Java LDAP

I am currently planning on working on a small application (to help keep myself current) for my company.
I was hoping to have an Employee management application which would allow EMployees to go in and edit thier details/book holiday and the such.
But what I wanted was for there to be LDAP authentication to it, rather than creating the users on a seperate database somewhere.
And was wondering a few things
a] Does java come with a library that allows my to conenct to an LDAP server and talkt o it
b] Does LDAP give back information like "this person is an employee" or "this person is a company director" (or user/admin type thing)
For the LDAP libraries if the do exist but arent bundled into the main java framework, I am looking for one that isnt too hard to use, as I'm doing this outside of work and my personnal time is very precious to me.

My standard approach is very similar to what malcolmmc describes. First I create an InitialDirContext which tells me if the username and password is good (it throws an exception if it isn't). Then I tend to use one of the search methods in the InitialDirContext to look up individual entries and get attributes from it.
For your requirements you need to find something about the user which you can check to differentiate their type. It may be an attribute, or a group they are in. It will be of great benefit to look through your directory with an LDAP browser.
//Create an environment
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.PROVIDER_URL, "ldap://anycorp.co.uk:389/");     //Port 389 is standard for LDAP
props.put(Context.SECURITY_PRINCIPAL, "myDomain\\username");
props.put(Context.SECURITY_CREDENTIALS, "password");
//Create a directory context, this will throw an exception if
//the logon is not valid
InitialDirContext ctx = new InitialDirContext(props);Notes:
1. For your provider URL you should be able to use just your company DNS suffix. Your company DNS should route your request to a directory server.
2. You may also want to look into using a higher security level than "simple", which is a clear text password. Googling should give some answers.
3. Your SECURITY_PRINCIPLE may vary depending on what type of directory server you have. MS Active Directory usually uses a email type format, Novell uses the format I give in my example. If you code on a Windows XP workstation, click Ctrl-Alt-Delete and have a look at what it says you are logged in as.

Similar Messages

  • Resetting passwords in AD LDS not honoring password history via Java ldap api

    I am trying to implement reset password functionality for accounts in Windows 2012 R2 AD
    LDS via java ldap api. But it is not honoring password history constraint. When I tried to implement change password it is enforcing password history. I am using the following code to reset password.
    @Override
    public void updatePassword(String password) throws LdapException {
    try {
    String quotedPassword = "\"" + password + "\""; 
    char unicodePwd[] = quotedPassword.toCharArray(); 
    byte pwdArray[] = new byte[unicodePwd.length * 2]; 
    for (int i=0; i pwdArray[i*2 + 1] = (byte) (unicodePwd[i] >>> 8); 
    pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff); 
    ModificationItem[] mods = new ModificationItem[]{new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new
    BasicAttribute("UnicodePwd", pwdArray))};
    LdapContext ldapContext = (LdapContext)ldapTemplate.getContextSource().getReadWriteContext();
    final byte[] controlData = {48,(byte)132,0,0,0,3,2,1,1};
    BasicControl[] controls = new BasicControl[1];
    final String LDAP_SERVER_POLICY_HINTS_OID = "1.2.840.113556.1.4.2239";
    controls[0] = new BasicControl(LDAP_SERVER_POLICY_HINTS_OID, true, controlData);
    ldapContext.setRequestControls(controls);
    ldapContext.modifyAttributes(getRelativeDistinguishedName(), mods);
    } catch (Exception e) {
    throw new LdapException("Failed to update password for:" + this.getDistinguishedName(),
    e);
    Please let me know if I am doing anything wrong.

    Hi,
    I suggest you check password policy on the AD LDS server.
    If the server is under workgroup mode, then local password policy is applied; if it is domain-joined, domain password policy over-rides local password policy, you may also need to check if there is any PSO configured.
    More information for you:
    AD DS: Fine-Grained Password Policies
    https://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
    Step 4: View a Resultant PSO for a User or a Global Security Group
    https://technet.microsoft.com/en-us/library/cc770848(v=ws.10).aspx
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Java, ldap and german "umlauts"

    Hi everybody,
    Our developers ran in some problems with german characters "��"etc. They are using Java SDK 4.1 for LDAP for retrieving, creating and updating entries. If names have umlauts like in "J�RG" they are not presented right. Both systems have solaris 8 (engl) and they are using UTF-8 in the java application. As i know the server stores the values also in UTF-8, so why is the presentation wrong? Any idea?
    Many thanks
    Kai
    PS: A perl script has no problems with umlauts.

