Is there a possible way to create LdapContext using keytab file instead of directly providing credentials? So let's assume that I currently have such piece of code
Hashtable<String,String> env=new Hashtable<String,String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,LDAP_PROVIDER_URL);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,LDAP_PRINCIPAL);
env.put(Context.SECURITY_CREDENTIALS,LDAP_CREDENTIALS);
LdapContext ctx = new InitialLdapContext(env,null);
So as you can see I specify username and password manually. So what's the proper way to specify keytab file instead?
Yes, you can and this works very well. Have a look at my DirContextSource library it will do all the hard work for you:
DirContextSource.Builder builder = new DirContextSource.Builder("ldap://hostname");
builder.gssApiAuth("MyAlternativeEntryName");
DirContextSource contextSource = builder.build();
// try and catch block omitted for the sake of brevity,
// handle NamingException appropriately
DirContext context = contextSource.getDirContext();
// Perform operations
context.close();
Make sure that you have a login.conf configured with the entry MyAlternativeEntryName which looks like:
MyAlternativeEntryName {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true
principal="myprincipal@EXAMPLE.COM"
useKeyTab=true keyTab="/path/to/krb5.keytab" storeKey=true;
};