I use:
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
Works for me.
Question
Common name, lets say "John Smith" is used compose the DN, but is it posible to compose a full DN using UID.
Im currently doing this and it works.
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
env.put(Context.PROVIDER_URL, "ldap://myDomain.com");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "CN=John Smith,OU=IT,OU=MyCompany,OU=Users,DC=myDomain,DC=com");
env.put(Context.SECURITY_CREDENTIALS, "myPassWrd");
Now I want to use UID
, for example J.smith, for authentication instead of his full name. Any ideas?
Solution 2
I use:
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
Works for me.
OTHER TIPS
In our LDAP autenthication routines, we create a jndi
user account that the application uses to authenticate itself in the LDAP, once the application stablishes the connection using the distinguished name of the jndi user (example: uid=jndi,ou=branch,dc=com,dc=your,dc=organization
) then (provided a branch for the user nodes in the tree) it uses the following code to check if the user uid
is in the LDAP tree:
public String findUserDnByBranchAndUid(String branchName, String uid) throws NamingException {
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setCountLimit(1);
NamingEnumeration<SearchResult> answer;
answer = dirContext.search(branchName, String.format("(uid=%s)", uid), searchControls);
if (answer.hasMoreElements()) {
SearchResult searchResult = answer.nextElement();
return searchResult.getNameInNamespace();
} else {
return null;
}
}
Calling it like this:
String userDn = findUserDnByBranchAndUid("ou=users,dc=com,dc=your,dc=organization", "jsmith");
If userDn
is not empty, then the user exists in the tree, then we proceed to establish a new conection using that DN (and the user password) instead of the jndi user DN.
If everithing goes well, then the user jsmith
is logged in with it's credentials with just his/her id, without providing any not user-friendly DN.