?
Solved

JNDI authentication question

Posted on 2004-09-09
7
Medium Priority
?
844 Views
Last Modified: 2013-11-24
In my code, pasted below, I can get a list of users and their email addresses. I can paste this class into any code and it would get a list of users in a domain. What I DON'T want is for users to have to instantiate the ADConnection class with a username and password.

Is there a way to impersonate a currently logged on user using JNDI? Is there another way to do this?

public class ADConnection {

      private DirContext ldapContext;

      private String baseName;

      private String serverIP;

      private String user;

      private String passwd;

      public ADConnection(String baseDN, String serverIP, String user,
                  String passwd) {

            this.baseName = baseDN;
            this.serverIP = serverIP;
            this.user = user;
            this.passwd = passwd;

            try {
                  Hashtable ldapEnv = new Hashtable(11);

                  ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
                              "com.sun.jndi.ldap.LdapCtxFactory");
                  ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":389");
                  if (user != null) {
                        ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
                        ldapEnv.put(Context.SECURITY_PRINCIPAL, user);
                        ldapEnv.put(Context.SECURITY_CREDENTIALS, passwd);
                  }
                  ldapContext = new InitialDirContext(ldapEnv);
            } catch (Exception e) {
                  System.out.println(" bind error: " + e);
                  e.printStackTrace();
                  System.exit(-1);
            }
      }

      public NamingEnumeration search() {
            SearchControls ctls = new SearchControls();

            ctls.setReturningObjFlag(true);
            String filter = "(objectclass=*)";
            NamingEnumeration answer = null;
            try {
                  answer = ldapContext.search(baseName, filter, ctls);
            } catch (NamingException e) {
                  e.printStackTrace();
            }
            //printSearchEnumeration(answer);
            return answer;
      }

      public static void printSearchEnumeration(NamingEnumeration enum) {
            try {
                  while (enum.hasMore()) {
                        SearchResult sr = (SearchResult) enum.next();
                        Attributes attrib = sr.getAttributes();

                        System.out.println(sr.getName() + ": " + attrib.get("mail"));
                  }
            } catch (NamingException e) {
                  e.printStackTrace();
            }
      }

      public static void main(String[] args) {
            ADConnection adc = new ADConnection(
                        "ou=Users, ou=My Domain, dc=dc, dc=local", "domainC",
                        "test@dc.local", "Password123");
            NamingEnumeration searchResult;

            searchResult = adc.search();
            printSearchEnumeration(searchResult);
            System.out.println("done");
      }
}
0
Comment
Question by:thefallguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 12024103
You can certainly get the username of the suer logged in (using the "user.name" property) but you cannot get the password. I am afraid the users will need to enter the password somehow.
0
 
LVL 1

Author Comment

by:thefallguy
ID: 12026404
Forgive my ignorance, but how do I access the user.name property.

I guess what i was trying to ask is that if there is any way to do this using Kerberos that wouldnt require any password entry.
0
 
LVL 35

Expert Comment

by:girionis
ID: 12026619
Just use:

String userName = System.getProperty("user.name");

and it should return the login name of the user currently logged on.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:thefallguy
ID: 12027640
is there  a way to use kerberos to impersonate the user??
0
 
LVL 35

Accepted Solution

by:
girionis earned 500 total points
ID: 12041604
I am not sure, sorry, I never used kerberos and not sure how it works. Mayeb the following links will help though:

http://www.doc.ic.ac.uk/csg/faqs/servlets/kerbjava.html
http://www-106.ibm.com/developerworks/java/library/j-gssapi/
http://java.sun.com/products/jndi/saslmechs.html
0
 
LVL 1

Author Comment

by:thefallguy
ID: 12046506
arite... figured it out... need to use the ntloginmodule.
0
 
LVL 35

Expert Comment

by:girionis
ID: 12051706
:)
0

Featured Post

Is Your Team Achieving Their Full Potential?

74% of employees feel they are not achieving their full potential. With Linux Academy, not only will you strengthen your team's core competencies but also their knowledge of of the newest IT topics.

With new material every week, we'll make sure that you stay ahead of the game.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses
Course of the Month9 days, 3 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question