Ldap bind mechanism in java
Hello all,
Im facing find solution for ldap bind similar to [ldap_bind|http://php.net/manual/en/function.ldap-bind.php] function in php.
it seems easy and nice.
I had look around the web and some forums and got direction to use this
But this is not similar solution as in php.
ldap_bind use only conection, userName and password dont know nothing about password hash method and will verify credentials as valid or invalid.
Anyone have informaiton or ideas how to do it in java?
Petr, cz
Edited by: PetrCZ on May 19, 2010 11:22 PM
Edited by: PetrCZ on May 19, 2010 11:23 PM
You don't need to know the LDAP hash at all to do a bind and user password check. That's against security - why would a administrator let anyone know what hashing he uses - thats letting an important piece of your security out (even though thesemodern hashes are pretty much ir-reversible)
All you need is use Sun JNDI code to do a bind , use authentication method Simple and then gives user's id and password in clear-text. Directory server will itself take care of converting clear text password passed by you and comparing it with hashed user password in LDAP.
From your code perspective if you get a DirContext back - your bind was successful otherwise you will get a NamingEnumeration exception.
try reading through DirContext InitialDirContext ... just do a random search and you should get numerous helper code over internet.
Similar Messages
-
I need to build a java plug-in for ovd in order to implement a custom ldap bind operation. In my case I am using ovd database adapter to expose a legacy hr application as a ldap directory but the legacy hr application uses the php crypto() function to store a DES hash based version of the end user password into a database table. Any help is more than appreciated.
i was abe to implement the custom bind plug-in using the following documentation
http://www.oracle.com/technetwork/middleware/id-mgmt/virtual-directory-custom-plugins-wp-188785.pdf
http://docs.oracle.com/cd/E21764_01/oid.1111/e10046/adv_cust.htm#CEGJCFGE
Custom Plug-in Code
package br.gov.funasa.siarh.vde;
import com.asn1c.core.Bool;
import com.octetstring.vde.Credentials;
import com.octetstring.vde.chain.Chain;
import com.octetstring.vde.chain.ChainException;
import com.octetstring.vde.syntax.BinarySyntax;
import com.octetstring.vde.syntax.DirectoryString;
import com.octetstring.vde.util.DirectoryException;
public class CustomBindPlugin extends com.octetstring.vde.chain.BasePlugin {
public CustomBindPlugin() {
super();
public void bind(Chain chain, Credentials creds, DirectoryString dn,
BinarySyntax password, Bool result) throws DirectoryException,
ChainException {
//TO DO: Add equivalent code to check the password using the legacy hr application custom hash algorithm
result.setValue(true);
vde-properties.txt file that must be appended in MANIFEST.MF Jar file
vde-package-classname: br.gov.funasa.siarh.vde.CustomBindPlugin
vde-package-type: 0
vde-package-version: 1
vde-package-description: Custom bind for Siarh tha uses DES to check the user password
vde-package-name: SiarhCustomBindPlugin
vde-package-ops-add: false
vde-package-ops-delete: false
vde-package-ops-bind: true
vde-package-ops-modify: false
vde-package-ops-rename: false
vde-package-ops-get: false -
We are using the Sun jndi 1.2.1 files from a Java client to
access the IBM SecureWay Directory 3.2 server. Our test case is
retrieving entries using the ctx.getAttributes (String, String[])
method. Occasionally we are receiving the following error.
java.lang.NullPointerException
at com.sun.jndi.ldap.Connection.run(Connection.java:525)
at java.lang.Thread.run(Thread.java:481)
The java.lang.NullPointerException is coming from the Sun JNDI file.
Our program is not catching this exception.
Has anyone seen this problem before and have any ideas on how this can be resolved?Download and use LDAP 1.2.3 or JDK 1.3.1.
The problem should go away. -
LDAP Bind Failure: Can't contact LDAP server in Presentation Server
I have configured LDAP configuration in the RPD and am able to connect to the LDAP from the BI server. Its returning the information i need when i test through the admin tool. But when i try to log in from the PS using the same network id and password, it gives me the below error:
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused. [53003] LDAP bind failure: Can't contact LDAP server. (08004).
