It is common that after a migration to Java, specially coming from legacy platforms like LINC or COBOL, that our clients want to take advantage of new technologies. So it happens that they are now authenticating against an Active Directory or another LDAP server. And thanks to the new platforms it is really easy for us to help them integrate this new functionality.
This is sample program that show how to authenticate with for example a Windows Active Directory.
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.Hashtable;
import
javax.naming.Context;
import
javax.naming.NamingEnumeration;
import
javax.naming.NamingException;
import
javax.naming.directory.Attributes;
import
javax.naming.directory.SearchControls;
import
javax.naming.directory.SearchResult;
import
javax.naming.ldap.InitialLdapContext;
import
javax.naming.ldap.LdapContext;
public class LDAPTest
{
static class LDAP
{
static
String ATTRIBUTE_FOR_USER = "sAMAccountName";
public
Attributes authenticateUser(String username,
String password, String
_domain, String host, String dn)
{
String
returnedAtts[] ={ "sn", "givenName", "mail"
};
String
searchFilter = "(&(objectClass=user)("
+ ATTRIBUTE_FOR_USER + "=" +
username + "))";
//Create
the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
//Specify
the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String
searchBase = dn;
Hashtable
environment = new Hashtable();
environment.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
//Using
starndard Port, check your instalation
environment.put(Context.PROVIDER_URL,
"ldap://" + host + ":389");
environment.put(Context.SECURITY_AUTHENTICATION,
"simple");
environment.put(Context.SECURITY_PRINCIPAL,
username + "@" + _domain);
environment.put(Context.SECURITY_CREDENTIALS,
password);
LdapContext ctxGC = null;
try
{
ctxGC = new InitialLdapContext(environment, null);
// Search for objects in the GC using the
filter
NamingEnumeration answer
= ctxGC.search(searchBase, searchFilter, searchCtls);
while
(answer.hasMoreElements())
{
SearchResult sr =
(SearchResult)answer.next();
Attributes attrs =
sr.getAttributes();
if (attrs != null)
{
return attrs;
}
}
}
catch
(NamingException e)
{
System.out.println("Just reporting error");
e.printStackTrace();
}
return
null;
}
}
public static void main(String[] args) throws
Exception
{
InputStreamReader
converter = new InputStreamReader(System.in);
BufferedReader
in = new BufferedReader(converter);
System.out.println("Please type username:");
String
username = in.readLine();
System.out.println("Please type password:");
String
password = in.readLine();
LDAP
ldap = new LDAP();
//Yo
specify in the authenticate user the attributes that you want returned
//Some
companies use standard attributes like 'description' to hold an employee ID
//The
ActiveDirectory data can be enhanced to add custom attributes like
//printer
// Some
instalations usually have several ACtiveDirectoryServers, lets say
//
192.150.0.8, 192.150.0.7 y 192.150.0.9 and they use a
// DNS
round robin to balance the load
Attributes att =
ldap.authenticateUser(username, password, "mydomain.com",
"myactivedirectoryhost.com", "DC=mydomain,DC=com");
if
(att == null)
{
System.out.println("Sorry your use is invalid or password
incorrect");
}
else
{
String
s = att.get("givenName").toString();
System.out.println("GIVEN NAME=" + s);
}
}
}