1
votes

i have three active directory servers different address,port and domain name and all In my app when user log-in the system i have to authenticate. The user provide his username and password only not the domain name or ip address. How can i authenticate him, whether i have to loop through the all the ldap server and when i get the Context i have to break it .. or is any other possible solution is there for authenticate a user in multiple servers please suggest. thanks in advance

1
No, you would have to check the servers one at a time. You could try saving details on which server a user was authenticated on and that way only take the hit of looping through 3 servers once.Ali
@Saiyansharwan: what should happen if a given user/password combination is available in more than one server?home
This is up to you. Make the best choice in your context. Either first wins or error.Michael-O

1 Answers

0
votes

If the user gives his FDN or UPN (User Principal Name) instead of just an user name it will be helpful. But still there is no guarantee that upn will match your realm name. If he gives FDN then atleast you can cache defaultNamingContext from all the three server and try to match it with the fdn provided by the user and authenticate him against the matching server.

But I guess he is providing the samAccountName in your case. In this case we dont have any clue to identify the server. You have to go through one by one and probably cache it which server he is authenticated against for next time performance improvment. Its also possible that the same username exist in multiple AD. You have to handle this case based on your AD environment.

as a additional note, if its web application try using spring's ldapTemplate. This might ease your task.