Solved

JNDI authentication question

Posted on 2004-09-09
7
821 Views
Last Modified: 2013-11-24
In my code, pasted below, I can get a list of users and their email addresses. I can paste this class into any code and it would get a list of users in a domain. What I DON'T want is for users to have to instantiate the ADConnection class with a username and password.

Is there a way to impersonate a currently logged on user using JNDI? Is there another way to do this?

public class ADConnection {

      private DirContext ldapContext;

      private String baseName;

      private String serverIP;

      private String user;

      private String passwd;

      public ADConnection(String baseDN, String serverIP, String user,
                  String passwd) {

            this.baseName = baseDN;
            this.serverIP = serverIP;
            this.user = user;
            this.passwd = passwd;

            try {
                  Hashtable ldapEnv = new Hashtable(11);

                  ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
                              "com.sun.jndi.ldap.LdapCtxFactory");
                  ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":389");
                  if (user != null) {
                        ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
                        ldapEnv.put(Context.SECURITY_PRINCIPAL, user);
                        ldapEnv.put(Context.SECURITY_CREDENTIALS, passwd);
                  }
                  ldapContext = new InitialDirContext(ldapEnv);
            } catch (Exception e) {
                  System.out.println(" bind error: " + e);
                  e.printStackTrace();
                  System.exit(-1);
            }
      }

      public NamingEnumeration search() {
            SearchControls ctls = new SearchControls();

            ctls.setReturningObjFlag(true);
            String filter = "(objectclass=*)";
            NamingEnumeration answer = null;
            try {
                  answer = ldapContext.search(baseName, filter, ctls);
            } catch (NamingException e) {
                  e.printStackTrace();
            }
            //printSearchEnumeration(answer);
            return answer;
      }

      public static void printSearchEnumeration(NamingEnumeration enum) {
            try {
                  while (enum.hasMore()) {
                        SearchResult sr = (SearchResult) enum.next();
                        Attributes attrib = sr.getAttributes();

                        System.out.println(sr.getName() + ": " + attrib.get("mail"));
                  }
            } catch (NamingException e) {
                  e.printStackTrace();
            }
      }

      public static void main(String[] args) {
            ADConnection adc = new ADConnection(
                        "ou=Users, ou=My Domain, dc=dc, dc=local", "domainC",
                        "test@dc.local", "Password123");
            NamingEnumeration searchResult;

            searchResult = adc.search();
            printSearchEnumeration(searchResult);
            System.out.println("done");
      }
}
0
Comment
Question by:thefallguy
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 12024103
You can certainly get the username of the suer logged in (using the "user.name" property) but you cannot get the password. I am afraid the users will need to enter the password somehow.
0
 
LVL 1

Author Comment

by:thefallguy
ID: 12026404
Forgive my ignorance, but how do I access the user.name property.

I guess what i was trying to ask is that if there is any way to do this using Kerberos that wouldnt require any password entry.
0
 
LVL 35

Expert Comment

by:girionis
ID: 12026619
Just use:

String userName = System.getProperty("user.name");

and it should return the login name of the user currently logged on.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:thefallguy
ID: 12027640
is there  a way to use kerberos to impersonate the user??
0
 
LVL 35

Accepted Solution

by:
girionis earned 125 total points
ID: 12041604
I am not sure, sorry, I never used kerberos and not sure how it works. Mayeb the following links will help though:

http://www.doc.ic.ac.uk/csg/faqs/servlets/kerbjava.html
http://www-106.ibm.com/developerworks/java/library/j-gssapi/
http://java.sun.com/products/jndi/saslmechs.html
0
 
LVL 1

Author Comment

by:thefallguy
ID: 12046506
arite... figured it out... need to use the ntloginmodule.
0
 
LVL 35

Expert Comment

by:girionis
ID: 12051706
:)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
This video teaches viewers about errors in exception handling.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now