Context SECURITY_AUTHENTICATION=EXTERNAL
Hello
I have an AD/AM ldap (microsoft application mode ldap). I want to authenticate my users in the AD (active directory).
to do:
DirContext theExternalDirContext = null;
Hashtable theExternal = new Hashtable();
theExternal.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
theExternal.put(Context.SECURITY_AUTHENTICATION,"EXTERNAL");
theExternal.put(Context.SECURITY_PRINCIPAL,"AD domain\\user");
theExternal.put(Context.SECURITY_CREDENTIALS,"password");
theExternal.put(Context.PROVIDER_URL,"ldap://url AD/AM");
theExternalDirContext = new InitialDirContext(theExternal);
When I execute this java:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 - 00002027: LdapErr: DSID-0C09049C, comment: Inval
id Authentication method, data 0, vece ]
Any help would be much appreciated
Thanks
Unfortunately ADAM does not support SSL client certitifcates as a credential mechanism. And it doesn't appear to be well documented :-(
ADAM only supports simple, http digest & SASL authentication mechanisms.
To authenticate user's connecting to ADAM with credentials stored in AD, you can either use simple authentication (via a user proxy object), or SASL.
Note that with the former, I recomend that you configure ADAM to use SSL, to protect the simple bind, as it is sent in the clear and with the latter, the server hosting the ADAM instance must be a member of the Active Directory domain.
Bind redirection is described at http://technet2.microsoft.com/WindowsServer/f/?en/library/2a678533-a3c9-4758-ab8f-c52477fc5c001033.mspx and Windows authentication is described at http://technet2.microsoft.com/WindowsServer/f/?en/library/2a678533-a3c9-4758-ab8f-c52477fc5c001033.mspx
Similar Messages
-
How to share context to external browser
Dear friends,
Anyone help how to share context to external browser..
I Have two Views View1, view2 , same component and same application.
in view1, I am clicking button then display view2 on external window (external browser) ( CreateExternalwindow) through URL,
so my problame is I want share context of View1 to View2,
I am unable to the context sharing to view2
please help meRespected Satya ji,
how i tell my wishes to you, really you are save me, i am fighting about this solution last five days. Really thank you,
Basically i am not java guy, so now I know how to Write custom class also.
thank you.. ...........
please give me mail and phone number to this id. I need to tell my wishes
[email protected]
I reward all points to you... -
Reset or Clear SAP user context by external RFC caller program
Hello,
I have a SAP system with performance problems due to a SAP user context starts using a lot of memory.
This user context comes from an External RFC caller program written in Delphi and which uses the SAP RFC SDK provided by SAPGUI 6.40: SAP Automation library, SAPFuntionsOCX, I mean, using methods in the object "SAPFunctions" in SAPFunctionsOCX in file "wdtfuncU.ocx", in SAPGUI directory.
Everytime we have performance problems, this RFC SAP user context is using near 1400 Mb of extended memory, although there is a lot of free physical RAM memory available, there are free dialog processes and CPU load is low (no more than 30%).
This performance problem is solved by closing the external program (written in Delphi) which connects to SAP via RFC.
This external program works for the warehouse management and connects to SAP several times per minute. Due to connection performance and the high frequency with which this external program must connect to SAP, the connection to SAP is not closed after each call to RFC SAP function modules.
The extended memory used by this SAP RFC user is growing along time. I detected, using ST03 transaction, that these user sessions have always the same transaction code hash, I mean, although the external programs call the same SAP RFC funcion modules several times (¡¡¡ always clearing the variables at the beginning and at the end of de ABAP code, with ABAP commands like REFRESH and FREE ¡¡¡¡) the technical transaction code is the same and I suppose the user context (in extended memory) is not deleted.
I think it is better than the external program close the context memory (similar to "/n" okcode in SAPGUI).
But we don't want to close the connection, because the external program connects to SAP with a high frequency, and the logon process is expensive.
Is there any way to send something similar to "/n" (end of transaction) from the external program? Is there any command in the SAP RFC SDK library (SAPFuntionsOCX or something similar?
I cannot find any method to do that in the object "SAPFunctions" in SAPFunctionsOCX in file "wdtfuncU.ocx", in SAPGUI directory.
