CODEWITHSUNDEEP
authenticationldapibm-mobilefirst
user2171359
user2171359

Reputation: 21

Unable to authenticate using LDAP authentication in IBM Worklight

I am developing a mobile application with IBM Worklight and I have some issues with the authentication. I am using a custom authenticator and a custom login module for validating the user credentials against a Tivoli directory server.

This is the code I am using, it works when I run it like a java application (class with a main method) in Worklight Studio, but when I run it like a Worklight application (in the login function of my custom login module) it returns a naming exception and prints jndi.20

public boolean login(Map<String, Object> authenticationData) {
    logger.info("SmaciLoginModule :: login");

    try{
        USERNAME = (String) authenticationData.get("username");
        PASSWORD = (String) authenticationData.get("password");
        String solicuser="uid="+USERNAME+",cn=users,dc=smaci,dc=ibm";
        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:1389/");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, solicuser);
        env.put(Context.SECURITY_CREDENTIALS, PASSWORD);
        DirContext ctx = new InitialDirContext(env);
        boolean result = ctx != null;

                if(ctx != null)
                    ctx.close();

            return result;

        }catch (Exception e) {
            throw new RuntimeException("Invalid credentials"+e.getMessage());
        }
}

I hope that you can help me with my problem. I don't have experience working with LDAP, I appreciate any suggestion. Thank you!

Upvotes: 2

Views: 810

Answers (1)

geoffc
geoffc

Reputation: 4100

Are you trying to get the password from the user, with this line? String pass=(String) entry.get("password").get().toString();

If so, that is unlikely to work. Passwords are almost never retrievable via LDAP. (The exceptions are slightly complex, so consider it impossible).

What you want to do instead is try to bind with the solicuser built DN, and the PASSWORD value. Then on success (and password is not empty, since that always succeeds, but as an anonymous bind, so you have to watch for it) you know you authenticated. Else you fail it. You might wish to examine the possible error messages. Various LDAP servers give different errors. Some will report a bad password, or a bad DN (i.e. No such user). Others not so much.

Upvotes: 2

Related Questions