    I know there are various versions of ldapsearch which have differing qualifiers. The one that comes with SUN ONE or iPlanet has the qualifier of -e which means that it will print out german characters. We had this trouble with spanish characters.
    However other versions of ldapsearch do not have this qualifier and hence any such data comes out as binary.
    If your java application uses ldapsearch it must have a qualifier like this. Perhaps the java application can call the ldapsearch function provided by SUN ONE.
    John reddington

  • Java & LDAP, "anonymous unbind" = err=80

    Dear experts,
    I've found something strange in my performance tests against DSEE 6.3
    Please see below some explanations about this "issue":
    I use a simple Java code to test my newly created directory server. When I use a search request with the anonymous user (i.e. Context.SECURITY_AUTHENTICATION="none")...I can notice that a connection code & an error code (A1 - Client aborted connection AND err=80 (unknown error)) are always present in the corresponding logs of this request!
    When I use the ldapsearch command line to "simulate" the same request (anonymous), I can see that the logs are completely different (connection code is different AND there is no error code (err=80)), that is: "U1 - Connection closed by unbind client" ; Those last logs are really as expected!
    When I use a bind user (Context.SECURITY_AUTHENTICATION="simple") instead of anonymous, both tests (Java and ldapsearch) produce the same result, and the connection code is always the same, that is: U1 - Connection closed by unbind client
    Here are the two connection codes:
    U1: The server closed the client connection because client sent an UNBIND request.
    A1: The client has closed the connection without performing an UNBIND.
    I've found this article (http://java.sun.com/docs/books/tutorial/jndi/ldap/operations.html) about "How LDAP Operations Map to JNDI APIs"....
    We can see that the UNBIND operation correspond to the (Java) procedure: context.close()....this procedure being of course in my code!
    Is there a way in Java to "bypass" this issue for the anonymous user?
    Thanks a lot in advance.
    Regards,
    -Franck

    I have updated the ldap java.schema with below entries, it is working fine
    objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
         NAME 'javaContainer'
         DESC 'Container for a Java object'
         SUP top
         STRUCTURAL
         MAY ( o $ cn))

  • Java LDAP Authentification - problem!!!

    I found application in .NET (C#), and it's work perfectly! (http://www.codeproject.com/KB/system/arbauthentication.aspx)
    I want do this logic in my java web application. All users in our domain in first leg must be log-in in web application!
    And it - authetification must be over Active Directory (AD). Help me please.
                Hashtable authEnv = new Hashtable();
                String userName = "";
                String passWord = "";
                InputStreamReader converter = new InputStreamReader(System.in);
                BufferedReader in = new BufferedReader(converter);
                System.out.println("Input your username:");
                userName = in.readLine();
                System.out.println("Input your password:");
                passWord = in.readLine();           
                base = userName + "@" + "xxxyyyzzz.com";
                String ldapURL = "ldap://192.168.0.99:389/";
                authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                authEnv.put(Context.PROVIDER_URL, ldapURL);
                authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
                authEnv.put(Context.SECURITY_PRINCIPAL, base);
                authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
                try {
                    DirContext authContext = new InitialDirContext(authEnv);
                    System.out.println("Authentication Success!");               
                catch (AuthenticationException authEx)
                    System.out.println("Authentication failed!");
                catch (NamingException namEx) {
                    System.out.println("Something went wrong!");
                    namEx.printStackTrace();
                }This code is not working when truely input username & password. Exception!
    javax.naming.AuthenticationException:
    [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
    And when input truely username, but password is a blank (password="") it's work...     
    Authentication Success!
    may be this is anonymous authentification.

    If you would have searched through the forum you would have discovered that the Active Directory error code 525 means username not found.
    And you may also have discovered that a null password implies an anonymous logon.
    Either the user has mistyped their username, or you have made an incorrect assumption when constructing the userPrincipalName and appending the upn suffix "xxxyyyzzz.com".

