Authenticating Users with Windows Active Directory from Java
Here is a sample code that works with me:
/////////////////////////////////////////////////////////////////////
import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;
public class Main {
public static void main(String[] args) {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"LDAP://my.ldap.server:389"); //replace with your server URL/IP
//only DIGEST-MD5 works with our Windows Active Directory
env.put(Context.SECURITY_AUTHENTICATION,
"DIGEST-MD5"); //No other SALS worked with me
env.put(Context.SECURITY_PRINCIPAL,
"user1"); // specify the username ONLY to let Microsoft Happy
env.put(Context.SECURITY_CREDENTIALS, "secret1"); //the password
DirContext ctx = new InitialDirContext(env);
ctx.close();
} catch(NamingException ne) {
System.out.println("Error authenticating user:");
System.out.println(ne.getMessage());
return;
}
//if no exception, the user is already authenticated.
System.out.println("OK, successfully authenticating user");
}
////////////////////////////////////////////////////////////////////
I stripped comments to make the blog shorter.
Resources Helped Me:
- Authentication against Active Directory and Edirectory via LDAP sample
- Ethereal to watch packets and know about the protocol and server URL/IP.
- ldapbrowser: I connected to our Microsoft Active Directory anonymously and know that DIGEST-MD5 SASL mechanism is supported.
Notes:
- The RFC2829 – http://www.ietf.org/rfc/rfc2829.txt – at section “6. Password-based authentication” states that supporting authentication with a password using the DIGEST-MD5 SASL mechanism is mandatory, so I am confident Microsoft will not drop its support.
- This is tested on JDK 1.5, I am sure it works on JRE1.5 and even may work with 1.4.
From ahm507.blogspot.com
0 responses to “Authenticating Users with Windows Active Directory from Java”
You save my life 🙂
This code works fine and it’s very easy to use and very intuitive.
Good work and thank you 🙂
This code is super portable and is just the tool I need for my web app.
Thanx 🙂
Hi Nice Blog,
But it doesnt works in my case, I get an error like Error authenticating user:
[LDAP: error code 49 – 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece]
I got it when I set up my domain in the PROVIDER_URL in other.
Hope you can help me,
Carlos
Hi
It was simple program but powerfull.but i am getting eception like this
“
Error authenticating user:
[LDAP: error code 49 – 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 “
Could you tell us what was wrong i am trying to figure this out for long time
can u guide me here
@Snake54 and anoymous
The SecurityContext error is because you haven’t included the domain in your login id. Usually it’s “YourDomain/UserName”.
Thank You very Much: this few lines makes me happy.
Mays you also help to get, once authenficationis sucessfull, the group list he user belongs ?
And Again, thanks a lot
Omer AKDENIZ
omer.akdeniz@free.fr
Hi i saw your code authenticate user from active directory.but i need retrive user group from Active directory and take when user login and logout time using java is it possible means sent me some sample code Advance in thanks…..
I don't have any code, sorry.
three years later, thanks for this!
Can anyone recommend the well-priced Script Deployment program for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: [url=http://www.n-able.com] N-able N-central network security software
[/url] ? What is your best take in cost vs performance among those three? I need a good advice please… Thanks in advance!
This code works fine and not complex
Thank You very much
erdem üstün
Boss…
This is the cool stuff..
Real simple solution for complex problem.
Yensee
does it work on windows 2000?
I have tried it and it gives me
Error authenticating user:
[LDAP: error code 49 – 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece]
and that is my code
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package authentication;
import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;
/**
*
* @author Administrator
*/
public class Authenticate {
public static void main(String[] args) {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"LDAP://10.10.10.100:389"); //replace with your server URL/IP
//only DIGEST-MD5 works with our Windows Active Directory
env.put(Context.SECURITY_AUTHENTICATION,
"DIGEST-MD5"); //No other SALS worked with me
env.put(Context.SECURITY_PRINCIPAL,
"DSFNORA/Administrator"); // specify the username ONLY to let Microsoft Happy
env.put(Context.SECURITY_CREDENTIALS, "Passw0rd"); //the password
DirContext ctx = new InitialDirContext(env);
ctx.close();
} catch (NamingException ne) {
System.out.println("Error authenticating user:");
System.out.println(ne.getMessage());
return;
}
//if no exception, the user is already authenticated.
System.out.println("OK, successfully authenticating user");
}
}
I have written the domain name before user name as you said, but I still have the error.
Please help
Thanks,
Bahaa
Sorry Pepo,
I am unable to support you. I hope someone else can help you.
Sorry for this.
Excellent work.. I am very thankful to you.
Great post. Just to add ldap authentication without SSL is not safe and anyone can view user credential because ldap client transfer usernamae and password during ldap bind operation so I have also included ldap using SSL also. See my blogpost Ldap authentication using Spring with Example for more details.
to Pepo.
It's not "DSFNORA/Administrator");
it's "DSFNORA\Administrator");
and, "simple", "no DIGEST-MD5"
😉
[LDAP: error code 49 – 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 "
Could you tell us what was wrong i am trying to figure this out for long time
Error
LDAP: error code 49 – 80090308:
is because logon user is locked, you have to unlock.
Ideally, using service management software optimizes an organization's business technology.
Integrating the product supply chain with services reduces costs. Providing quicker access
to replacement part inventories throughout a global organization improves customer
satisfaction and improves service revenue as well. Effective planning ensures technicians
arrive on customer sites with the right parts to fix problems on the first visit.
Service management software
Service software
Mobile field service
QuickBooks service software
Field service software
service inventory
QuickBooks inventory software
work orders
service system
service management
Field force automation