Old information for Object Classes "SAPFunctions" in SAPFunctionsOCX in file "wdtfuncU.ocx", in SAPGUI directory, is described in the following URL:
http://help.sap.com/saphelp_45b/helpdata/en/39/7e00d1ac6011d189c60000e829fbbd/frameset.htm
But I cannot find anything related to something similar to a "/n" in SAPGUI.
As I have the SAPGUI installed on my desktop, I can see all SAP RFC classes and methods from Excel, by opening the Visual Basic editor.
I am only asking a way to send to SAP a command to free the user context used for an open RFC session in order to avoid the memory used to be continuously growing, without having to close the RFC session.
The external program only calls a certain SAP function module periodically and we want to free the user context between calls without logging off. This is the same, very similar, as if we called that function from SAPGUI and we used "/n" in SAPGUI between calls.
Anyone can help me?
Thanks and best regards.Hello,
I don't know if this will solve your problem, but you may be using MF 'RFC_CONNECTION_CLOSE' between each call of you RFC function.
Regards
Brice
Edited by: blsapsdn on Apr 15, 2011 5:27 PM -
JNDI context federation / external contexts
I could not find any information whether or not Oracle Application Server supports federation of JNDI contexts.
I wanted to add external context to its JNDI. I want java:comp/env/external to point to different JNDI provider. (similar to JBoss ExternalContext mbean).
Anyone knows if that is possible?
Thank youHI Arie,
If you are accessing enterprise beans with J2EE clients (servlets, JSP, other enterprise beans, J2EE application clients), do not specify and use this arbitrary JNDI name. Instead, define EJB references in the clientsu2019 deployment descriptors and access the beans using these references. For more information, check the following link
http://help.sap.com/saphelp_nw04/helpdata/en/a0/019b3e25f95f14e10000000a114084/content.htm
if the above does not work try the following:--
Try to lookup the Ejb by its JNDI name given in the EJB-J2ee-engine.xml file if it does not exist there give any valid name and try to lookUp.
or try to lookup the ejb by its default jndi name.
"localejbs/bean name>"
http://help.sap.com/saphelp_nw04/helpdata/en/38/3e5a4201301453e10000000a155106/frameset.htm
in the Above link refer the second option "Lookup from a Non-J2EE Java Application"
Siddharth
Edited by: Siddharth Jain on Aug 22, 2008 7:13 AM -
DATE fields and LOG files in context with external tables
I am facing two problems when dealing with the external tables feature in Oracle 9i.
I created an External Table with some fileds with the DATE data type . There were no issues during the creation part. But when i query the table, the DATE fields are not properly selected though the data is there in the files. Is there any ideas to deal with this ?
My next question is regarding the log files. The contents in the log file seems to be growing when querying the external tables. Is there a way to control this behaviour?
Suggestions / Advices on the above two issues are welcome.
Thanks
LakshminarayananHi
If you have date datatypes than:
select
greatest(TABCASER1.CASERRECIEVEDDATE, EVCASERS.FINALEVDATES, EVCASERS.PUBLICATIONDATE, EVCASERS.PUBLICATIONDATE, TABCASER.COMPAREACCEPDATE)
from TABCASER, TABCASER1, EVCASERS
where ...-- join and other conditions
1. greatest is good enough
2. to_date creates date dataype from string with the format of format string ('mm/dd/yyyy')
3. decode(a, b, c, d) is a function: if a = b than return c else d. NULL means that there is no data in the cell of the table.
6. to format the date for display use to_char function with format modell as in the to_date function.
Ott Karesz
http://www.trendo-kft.hu -
Page size limitation on Sun ONE directory server 5.2
Hi All,
How do i know what is the Page size limitation on Sun ONE directory server 5.2?
How do i cahnage it?
Best Regards,
Ayelet Regev
[email protected]I enabled SSL in SUN ONE Directory Server 5.2, I use the following code to download the server certs,
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://bharatkumar.webm.webmethods.com:636/o=in");
env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
env.put(Context.SECURITY_PROTOCOL, "ssl");
try {
// Create initial context
DirContext ctx = new InitialDirContext(env);
System.out.println(ctx.lookup("ou=web"));
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
But it throws the following error:
javax.naming.CommunicationException: SASL bind failed: bharat.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.
validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to
requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:220)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
How to rectify the above error?