I know for sure, the network connectivity is working as i get my results back from the BI Server. Please advise, if i need to change other configurations on the Presentation end. As my network folks have run out of ideas. Thx!user9125812 wrote:
Yes, i am pinging from OBIEE Server through the RPD and i am successful.Pinging the OBIEE Server through the RPD? Ping is a DOS command, how can oyu "ping through the RPD".
Can you go to the server, open a CMD windows and do "ping nsldap.companyname.com" and see if it works. If it works it could be that the LDAP port is blocked by a firewall or OBIEE is not able to make a connection. Make sure you are using the correct port as well. Install an LDAP client in your OBIEE Server and test that you can connect to your LDAP server from your OBIEE Server, not from the RPD. You can use this:
http://jxplorer.org/ -
Hello,
When we set up our 10.6 server we did not know about the message it broadcasts offering to give "services" to clients, ie bind them to LDAP. Last fall several of our boarding students chose this option on their personal macs and they got our school login window and got restricted access to their computer. I showed them how to option-login and deselect management and remember the choice. I then went to the login options and unjoined them from the server.
On at least one machine, this has not reverted the machine to the usual, unmanaged login box. I have trashed all mcx preferences to no avail. How can I remove all traces of the LDAP binding from this machine?
Thank you,
Kevin KopchynskiOK, I think I have gotten this done.
The student actually used their full name on their computer account, which of course we also have on our Open Directory setup. I changed this on his computer so that there will be no conflict.
I have also determined that the network information such as the green light will show up on a computer that has never been bound to LDAP.
But it will NOT, as this student's had been, offer the local admin to bypass management or even respond to the option key at login.
After changing the account I ran through all of the deletions mentioned by Antonio, still got the option to bypass management, but I hit "remember" and refresh preferences. That seemed to be the finishing touch. The machine no longer responds to the option key at login.
By the time I did this mcxquery showed "no information available"
Thanks again for the help.
Kevin Kopchynski -
Accessing the Binding Layer from Java
Dear All
How can i Accessing the Binding Layer from Java code i need details document for it becuase i have complex binding object (object inside object)
Regards
Mohd.Weshahi know but my case is complicated :
Dear All
i have generate a human task based task flow and i create a page with payload object . i have an empiterator whcih include the following attributes :
- id
- name
- telephone
- department (Complex object) it include another attributes - dept and dept Name
my question i want to fill the empiterator by java code and fill all attributes including complex object (department ) from java code (my backing bean). \
you can download a document that describe my problems by images and details :
[http://www.4shared.com/account/document/fTREP1mv/ADF_Question__2_.html]
Regards
Wish79 -
Hi All,
We are facing the issue "LDAP bind failure:Cant contact LDAP server".
We are facing for now and then....Can you guys tell me the corrective action to correct this?
Our LDAP server is Novel e-directory.
RMDTry referring http://rnm1978.wordpress.com/2010/12/02/troubleshooting-obiee-ldap-adsi-authentication/
Hope it helps -
How to catch the return value of ldap- bind?
For net::ldap,
my $ldap = Net::LDAP->new( .. );
$ldap->bind($DN,$password);
if the bind failed, what's the returned value for this?
Many examples I read suggested "undef" is returned, but looks like it's not the case on Sun Solaris.
Marg8somehow "undef" is not returned.
for ldap->bind($DN,$password) or die "can't bind";
it always continue no matter what DN or password you put in.
So looks to me it returned something else.
Marg8 -
Binding XML to java types generated using Oracle Class Gen
Hi,
how can you bind an XML to the java types generated using the class gen provided byOracle.
I am using oracle 9i production. as part of my design, i have to read an xml input in my java class and use the contents to create some records and send a response xml back.
The latter part of i can do as the java types provide setter methods to set the data and conversion to xml.
Jaxb can be using to bind xml to java datatypes but its not supported in Oracle9i.
