " - Success";
authContext.close();
} catch (AuthenticationException authEx) {
userVerify = "AuthenticationException: " + authEx.getMessage();//"Authentication failed!";
} catch (NamingException namEx) {
userVerify = "NamingException: " + namEx.getMessage();//"Something went wrong!";
}
return userVerify;
}
As I call checkCredentials by passing the correct ldapUrl (that in my case it's ldap://192.168.48.60:389) i always get as result (the function returns a String):
AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
This page says that it is an authentication error (49) and "username is valid but password/credential is invalid" (52e).
I tried all of these for securityPrincipal:
john
john@mycompany
CN=john,conn
CN=john,OU=internal users,DC=mycompany
password and secuirityAuthentication seem ignored.
I tried to install LDAP admin from http://www.ldapadmin.org/ and also from it I get:
LDAP error! Invalid credentials: 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1.
Invalid token passed to the function.
Somehow this tells me something more "invalid token".
Any pointers? I am stuck.