Kindly Help me.
Thanks,
Bharat -
External Context Mapping - Pass data from Child to Parent
Hello,
I have the following scenario:
DCParent Component (contains)
- DCChildComp1 (used DC)
- DCChildComp2 (used DC)
- DCChildComp3 (used DC)
- DCChildComp4 (used DC)
What user enters in DCChildComp1 then needs to be made available to DCParent and all other DCChildComp(n) siblings.
I have looked the posts and blogs in SDN and all of them seem to deal with passing inputField data from Parent to Child. May be I am missing it.
In my case, I need the data to be passed from DCChildComp1 to DCParent ie Child to Parent. Then from DCParent to other DCChildComps.
How should I go about
a. defining the context nodes and Component Interface context nodes in parent vs child vs siblings and
b. how should I map them externally?
Step by step instruction would be helpful.
Thanks in advance,
SK.Thanks for all the help. As I had already seen all the links and blogs you had linked here, I was still confused about how it all came together. Finally, I got it after reading Bertram Ganz's response in this thread [Context Mapping problem;.
when you map a context in the parent comp to an interface context in the used child component you do not define an external context mapping relation. That's normal context mapping as the data context resides in the child component.
I have it working now and I am able to push the changes in the child component's context to the parent.
For those who are interested in how I did it (and those who know a better way to do it
In the child component DC:
Map Child's View Context to Child's Controller Context
Map Child's Controller Context to Child's Interface Controller (make sure the inputEnabled is FALSE - as the child is the data producer and the parent is the data consumer, in my case)
In the parent DC:
Add child DC as a Used DC
Add child Component as a Used Component in the Parent Component
Add Child's Interface Controller as Required Controller in Parent Component
Map Child's Interface Controller Context to Parent's Controller Context
Map Parent's Controller Context to Parent's View Context
No external mapping required per the thread above. Now, any change in the child component's view is visible in the parent component view.
Thanks again very much for the help.
- Siva -
URGENT !! Help Needed: Context creation in iPlanet 5.1
Can some one tell me why this piece of code failed on iPlanet Directory Server5.1 where as it works fine on IBM Secureway?
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://"+args[0]+":389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, args[1]);
env.put(Context.SECURITY_CREDENTIALS, args[2]);
DirContext ctx = new InitialDirContext(env);
Attributes attrs = new BasicAttributes(true);
Attribute objclass = new BasicAttribute("objectclass");
objclass.add("top");
objclass.add("domain");
attrs.put(objclass);
// This line failed with the exception below
Context result = ctx.createSubcontext("dc=mydomain", attrs);
The exception is:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Suc
h Object]; remaining name 'dc=mydomain'Thanks for the reply.
We need to have dc=mydomain.com created under top level for this to work.
But what actuallyu I am doing here is that I am trying to create this subcontext under top level. -
External mapping in WD for ABAP
Hello,
I am trying to understand how the concept of external context mapping works in Webdynpro.
In system BIZ/000 I created a main WD component ZTEST_WD and another subcomponent WD component ZTEST_MWD.
Then I didthe following:
1. set the component controller context node TEST_FLIGHT_NO of ZTEST_MWD as Input Element (Ext),
2. performed an external mapping between the interface controller context and the main component controller context
3. Created a method GET_FLIGHT_DETAIL to perform some processing with the flight number in the TEST_FLIGHT_NO and display the flight details on the view. It was successful.
As a negative test, I tried to display the value of the subcomponent context with external mapping in the main view, and I expected that it would give an error, but it worked.
I assigned a value to the context in the interface controller method, and the same was displayed in the view. This means that the data flows from the interface controller context to the view context.
In subcomponent ZTEST_MWD, there is a method GET_FLIGHT_DETAIL, where I assigned value to the context.
data_node = wd_context->get_child_node( name = 'TEST_FLIGHT_NO' ).
data_node->set_attribute( exporting name = 'CARRID' value = 'AA' ).
data_node = wd_context->get_child_node( name = 'TEST_FLIGHT_NO' ).
data_node->get_attribute( exporting name = 'CARRID' importing value = lv_carrid ).
And later when the action was processed, the value "AA" displayed on the textbox in the main view.
Now I am a bit confused abt the concept which I understood earlier. I do not see any difference between external mapping and normal mapping.