What are the alternatives for achieving the same?
Thanks
AshwinHi Ashwin,
This is a bit outside my area of expertise, but I did run an older version of TopLink in the Oracle database java VM a few years back so I'll base my advice on that. Hopefully other forum members can correct me if I steer you wrong.
First you will need to set up your XML environment:
I believe the Oracle 9i database includes a JDK 1.3 VM. You will first need to determine if the VM includes any JAXP APIs. I believe there is an SQL query that allows you to query the classes available in the VM. First check if javax.xml.parsers.DocumentBuilderFactory is present.
If the JAXP APIs are already present in the database you will need to do the following. First load the class javax.xml.namespace.QName into the database. You can extract this from xmlparserv2.jar or from Suns Java Web Service Developer Pack jax-qname.jar. Then you will need to load the JAXB APIs. You can load xml.jar or jaxb-api.jar from Sun's JWSDP.
If the JAXP APIs are not present you will need to load the 10.1.3 version of the XDK jars (these are shipped with the 10.1.3 TopLink install). Load xmlparserv2.jar and xml.jar into the database.
Second you will need to setup your TopLink environment:
Load toplink.jar into the database. If the JAXP APIs were already present and you didn't load the 10.1.3 XDK jars into the database you will need to set the following System property.
toplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform-Blaise -
Hi, anyone knows how to do bind variables in java using a contains sql statement. I have the following sql statement:
SELECT mytable.text FROM a_table mytable WHERE CONTAINS (mytable.text, '? WITHIN text',1) > 0
Here is couple of lines of my java code
PreparedStatement ps2= conn.prepareStatement(mysql);
ps2.setString(1,"bond");
ResultSet rset = ps2.executeQuery();
Every time I execute this query I get
ORA-01006: bind variable does not exist
Please help
thanksuser,
check out.
Display current DB time
JBO-25009: Cannot create ...
Edited by: Erp on Sep 29, 2011 8:46 PM -
Hi,
I have a similar requirement re PAS with LDAP bind. Is anybody on SCN able to share your solution?
Thanks & regards
Anthony
Message was edited by: Oisin ONidh
Branched to a NEW thread as was posted onto an OLD thread. Modify thread to reflect this change
ITS SCN ModeratorHello Anthony,
Can you provide further details on your query and also it's relation to using ITS/WEBGUI?
Regards,
Oisin -
Is there a way to bind augmented users, say via "ldapsearch", or make a web authentication by LDAP bind.
How is apple's collaboration suite authenticating Augmented users.
Have tried most compinations and just cant bind Augmented users via LDAP.Sorry, I posted at wrong location.
-
LDAP (OID) integration with java appilcation
OID issue Urgent
Currently we are using the OID-LDAP as the repository for storing username, passwds
and other attributes. All applications that need authentication will essentially
be using the OID.
In our effort to do the same we are encountering the following problems
- Creation of an identity corresponding the application
- Giving this identity certain LDAP authorizations (Which authorizations are these)
We have been successful creating LDAP entries for users and getting the initial
JNDI contexts to do the lookups.
When we are creating the user lookup from java code using oracle.ldap.util.User pakage ,
at the run time it's throwing error(no classfound oracle/net/config/ConfigException ).
why and where this is needed and how to resolve that. is that because we haven't added
the application in oid and configured authorizations for it.
Need an urgent answer to this since all applications will be using LDAP(OID).
here is code of java which tries to connect to OID.