  • Java, LDAP, DSML

    Hi!
    I need to write a software that will execute different LDAP requests
    and handle responses. The main idea is that the requests must be
    configured by the user and for different LDAP (eDirectory, OpenLDAP).
    The question is how can I implement such requests configuration and how
    to handle them later.
    I'v read about LDIF and DSML. There are LDIFReader and DSMLReader in
    Novell JLDAP, which allows to convert DSML and LDIF files to
    LDAPMessages. LDIF and DSML files attributes contains real values, but I
    need user to fill them in the runtime.
    So I need template for DSML or LDIF. Is there something like that?
    I can leave values in the DSML empty and fill them in LDAPMessage, but
    I think its not good idea.
    dima376
    dima376's Profile: http://forums.novell.com/member.php?userid=70903
    View this thread: http://forums.novell.com/showthread.php?t=392744

    Hard to say form your description.
    But you could write a Java program to do LDAP requests and responses,
    almost, regardless of the target LDAP provider.
    I say almost, because issuing a partition create against OpenLdap would
    not work.
    But certainly, reads, adds, modifies and deletes should work well.
    Thanks
    -jim
    On 11/16/2009 1:36 PM, dima376 wrote:
    >
    > Hi!
    >
    > I need to write a software that will execute different LDAP requests
    > and handle responses. The main idea is that the requests must be
    > configured by the user and for different LDAP (eDirectory, OpenLDAP).
    >
    > The question is how can I implement such requests configuration and how
    > to handle them later.
    >
    > I'v read about LDIF and DSML. There are LDIFReader and DSMLReader in
    > Novell JLDAP, which allows to convert DSML and LDIF files to
    > LDAPMessages. LDIF and DSML files attributes contains real values, but I
    > need user to fill them in the runtime.
    >
    > So I need template for DSML or LDIF. Is there something like that?
    >
    > I can leave values in the DSML empty and fill them in LDAPMessage, but
    > I think its not good idea.
    >
    >

  • Java LDAP Tag Query Issue

    I am using the ldap tag library to view users and output info. There are specific attributes I want to pull back that it wont. The attributes are passwordretrycount pwdaccountlockedtime pwdfailuretime.
    <!-- LDAP Call -->
    <ldap:property name="url" value="<%= \"ldap://\" + request.getParameter(\"ldapserver\") %>"/>
    <ldap:property name="dn" value="<%= binddn %>"/>
    <ldap:property name="password" value="<%= bindpw %>"/>
    <ldap:connect>
    <ldap:query id="var" basedn="o=tlhc" filter="<%= cn %>">
    <table border="0" cellpadding="1" cellspacing="0">
    <tr><td valign="top"><b>Last Name:</b> </td><td valign="top"><ldap:getAttribute name="sn"/></td></tr>
    <tr><td valign="top"><b>First Name:</b> </td><td valign="top"><ldap:getAttribute name="givenname"/>
    </td></tr>
    <tr><td valign="top">Middle Name: </td><td valign="top"><ldap:getAttribute name="tlhcmiddlename"/><
    /td></tr>
    <tr><td valign="top">UserID: </td><td valign="top"><ldap:getAttribute name="uid"/></td></tr>
    <tr><td valign="top">GUID: </td><td valign="top"><ldap:getAttribute name="tlhcguid"/></td></tr>
    <tr><td valign="top">Employee Number: </td><td valign="top"><ldap:getAttribute name="employeeNumber
    "/></td></tr>
    <tr><td valign="top">Title: </td><td valign="top"><ldap:getAttribute name="title"/></td></tr>
    <tr><td valign="top">Email: </td><td valign="top"><ldap:getAttribute name="mail"/></td></tr>
    <tr><td valign="top">Password Retry Count: </td><td valign="top"><ldap:getAttribute name="passwordr
    etrycount"/></td></tr>
    <tr><td valign="top">Password Failure Time: </td><td valign="top"><ldap:getAttribute name="pwdfailu
    retime" delimiter="<br>"/><br><br></td></tr>
    </table>
    </ldap:query>
    </ldap:connect>

    Is this the easyldap tag library?
    i think it is the implementation of ldap operations in the tag library that causes it.
    I m lookin for a tag library for the same use too.