It would be very very nice if you could throw light on this.
Awaiting responses,
Thanks and Regards,
MayaHello,
here's the link to the documentation about external context mapping: http://help.sap.com/saphelp_nw04s/helpdata/en/67/cc744176cb127de10000000a155106/frameset.htm
Regards, Heidi -
How to swap internal storage with the external sto...
Is it possible to swap internal storage with the external storage on Nokia X without any damage to phone as well as external sd card? It has been a very popular issue in recent times. If someone has a really good solution then please reply keeping the criteria provided beforehand in mind. Thanks in advance.
Sent from my Nokia Lumia 530...>
I have a table which is partitioned by Year. Now I want to move the 1 (EX: 1999) year data to another history table.
For this first I want to swap the 1999FY partition out with an external table and then swap them back to HISTORY table.
Please help me by providing a sample script for that.
>
It seems to me that you use the term "external table" in a wrong context. External table means a flat file, accessed as db object with select.
But probably, for you "external table" is a normal table that may hold the same structured data as a partition of another table does.
We have a feature for your requirement called "exchange partition with table".
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_3001.htm#i2131250
Kind regards
Uwe
http://uhesse.wordpress.com -
Default SSL context init failed: Invalid keystore format
Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.LdapContext;
public class TestAuthentifikation {
public static void main (String [] args) throws IOException {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/");
env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
env.put(Context.SECURITY_CREDENTIALS, "passwd");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.keyStore", "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
DirContext ctx = new InitialDirContext(env);
//use ctx....
// Close the context when we're done
ctx.close();
catch(NamingException ne) {
System.err.println(ne);
ne.printStackTrace();
}The exception is this:
javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
I should do something like this:
keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
I did this and changed the keystore from cacerts to mycacerts in the java class file:
sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
Edited by: borobudur on May 18, 2008 7:09 AMJust a permission problem! Take care that your process can write on the keystore/truststore.
-
How to determine an anonymous authentication with AUTHENTICATION = EXTERNAL
Hi,
LDAP servers can allow anonymous binds.
Using SECURITY_AUTHENTICATION = simple it's easy to determine an anonymous bind.
No password = anonymous .
But using SECURITY_AUTHENTICATION = EXTERNAL the java app doesn't see if the user hadn't to enter a pin at e.g. a smart card reader.
Is it possible to check the received InitialDirContext object for a status or to determine the kind of bind somehow?
Thanks and regards.My workaround now is to define an object in the ldap tree,
to that every authenticated user gets access granted.
Therefore, if you can't read that object, you're anonymous. -
How to configure a JNDI resource
I'll try to make my question as simple as possible since I've never got an answer on these forums :(
I want to configure a JNDI resource in the Sun Java(TM) System Application Server Enterprise Edition 8.1 Admin Console so that webapplications can do basic ldap searches using JNDI.
The following code works for me:
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://the.ldap.server:389");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,"thebinddn");
env.put(Context.SECURITY_CREDENTIALS,"thepassword");
try {
LdapContext ctx = new InitialLdapContext(env, null);
SearchControls cons = new SearchControls();
cons.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search("ou=People,o=Temmellys,o=org", "uid=juhani2", cons);
while (results != null && results.hasMore()) {
/* doing something with the results */
ctx.close();
catch (Exception e) {
e.printStackTrace(out);
}So my question is; How do I configure this resource with the same environment properties in the admin console? I want to name the resource ldap/test and access it in the following way (is this correct?):
InitialContext ctx0 = new InitialContext();
LdapContext ctx = (LdapContext)ctx0.lookup("ldap/test"); Do I configure a "Custom resource" or an "External resource" and how do I specify the properties?