================================================================================================
import oracle.ldap.util.*;
import oracle.ldap.util.jndi.*;
import java.io.*;
import java.util.*;
import javax.naming.*;
import java.Exception.*;
import javax.naming.directory.*;
public class hello {
public static void main(String argv[])
throws NamingException {
// Create InitialDirContext
System.out.println("INSIDE SERVLET");
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx( "hire11.kmfl.kg","4032","cn=orcladmin", "ias123" );
// Create Subscriber object
System.out.println("GOT CONTEXT" +ctx);
Subscriber mysub = null;
/* commented for time being -----------------------------
try {
// Creation using DN
System.out.println("CREATING subscriber");
mysub = new Subscriber( ctx, Util.IDTYPE_DN, "o=oracle,dc=com", false
System.out.println("GOT subscriber");
catch (UtilException e) {
System.out.println("error");
// Create User Objects
User myuser = null, myuser1 = null;
try {
// Create User using a subscriber DN and the User DN
System.out.println("CREATING USERl");
myuser = new User ( ctx,Util.IDTYPE_DN, "cn=abhishek,cn=users,dc=kmfl,dc=kg",Util.IDTYPE_DN,"dc=kmfl,dc=kg", true );
System.out.println("GOT USER");
// Create User using a subscriber object and the User
// simple name
// commented for time being -----------------------------
myuser1 = new User ( ctx, Util.IDTYPE_SIMPLE, "abhishek", mysub, true );
catch ( UtilException e ) {
System.out.println("COUDN'T GET USER"+e.toString());
// Authenticate User
try {
System.out.println("gOING FOR AUTHENTICATION");
myuser.authenticateUser(ctx,User.CREDTYPE_PASSWD,"abhi123");
System.out.println("AUTHENTICATION SuccessFull");
System.out.println("AUTHENTICATION SUCCESSfULL");
System.out.println("AUTHENTICATION sUCCESSfULL");
catch ( UtilException e ) {
System.out.println("AUTHENTICATION FAILED");
// Perform User operations
/* commented for time being -----------------------------
try {
PropertySetCollection result = null;
// Get telephonenumber of user
String[] userAttrList = {"telephonenumber"};
result = myuser1.getProperties(ctx,userAttrList);
Util.printResults(result);
// Set telephonenumber of user
// Create JNDI ModificationItem
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("telephonenumber", "444-6789"));
// Perform modification using User object
myuser.setProperties(ctx, mods);
catch ( UtilException e ) {
} // End of SampleUser.java
==============================================================================================================What about SSL or LDAPS !
Can't seem to find any java examples which would support services of type:
ldapbind -U 1,2 for java API ! -
LDAP (OID) integration with java appilcation( Urgent imp.)
Currently we are using the OID-LDAP as the repository for storing username, passwds
and other attributes. All applications that need authentication will essentially
be using the OID.
In our effort to do the same we are encountering the following problems
- Creation of an identity corresponding the application
- Giving this identity certain LDAP authorizations (Which authorizations are these)
We have been successful creating LDAP entries for users and getting the initial
JNDI contexts to do the lookups.
When we are creating the user lookup from java code using oracle.ldap.util.User pakage ,
at the run time it's throwing error(no classfound oracle/net/config/ConfigException ).
why and where this is needed and how to resolve that. is that because we haven't added
the application in oid and configured authorizations for it.
Need an urgent answer to this since all applications will be using LDAP(OID).
here is code of java which tries to connect to OID.
