Solved

JNDI authentication question

Posted on 2004-09-09
7
830 Views
Last Modified: 2013-11-24
In my code, pasted below, I can get a list of users and their email addresses. I can paste this class into any code and it would get a list of users in a domain. What I DON'T want is for users to have to instantiate the ADConnection class with a username and password.

Is there a way to impersonate a currently logged on user using JNDI? Is there another way to do this?

public class ADConnection {

      private DirContext ldapContext;

      private String baseName;

      private String serverIP;

      private String user;

      private String passwd;

      public ADConnection(String baseDN, String serverIP, String user,
                  String passwd) {

            this.baseName = baseDN;
            this.serverIP = serverIP;
            this.user = user;
            this.passwd = passwd;

            try {
                  Hashtable ldapEnv = new Hashtable(11);

                  ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
                              "com.sun.jndi.ldap.LdapCtxFactory");
                  ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":389");
                  if (user != null) {
                        ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
                        ldapEnv.put(Context.SECURITY_PRINCIPAL, user);
                        ldapEnv.put(Context.SECURITY_CREDENTIALS, passwd);
                  }
                  ldapContext = new InitialDirContext(ldapEnv);
            } catch (Exception e) {
                  System.out.println(" bind error: " + e);
                  e.printStackTrace();
                  System.exit(-1);
            }
      }

      public NamingEnumeration search() {
            SearchControls ctls = new SearchControls();

            ctls.setReturningObjFlag(true);
            String filter = "(objectclass=*)";
            NamingEnumeration answer = null;
            try {
                  answer = ldapContext.search(baseName, filter, ctls);
            } catch (NamingException e) {
                  e.printStackTrace();
            }
            //printSearchEnumeration(answer);
            return answer;
      }

      public static void printSearchEnumeration(NamingEnumeration enum) {
            try {
                  while (enum.hasMore()) {
                        SearchResult sr = (SearchResult) enum.next();
                        Attributes attrib = sr.getAttributes();

                        System.out.println(sr.getName() + ": " + attrib.get("mail"));
                  }
            } catch (NamingException e) {
                  e.printStackTrace();
            }
      }

      public static void main(String[] args) {
            ADConnection adc = new ADConnection(
                        "ou=Users, ou=My Domain, dc=dc, dc=local", "domainC",
                        "test@dc.local", "Password123");
            NamingEnumeration searchResult;

            searchResult = adc.search();
            printSearchEnumeration(searchResult);
            System.out.println("done");
      }
}
0
Comment
Question by:thefallguy
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 12024103
You can certainly get the username of the suer logged in (using the "user.name" property) but you cannot get the password. I am afraid the users will need to enter the password somehow.
0
 
LVL 1

Author Comment

by:thefallguy
ID: 12026404
Forgive my ignorance, but how do I access the user.name property.

I guess what i was trying to ask is that if there is any way to do this using Kerberos that wouldnt require any password entry.
0
 
LVL 35

Expert Comment

by:girionis
ID: 12026619
Just use:

String userName = System.getProperty("user.name");

and it should return the login name of the user currently logged on.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 1

Author Comment

by:thefallguy
ID: 12027640
is there  a way to use kerberos to impersonate the user??
0
 
LVL 35

Accepted Solution

by:
girionis earned 125 total points
ID: 12041604
I am not sure, sorry, I never used kerberos and not sure how it works. Mayeb the following links will help though:

http://www.doc.ic.ac.uk/csg/faqs/servlets/kerbjava.html
http://www-106.ibm.com/developerworks/java/library/j-gssapi/
http://java.sun.com/products/jndi/saslmechs.html
0
 
LVL 1

Author Comment

by:thefallguy
ID: 12046506
arite... figured it out... need to use the ntloginmodule.
0
 
LVL 35

Expert Comment

by:girionis
ID: 12051706
:)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
This video teaches viewers about errors in exception handling.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question