See my original post for more information:
http://swforum.sun.com/jive/thread.jspa?threadID=62965&tstart=0
Even if this is basic rtfm stuff it would be nice if someone could help me out here. I am developing a portal for an organization running JES and my hands are tied on trying to get other things to work.Problem solved in the original thread. If you are trying to do the same be sure to check it out (the SUN documentation is faulty):
http://swforum.sun.com/jive/thread.jspa?threadID=62965&tstart=0
I apologize for starting two threads on this. -
Javax.naming.AuthenticationNotSupportedException:[LDAP:error Code 13
package test;
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
public class Test1{
public static void main(String[] args) {
try{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,INITCTX);
env.put(Context.PROVIDER_URL,My_HOST);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,MGR_DN);
env.put(Context.SECURITY_CREDENTIALS,MGR_PW);
DirContext ctx=new InitialDirContext(env);
}catch(Exception e){
e.printStackTrace();
System.exit(1);
public static String INITCTX="com.sun.jndi.ldap.LdapCtxFactory";
public static String My_HOST="ldap://192.168.0.88:389";
public static String MGR_DN="uid=kvaughan,ou=people,o=airius.com";
public static String MGR_PW="bribery";
public static String MY_SEARCHBASE="o=Airius.com";
javax.naming.AuthenticationNotSupportedException:[LDAP:error Code 13 Confidentiality Required]i have the same Exception
this post from 2003 and no one post an advice!!
the exception
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Inappropriate Authentication]
but i found that it is related the
env.put(Context.SECURITY_AUTHENTICATION, "simple"); // 'simple' = username + password
simple, EXTERNAL, none
but after adding this line i still have the same error!! -
Add User/ Communication Exception: Connection refused!
Hello,
I've searched the entire forum , for sample code for adding a user to the Active directory.However, the code that I use , refuses to budge past this line, and gives a
*Problem creating object: javax.naming.CommunicationException: mydc.antipodes.com:389 [Root exception is java.net.UnknownHostException: mydc.antipodes.com]*
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
When i change the ldap url to 'ldap://localhost:389', it gives me this exception
*Problem creating object: javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]*
I also could not follow , how the LDAP url is formed, and those CN=,DC= attributes.I also typed in the LDAP url in the browser, and an External Protocol request popped up , that had a search for people names and email.
Can someone please enlighten me , on where i was going wrong.I'm working on a windows XP machine with JDK1.6 with Netbeans.
The same functionality is also done , in .NET using the activeds.tlb file and it is working fine.Is there a way in Java, where i can added a reference/COM component , in the same way as above , and add users?
import java.util.Hashtable;
import javax.naming.ldap.*;*
*import javax.naming.directory.*;
import javax.naming.*;*
*import javax.net.ssl.*;
import java.io.*;
public class NewUser
public static void main (String--] args)--
-- Hashtable env = new Hashtable();--
-- String adminName = "CN=Administrator,CN=jomy,CN=Users,DC=antipodes,DC=com";--
-- String adminPassword = "jj2007";--
-- String userName = "CN=Albert Einstein,CN=jomy,OU=Research,DC=antipodes,DC=com";--
-- String groupName = "CN=All Research,CN=Administrators,OU=Research,DC=antipodes,DC=com";--
-- env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");--
-- //set security credentials, note using simple cleartext authentication--
-- env.put(Context.SECURITY_AUTHENTICATION,"simple");--
-- env.put(Context.SECURITY_PRINCIPAL,adminName);--
-- env.put(Context.SECURITY_CREDENTIALS,adminPassword);--
-- //connect to my domain controller--
-- env.put(Context.PROVIDER_URL, "ldap://mydc.antipodes.com:389");--
-- //env.put(Context.PROVIDER_URL, "winnt://localhost");--
-- try {--
-- // Create the initial directory context--
-- LdapContext ctx = new InitialLdapContext(env,null);--
-- // Create attributes to be associated with the new user--
-- Attributes attrs = new BasicAttributes(true);--
-- //These are the mandatory attributes for a user object--
-- //Note that Win2K3 will automagically create a random--
-- //samAccountName if it is not present. (Win2K does not)--
-- attrs.put("objectClass","user");--
-- attrs.put("samAccountName","AlbertE");--
-- attrs.put("cn","Albert Einstein");--
-- //These are some optional (but useful) attributes--
-- attrs.put("giveName","Albert");--
-- attrs.put("sn","Einstein");--
-- attrs.put("displayName","Albert Einstein");--
-- attrs.put("description","Research Scientist");--
-- attrs.put("userPrincipalName","[email protected]");--
-- attrs.put("mail","[email protected]");--