================================================================================================
import oracle.ldap.util.*;
import oracle.ldap.util.jndi.*;
import java.io.*;
import java.util.*;
import javax.naming.*;
import java.Exception.*;
import javax.naming.directory.*;
public class hello {
public static void main(String argv[])
throws NamingException {
// Create InitialDirContext
System.out.println("INSIDE SERVLET");
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx( "hire11.kmfl.kg","4032","cn=orcladmin", "ias123" );
// Create Subscriber object
System.out.println("GOT CONTEXT" +ctx);
Subscriber mysub = null;
/* commented for time being -----------------------------
try {
// Creation using DN
System.out.println("CREATING subscriber");
mysub = new Subscriber( ctx, Util.IDTYPE_DN, "o=oracle,dc=com", false
System.out.println("GOT subscriber");
catch (UtilException e) {
System.out.println("error");
// Create User Objects
User myuser = null, myuser1 = null;
try {
// Create User using a subscriber DN and the User DN
System.out.println("CREATING USERl");
myuser = new User ( ctx,Util.IDTYPE_DN, "cn=abhishek,cn=users,dc=kmfl,dc=kg",Util.IDTYPE_DN,"dc=kmfl,dc=kg", true );
System.out.println("GOT USER");
// Create User using a subscriber object and the User
// simple name
// commented for time being -----------------------------
myuser1 = new User ( ctx, Util.IDTYPE_SIMPLE, "abhishek", mysub, true );
catch ( UtilException e ) {
System.out.println("COUDN'T GET USER"+e.toString());
// Authenticate User
try {
System.out.println("gOING FOR AUTHENTICATION");
myuser.authenticateUser(ctx,User.CREDTYPE_PASSWD,"abhi123");
System.out.println("AUTHENTICATION SuccessFull");
System.out.println("AUTHENTICATION SUCCESSfULL");
System.out.println("AUTHENTICATION sUCCESSfULL");
catch ( UtilException e ) {
System.out.println("AUTHENTICATION FAILED");
// Perform User operations
/* commented for time being -----------------------------
try {
PropertySetCollection result = null;
// Get telephonenumber of user
String[] userAttrList = {"telephonenumber"};
result = myuser1.getProperties(ctx,userAttrList);
Util.printResults(result);
// Set telephonenumber of user
// Create JNDI ModificationItem
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("telephonenumber", "444-6789"));
// Perform modification using User object
myuser.setProperties(ctx, mods);
catch ( UtilException e ) {
} // End of SampleUser.java
==============================================================================================================Hi,
Make sure you have the netcfg.jar in the same directory as that of ldapjclnt9.jar (in $ORACLE_HOME/jlib).
Regards
Radhika -
Hi,
I have been trying to bind to an LDAP server with JNDI methods, but there is no way to get it work. When I try to execute the search I get the exception "Error code 49, invalid credentials". The main code is this:
Hashtable env = new Hashtable();
//Afegim els par�metres escaients a la taula.
env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, parameters.get(PROVIDER_URL));
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=user,cn=users,dc=dmz,dc=int");
env.put(Context.SECURITY_CREDENTIALS, "mypassword");
//Inicialitzaci� d'una refer�ncia al context
DirContext ctx = new InitialDirContext(env);
//Especificaci� de la part on es far� la cerca a l'arbre (cerca en el
//subarbre a partir de l'arrel indicada).
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Enumeraci� on s'obtindran els resultats corresponents a la cerca.
NamingEnumeration results = ctx.search( (String) parameters.get(SEARCHBASE), filter, constraints);
--In case I modify that code and comment line with SECURITY_PRINCIPAL variable, it works, but I can't validate the password. I have tried with changind that parameter, with things like "uid=username,cn=users,..." or "dn:cn=username,cn=users,..." and things like that. If someone can tell me exactly the form I have to write that variable I would be very thankful. I have also read something about write there the sAMAccount name, but I don't have any idea about it.
Thanks,
josepDid some more testing with our operations deparment and this seems to be
an error on our ldap server with some users.
Sorry for taking up your time.
Regards,
Michael.
mikeso
mikeso's Profile: http://forums.novell.com/member.php?userid=48915
View this thread: http://forums.novell.com/showthread.php?t=367505
Maybe you are looking for
-
IPhoto won't recognize *.MOV file for playing and for importing
My iPhoto is giving me an "unreadable file format" error on *.mov files after I upgraded to iPhoto '11. I have problem with video files that were working in iPhoto before and on files trying to import from my iphone or from my camera. I made new
-
Conferencing problems...please help
I am using CCM 4.0 and i was having problems conferencing two calls. My setup is as such that i am using G.711 for local extension and G.723 for external extensions. For this i have created two regions for local and external gateway. What happens is
-
I can't open an iBooks Author file, sized 1,2GB. What should I do?
-
Screen sharing from one iPad to another
Is there any app that will let someone mirror their iPad onto someone else's iPad?
-
Bom dia, infelizmente percebi que a qualidade do vidro (tela touch) não é a mesma, nesse iPod touch 5G muitos riscos em pouco tempo. Atenciosamente Junior Lopes