helpermethod
Reputation: 62185
Connecting to AD using JNDI - Why must the security principal be supplied in the format username@domain?
I'm trying to connect to an Active Directory using the standard Java (javax.naming.*) libraries.
This seems to work exactly like connecting to any other LDAP except for one difference: The SECURITY_PRINCIPAL needs to be supplied in the form
sAMAccountName@domainComponent(s)
e.g.
env.put(Context.SECURITY_PRINCIPAL, "[email protected]"
Trying to use use a valid DN which points to the exact same user like
env.put(Context.SECURITY_PRINCIPAL, "cn=foo,cn=Users,dc=bar,dc=baz,dc=org
result in a AuthenticationException. Is this something specific to Active Directory? For other LDAP DS, the last approach always worked.
Upvotes: 1
Views: 568
Answers (1)
Michael-O
Reputation: 18405
This is not AD authentication what you are performing. You are performing a mere LDAP bind. AD auth is Kerberos.
The LDAP compement of the AD expects principal either as UPN, samaccountname or NT4-style logins. No DNs accepted.
Upvotes: 1
Related Questions
- How to validate user credentials with active directory using java naming interface (JNDI)
- javax.naming.OperationNotSupportedException Java application with Active directory
- LDAP authentication with JNDI
- Java ldap authentication issue
- JNDI with Active Directory PartialResultException
- Could not connect to Active Directory services through LDAP in JAVA
- Java Kerberos authentication using Active Directory User Principal Name
- Authenticate on LDAP with current user in JNDI/Java
- LDAP user password authentication using JNDI
- LDAP attributes with JNDI.LDAP