-- attrs.put("telephoneNumber","999 123 4567");--
-- //some useful constants from lmaccess.h--
-- int UF_ACCOUNTDISABLE = 0x0002;--
-- int UF_PASSWD_NOTREQD = 0x0020;--
-- int UF_PASSWD_CANT_CHANGE = 0x0040;--
-- int UF_NORMAL_ACCOUNT = 0x0200;--
-- int UF_DONT_EXPIRE_PASSWD = 0x10000;--
-- int UF_PASSWORD_EXPIRED = 0x800000;--
-- //Note that you need to create the user object before you can--
-- //set the password. Therefore as the user is created with no--
-- //password, user AccountControl must be set to the following--
-- //otherwise the Win2K3 password filter will return error 53--
-- //unwilling to perform.--
-- attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));--
-- // Create the context--
-- Context result = ctx.createSubcontext(userName, attrs);--
-- System.out.println("Created disabled account for: " + userName);--
-- //now that we've created the user object, we can set the--
-- //password and change the userAccountControl--
-- //and because password can only be set using SSL/TLS--
-- //lets use StartTLS--
-- StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());--
-- tls.negotiate();--
-- //set password is a ldap modfy operation--
-- //and we'll update the userAccountControl--
-- //enabling the acount and force the user to update ther password--
-- //the first time they login--
-- ModificationItem[-- mods = new ModificationItem[2];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
//now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName,member);
System.out.println("Added user to group: " + groupName);
catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
//Could have put tls.close() prior to the group modification
//but it seems to screw up the connection or context ?
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
catch (IOException e) {
System.err.println("Problem creating object: " + e); }
}Sometimes there are posts that are so funny, that I really do fall off my chair and writhe on the floor laughing hysterically.
mydc.antipodes.com is my domain controller, it's most certainly not yours !
If you are running Active Directory (although I somehow seem to think that you are not), the LDAP URL will contain the fully qualified DNS name of your domain controller and the distingushed name of your Active Directory domain (or part thereof).
Because you are most certainly do not have access to my domain, nor would my domain controller be registered with your DNS server or listed in your hosts file, that explains why you receive the Unknown Host Exception.
Now the reason why I think you aren't runnning Active Directory is that you say you are running on Windows XP and when you use ADSI (winnt://localhost) it all works.
The ADSI provider WINNT, uses the Windows NT/LM API's which are used to access either the local Windows account store which is sometimes referred to as Security Accounts Manager (SAM), or a Windows NT 4 domain. (Actually it could be used to access Active Directory, albeit using the NT/LM API's rather than LDAP). The JNDI LDAP provider supports the LDAP protocol, it does not support NT/LM.
If on the other hand I'm wrong, and you do have Active Directory present in your network, either ask the admin for the DNS name of the domain controller,and the distinguished name of your domain, look up the LDAP Resource Records (RR's) in your DNS, or use the Windows LDP.EXE tool, leave everything blank, hit the connect button and look at the Root DSE for the naming contexts and dns host name values.
Maybe you are looking for
-
Can't boot from new HD: OS X, 233 MHz iMac
The hard drive on my son's 233 MHz iMac recently stopped booting. I purchased a 40 GB Maxtor drive and installed it in the computer. After partitioning with the Disk utility, I installed Panther on the 7.7 GB partition. All attempts to boot off the n
-
My Itunes is saying that i need to update to 11.1 but i already have got it and im using it now.
when ever i plug in my ipod to add music onto it my itunes says that i need to update it to 'version 11.1 or later' but i have it and thats the one i am useing.
-
Namespace url with /ns instead of /ns0
Hi Experts, I'm doing JDBC to proxy Scenario. We are getting following Mapping error in SXMB_MONI. Error: <SAP:P1>com/sap/xi/tf/_MM_BRNVS30_PPS_To_ECC_Oorja_Auto_I~</SAP:P1> <SAP:P2>com.sap.aii.mappingtool.tf7.IllegalInstanceExcepti</SAP:P2> <SAP
-
ABAP and JAVA Stack in the same box
Hi all, I have installed Java Sneak preview first and after I installed ABAP Sneak in the same box. Everything is working fine but I noticed a little detail. My jcontrol.exe service disapeared from SAP Management Console. I mean before installed ABAP
-
hello, i have a question, i need to open some port with firefox but when i type my default ip adress nothing happens, the page just keeps blank. so is there a way to turn this of or something? please help. best regards, Arne Demandt