thefallguy
asked on
JNDI authentication question
In my code, pasted below, I can get a list of users and their email addresses. I can paste this class into any code and it would get a list of users in a domain. What I DON'T want is for users to have to instantiate the ADConnection class with a username and password.
Is there a way to impersonate a currently logged on user using JNDI? Is there another way to do this?
public class ADConnection {
private DirContext ldapContext;
private String baseName;
private String serverIP;
private String user;
private String passwd;
public ADConnection(String baseDN, String serverIP, String user,
String passwd) {
this.baseName = baseDN;
this.serverIP = serverIP;
this.user = user;
this.passwd = passwd;
try {
Hashtable ldapEnv = new Hashtable(11);
ldapEnv.put(Context.INITIA L_CONTEXT_ FACTORY,
"com.sun.jndi.ldap.LdapCtx Factory");
ldapEnv.put(Context.PROVID ER_URL, "ldap://" + serverIP + ":389");
if (user != null) {
ldapEnv.put(Context.SECURI TY_AUTHENT ICATION, "simple");
ldapEnv.put(Context.SECURI TY_PRINCIP AL, user);
ldapEnv.put(Context.SECURI TY_CREDENT IALS, passwd);
}
ldapContext = new InitialDirContext(ldapEnv) ;
} catch (Exception e) {
System.out.println(" bind error: " + e);
e.printStackTrace();
System.exit(-1);
}
}
public NamingEnumeration search() {
SearchControls ctls = new SearchControls();
ctls.setReturningObjFlag(t rue);
String filter = "(objectclass=*)";
NamingEnumeration answer = null;
try {
answer = ldapContext.search(baseNam e, filter, ctls);
} catch (NamingException e) {
e.printStackTrace();
}
//printSearchEnumeration(a nswer);
return answer;
}
public static void printSearchEnumeration(Nam ingEnumera tion enum) {
try {
while (enum.hasMore()) {
SearchResult sr = (SearchResult) enum.next();
Attributes attrib = sr.getAttributes();
System.out.println(sr.getN ame() + ": " + attrib.get("mail"));
}
} catch (NamingException e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
ADConnection adc = new ADConnection(
"ou=Users, ou=My Domain, dc=dc, dc=local", "domainC",
"test@dc.local", "Password123");
NamingEnumeration searchResult;
searchResult = adc.search();
printSearchEnumeration(sea rchResult) ;
System.out.println("done") ;
}
}
Is there a way to impersonate a currently logged on user using JNDI? Is there another way to do this?
public class ADConnection {
private DirContext ldapContext;
private String baseName;
private String serverIP;
private String user;
private String passwd;
public ADConnection(String baseDN, String serverIP, String user,
String passwd) {
this.baseName = baseDN;
this.serverIP = serverIP;
this.user = user;
this.passwd = passwd;
try {
Hashtable ldapEnv = new Hashtable(11);
ldapEnv.put(Context.INITIA
"com.sun.jndi.ldap.LdapCtx
ldapEnv.put(Context.PROVID
if (user != null) {
ldapEnv.put(Context.SECURI
ldapEnv.put(Context.SECURI
ldapEnv.put(Context.SECURI
}
ldapContext = new InitialDirContext(ldapEnv)
} catch (Exception e) {
System.out.println(" bind error: " + e);
e.printStackTrace();
System.exit(-1);
}
}
public NamingEnumeration search() {
SearchControls ctls = new SearchControls();
ctls.setReturningObjFlag(t
String filter = "(objectclass=*)";
NamingEnumeration answer = null;
try {
answer = ldapContext.search(baseNam
} catch (NamingException e) {
e.printStackTrace();
}
//printSearchEnumeration(a
return answer;
}
public static void printSearchEnumeration(Nam
try {
while (enum.hasMore()) {
SearchResult sr = (SearchResult) enum.next();
Attributes attrib = sr.getAttributes();
System.out.println(sr.getN
}
} catch (NamingException e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
ADConnection adc = new ADConnection(
"ou=Users, ou=My Domain, dc=dc, dc=local", "domainC",
"test@dc.local", "Password123");
NamingEnumeration searchResult;
searchResult = adc.search();
printSearchEnumeration(sea
System.out.println("done")
}
}
You can certainly get the username of the suer logged in (using the "user.name" property) but you cannot get the password. I am afraid the users will need to enter the password somehow.
ASKER
Forgive my ignorance, but how do I access the user.name property.
I guess what i was trying to ask is that if there is any way to do this using Kerberos that wouldnt require any password entry.
I guess what i was trying to ask is that if there is any way to do this using Kerberos that wouldnt require any password entry.
Just use:
String userName = System.getProperty("user.n ame");
and it should return the login name of the user currently logged on.
String userName = System.getProperty("user.n
and it should return the login name of the user currently logged on.
ASKER
is there a way to use kerberos to impersonate the user??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
arite... figured it out... need to use the ntloginmodule.
:)