  • Java LDAP client

    Hi to all:
    Somebody knows if exists any classes, package or api that works as ldap client?
    Best regards,
    Fabio.

    You asked this somewhere else. Please do not cross-post.

  • LDAP Programming using Java

    Hi,
    How do I do validation of userid's using LDAP, using a java class. Please help me out in this...........
    Krsna

    hi,
    http://docs.sun.com/source/816-6402-10/writing.htm
    http://today.java.net/pub/a/today/2006/04/18/ldaptemplate-java-ldap-made-simple.html

  • Error with passwords via Portal and LDAP

    When we change a user's password via portal, either by the user or administrator, the password gets changed, but then when the user tries to log in again, it says the password is expired, and no longer allows changing the password.
    The log has the following errors
    defaultTrace.18.trc:#1.5#0003BA68FF7E00510000000C00001AEC0004059FD46D2697#1132083928701#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###Can not change password
    defaultTrace.18.trc:#1.5#0003BA68FF7E00510000000E00001AEC0004059FD46D2C5B#1132083928706#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error#1#/System/Security/Usermanagement#Java###DataSource : Can not change password#1#CORP_LDAP#
    defaultTrace.18.trc:#1.5#0003BA68FF7E00510000000F00001AEC0004059FD46D96C1#1132083928731#com.sap.security.core.admin#sap.com/com.sap.security.core.admin#com.sap.security.core.admin.[cf=com.sap.security.core.admin.UserAdminLogic][md=performUserProfileChange][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###[LDAP: error code 16 - No Such Attribute]
    defaultTrace.18.trc:#1.5#0003BA68FF7E003E0000002500001AEC0004059FD5A452F0#1132083949095#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_21##0#0#Error##Java###Can not change password
    defaultTrace.18.trc:#1.5#0003BA68FF7E003E0000002700001AEC0004059FD5A4591E#1132083949099#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_21##0#0#Error#1#/System/Security/Usermanagement#Java###DataSource : Can not change password#1#CORP_LDAP#
    defaultTrace.18.trc:#1.5#0003BA68FF7E003E0000002800001AEC0004059FD5A49EBD#1132083949114#com.sap.security.core.admin#sap.com/com.sap.security.core.admin#com.sap.security.core.admin.[cf=com.sap.security.core.admin.UserAdminLogic][md=performUserProfileChange][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_21##0#0#Error##Java###[LDAP: error code 16 - No Such Attribute]
    Any help would be greatly appreciated
    We are using Portal 6Sp14
    Thanks
    Brian Timothy

    Hi Brian
    which datasource u r using?
    i think u used read only LDAP + Databse
    when u chang the password for user in portal than after corresponding user password in LDAP directory are not changed thas't why it's generated a message that
    password expires and u can't change the password
    so try to change the password in LDAP also.
    hope it's helps u.
    regards,
    kaushal

  • Problem with deleting object in LDAP server

    Hi,
    I am writing a Java Ldap client which performs object search/deletion/addition/modification.
    Now I can search the object via DN using the client program.
    When I try to delete, the program goes through without any exception. But the object
    still exists in the Ldap server.
    Did I miss anything in my program?
    BTW, I can use the same uid/passwd to delete the user from the Netscape Ldap console.
    But not from the client program.
    Here is the short program:
    try {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://localhost:389");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "uid=sysadmin, ou=Directory Administrators,
    o=abc.com");
    env.put(Context.SECURITY_CREDENTIALS, "sysadmin");
    DirContext ctx = new InitialDirContext(env);
    ctx.destroySubcontext("userId=steve, groupId=client, o=abc.com");
    System.out.println("Deletion successful");
    } catch (Exception e) {
    e.printStackTrace();
    System.exit(1);

    Use FM
    EPS_DELETE_FILE or CONVT_DELETE_FILES
    to delete file or you can use
    DELETE DATASET
    statement.
    rgds,
    TM.
    Please mark points if helpful.

