• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 946
  • Last Modified:

Ldap Autentication

Hi!
I´m trying to authenticate in a domain using java and ldap.

  public boolean connect( String username, String password )
    throws Exception {
    try  {
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, LDAPCTXFACTORY);
        env.put(Context.PROVIDER_URL, url);
        env.put(Context.SECURITY_AUTHENTICATION, AUTHENTICATION_SIMPLE);
        env.put(Context.SECURITY_CREDENTIALS, password);
        env.put(Context.SECURITY_PRINCIPAL, username + "@" + domain);
        dirContext = new javax.naming.directory.InitialDirContext(env);    
        return true;
    } catch ( NamingException e )  {
        System.out.println("error: " + e.getMessage());
          return false;
    } catch ( Exception e )  {
        throw new Exception ("ERROR-LDAP: Error autenticando " + username +"/"
        + password + " " + e.getMessage(), e);
    }          
  }

where url:
url = "ldap://" + host + ":" + port + "/";

When I execute the code I get this error:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 ]

I know that this error is because the user cant logon in all domain computers.
I cant change this property and I want to know if there is a solution for this problem and how can I fix it.
0
olgavillamizar
Asked:
olgavillamizar
  • 2
1 Solution
 
KruleCommented:
Best I can do is give you some details on your error:

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0x531 - not permitted to logon from this workstation
DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: <multivalued list of workstation names>]
NOTE: Returns only when presented with valid username and password/credential.

Basically what this says to me is that the user is not allowed to logon from that particular workstation. Is the user able to logon interactively?
0
 
olgavillamizarAuthor Commented:
Hi Krule!
No the user has able to logon in few or in one workstation only.
When the user has the property to logon in all computers the error doesnt appear, but how to solve this without give to the user this property..(all computers)
Thanks
0
 
KruleCommented:
This is more of a LDAP question than it is JSP related, and as I am not an LDAP master, I cannot answer (sorry).

I can tell you with my limited LDAP knowledge that by the principle is that a user cannot access a machine that he cannot access (seems fairly obvious :p). So, either you give him access (limited) to do a programatic logon on that machine, or you don't, and it doesn't work.

That being said, there may be a way to get around this, you would have to ask in the LDAP forum however.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now