We help IT Professionals succeed at work.

LDAP authentication failure

cofactor
cofactor asked
on
I'm following this LDAP authentication code

LDAP Authentication code

replaced parameters with my own parameters to authenticate  with OpenLDAP 2.4.31


public static void main(String[] args)
	{
		String username = "jsmith";
		String password = "password@123"; 
		String base = "ou=people,dc=nodomain";
		String dn = "uid=" + username + "," + base;
		String ldapURL = "ldap://xx.xx.xx.xx:389";

		// Setup environment for authenticating
		
		Hashtable<String, String> environment = 
			new Hashtable<String, String>();
		environment.put(Context.INITIAL_CONTEXT_FACTORY,
				"com.sun.jndi.ldap.LdapCtxFactory");
		environment.put(Context.PROVIDER_URL, ldapURL);
		environment.put(Context.SECURITY_AUTHENTICATION, "simple");
		environment.put(Context.SECURITY_PRINCIPAL, dn);
		environment.put(Context.SECURITY_CREDENTIALS, password);

		try
		{
			DirContext authContext = 
				new InitialDirContext(environment);
			System.out.println("authentication success!");
			
			// user is authenticated
			
		}
		catch (AuthenticationException ex)
		{
			System.out.println("authentication failed!");   // I'm getting this print
			// Authentication failed

		}
		catch (NamingException ex)
		{
			ex.printStackTrace();
		}
	}
}

Open in new window


I am getting authentication failure message . ..what I'm doing wrong ?  ..unable to find the root cause.
Do I need to send password encrypted  ?
Comment
Watch Question

Author

Commented:
comments please
Systech AdminChief Technology Officer

Commented:
What is the error you are getting ? Can you please share the logs?
Top Expert 2016

Commented:
You might get more useful information with ex.printStackTrace();

Author

Commented:
directory structure :
ldap directory structure
OpenLDAP admin DN :  cn=admin,dc=nodomain
admin password:  root@123

When I added  this user via ldif file content was like this : ( note the userPassword)

dn: cn=S K Das,ou=people,dc=nodomain
objectclass: inetOrgPerson
cn: S K Das
sn: skda
uid: skdas
userPassword: daSsk
carlicense: ABCD 123
homephone: 123-111-2456
mail: skdas1@nodomain.com
mail: skdas2@nodomain.com
mail: skdas3@nodomain.com
description: swell guy
ou: Human Resources

Open in new window


Here is my LDAP search code in java

public static void main(String[] args)
	{
		 String username = "skdas";
		 String password = "daSsk";
		 String base = "cn=S K Das,ou=people,dc=nodomain";

		String dn = "uid=" + username + "," + base;
		String ldapURL = "ldap://xx.xx.xx.xxx:389";

		// Setup environment for authenticating
		
		Hashtable<String, String> environment = 
			new Hashtable<String, String>();
		environment.put(Context.INITIAL_CONTEXT_FACTORY,
				"com.sun.jndi.ldap.LdapCtxFactory");
		environment.put(Context.PROVIDER_URL, ldapURL);
		environment.put(Context.SECURITY_AUTHENTICATION, "simple");
		environment.put(Context.SECURITY_PRINCIPAL, dn);
		environment.put(Context.SECURITY_CREDENTIALS, password);

		try
		{
			DirContext authContext = 
				new InitialDirContext(environment);
			System.out.println("authentication success!");
			
			// user is authenticated
			
		}
		catch (AuthenticationException ex)
		{
			ex.printStackTrace();
			System.out.println("authentication failed!");
			// Authentication failed

		}
		catch (NamingException ex)
		{
			ex.printStackTrace();
		}
	}
	

Open in new window



Error:
StackTrace :
	
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
	at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
	at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
	at javax.naming.InitialContext.init(Unknown Source)
	at javax.naming.InitialContext.<init>(Unknown Source)
	at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
	at com.techm.bm.LdapConnect.main(LdapConnect.java:96)
authentication failed!

Open in new window




What I am doing wrong ?
Top Expert 2016
Commented:
Sorry - i don't do LDAP but instead of

environment.put(Context.SECURITY_PRINCIPAL, dn);

Open in new window


try

environment.put(Context.SECURITY_PRINCIPAL, base);

Open in new window

Author

Commented:
try

environment.put(Context.SECURITY_PRINCIPAL, base);

Open in new window


okay....verified now.

It prints authentication success!


But  there is no  username in  base ..right ?  

Is not we do authenticate username with its password ?

What is to do now ?
Top Expert 2016

Commented:
The username is cn is it not? I mean - you tell me - i told you i didn't do LDAP ;)

Author

Commented:
The username is cn is it not?

as per my understanding username is  uid  which  is  skdas  in this example

correct me if I'm wrong.