  • User properties in LDAP realm

    Can anyone out there give me advice, or point me in the right direction for info
    on how to extract user attributes from thier entry within the LDAP store.
    Assuming the user context has been created, and the information I'm trying to
    extract are things like, email address, group membership etc.
    Any help is greatly appreciated.
    Cheers

    it should be easy, just look to the examples that comes with
    java LDAP package documentaion, u can download it from netscape
    site.
    Ahmed
    "Aaron Stafford" <[email protected]> wrote:
    >
    Can anyone out there give me advice, or point me in the right direction
    for info
    on how to extract user attributes from thier entry within the LDAP store.
    Assuming the user context has been created, and the information I'm trying
    to
    extract are things like, email address, group membership etc.
    Any help is greatly appreciated.
    Cheers

  • Cannot find the Novell Connection Manager for LDAP

    Novell Connection Manger for Java/LDAP
    Cannot find the Novell Connection Manager for LDAP in download
    I am trying to connect through a Java client to the Apache Directory Studio, LDAP server....I have downloaded the classes from the download page...see link below...but I can't see the NovellConnectionManager Class anywhere in this download when I use the open freely application to view the jar details.
    LDAP Classes for Java
    Environment: Windows 7

    Hi MentalSuplex, and a warm welcome to the forums!
    Don't know about Airport cards for it, but other options...
    http://eshop.macsales.com/item/Sonnet%20Technology/N80211PCI/
    Maybe this one, ask them...
    http://eshop.macsales.com/item/Newer%20Technology/MXP802NPCI/
    I use these...
    http://eshop.macsales.com/item/Newer%20Technology/MXP2802NU2C/
    http://eshop.macsales.com/item/Edimax/EW7711UMN/

  • How to get Password Hash in java ?

    How can i get the hash password from one user to copy to other
    application or ldap ( like sync ) in java ldap or jdbcldap ? Is it
    possible ?
    Exist some kind of class or method on java to get clear text Password
    or hash password in eDirectory users ?
    thanks !
    samirissa
    samirissa's Profile: http://forums.novell.com/member.php?userid=58315
    View this thread: http://forums.novell.com/showthread.php?t=416414

    In the Universal Password policy, there is an option to allow specific
    user sto retrieve the password. I haven't used this feature before, but I
    assume that it would allow you to get the actual password via LDAP.
    Jared Jennings
    Senior Systems Architect, Data Technique, Inc.
    http://www.datatechnique.com
    My Blog and Wiki with Tips, Tricks, and Tutorials
    http://jaredjennings.org
    Twitter@ jaredljennings

  • BOE 4.x and Apache LDAP

    Hi,
    we are using BO since 3.1 with apache LDAP as our user repository. we use this LDAP server because it is pure java LDAP server that can be embodied in our product.
    Up until 4.x it worked well and we managed to log in both from BO UI (with username and password) and also using the API with trusted token login.
    in 4.1 when we try to login using the API for trusted token login  we are getting the following error "User must have at least one alias. (FWB 00010)".
    any idea what can cause this issue? how to overcome it?
    thanks
    Noam

    Hi Noam,
    Were you able to fix this ? I'm having same Problem with trusted authentication in BI4.1
    TIA
    Regards,
    Prasant

Maybe you are looking for

  • Import of XML file failed in portal using XML Content and Action

    Hi Friends, I am trying to import the simple XML file which is just creating the folder in the PORTAL_CONTENT using XML CONTENT AND ACTIONS  which is one way of creating the portal content. GO TO SYSTEM ADMINISTRATION > TRANSPORT > XML CONTENT AND AC

  • Can I get my money back for an app that I didn't like?

    Apparently I purchased the wrong app and I would like to get my money back, is that possible?

  • Upgraded to Leopard, Mail doesn't work

    I recently upgraded to Leopard and the Mail program doesn't work. Won't display any mail. Seems to send mail okay from my .mac and .aol (my main email address) accounts, but no messages are displayed, and it is impossible to quit Mail without going t

  • About Communication Channel Parameters

    What is Variable substitution (target dir/filename scheme) parameter, Run OS command before Message processing and Run OS command after Message processing parameters in the Communication Channel, where we can use this parameters(i.e which type of sce

  • How do I get the best animation results for an online streaming project?

    I made a short animated video from a template explaining who I am for my customers. I would like to put the video on Youtube or Vimeo so they know a bit more about me, but I am having trouble exporting it from Adobe After Effects. Everytime I export