Search code examples
javaactive-directoryldapjndi

Establishing LDAP Connection with Java

I'm trying to establish an LDAP connection in Java using a function that returns an LdapContext and takes parameters for username, password, domain name, and server. Unclear on what these parameters should look like.

I'm attempting to connect to this read-only LDAP test server. http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

And the getConnection method I'm using is derived from the Active Directory class I have found here. http://www.javaxt.com/wiki/Tutorials/Windows/How_to_Authenticate_Users_with_Active_Directory

Currently, I am trying getConnection("tesla", "password", "cn=read-only-admin,dc=example,dc=com", "ldap.forumsys.com:389"), and this is not working. I have tried switching around domain and server, as well as tried "read-only-admin.example.com" instead of "cn=...".

getConnection function

public static LdapContext getConnection(String username, String password, String domainName, String serverName) throws NamingException {

        if (domainName==null){
            try{
                String fqdn = java.net.InetAddress.getLocalHost().getCanonicalHostName();
                if (fqdn.split("\\.").length>1) domainName = fqdn.substring(fqdn.indexOf(".")+1);
            }
            catch(java.net.UnknownHostException e){}
        }

        //System.out.println("Authenticating " + username + "@" + domainName + " through " + serverName);

        if (password!=null){
            password = password.trim();
            if (password.length()==0) password = null;
        }

        //bind by using the specified username/password
        Hashtable props = new Hashtable();
        String principalName = username + "@" + domainName;
        props.put(Context.SECURITY_PRINCIPAL, principalName);
        if (password!=null) props.put(Context.SECURITY_CREDENTIALS, password);


        String ldapURL = "ldap://" + ((serverName==null)? domainName : serverName + "." + domainName) + '/';
        props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        props.put(Context.PROVIDER_URL, ldapURL);
        try{
            return new InitialLdapContext(props, null);
        }
        catch(javax.naming.CommunicationException e){
            throw new NamingException("Failed to connect to " + domainName + ((serverName==null)? "" : " through " + serverName));
        }
        catch(NamingException e){
            throw new NamingException("Failed to authenticate " + username + "@" + domainName + ((serverName==null)? "" : " through " + serverName));
        }
    }

my attempt to connect

try{
                LdapContext ctx =  ActiveDirectory.getConnection("tesla", "password", "cn=read-only-admin,dc=example,dc=com", "ldap.forumsys.com:389");
                ctx.close();
            }
            catch(Exception e){
                //Failed to authenticate user!
            }

It catches the exception "javax.naming.CommunicationException".

Solution

  • The problem is that you are trying to use a non-standard username to authenticate (which works with AD but not with OpenLDAP).

    String principalName = username + "@" + domainName;
props.put(Context.SECURITY_PRINCIPAL, principalName);

    With OpenLDAP and as illustrated in the tutorial, the principalName should be uid=tesla,dc=example,dc=com