Reputation: 135
Authenticate an Active Directory user with UnboundID using username
I'm building an application where I need to connect to Active Directory using UnboundID. Using an example, I managed to connect a user with their distinguishedName and password.
However I would like to authenticate them using only the domain and the username, similar to how it's done in Windows. Browsing AD using a tool called JXplorer it seems like the sAMAccountName might be the property I need. However replacing the distinguishedName with the sAMAccountName resulted in an AcceptSecurityContext error. Using the "uid=..." syntax shown in the example also yielded the same error.
Is there a way to logon using only the domain, username/sAMAccountName and password. or do I somehow need to search through AD and find the distinguishedName of the user I wish to authenticate, and then bind the connection using their distinguishedName and password?
Upvotes: 4
Views: 8111
Answers (2)
Reputation: 317
As @ioplex said in his comment, AD accepts a bind using the username from the sAMAccountName with the domain name appended to it. Just use it instead of the DN on the bind:
String userId = username + "@" + domain;
SimpleBindRequest adminBindRequest = new SimpleBindRequest(userId, passsword);
The final userId will be something like '[email protected]'
Upvotes: 8
Reputation: 11056
You will need to use an account with appropriate permissions to perform a search for samAccountName to locate the user and then bind as the found user using the Distinguished Name.
You need to be sure you only return one entry from the search.
Sample For Demonstration Purposes ONLY!
Parameters would be something like:
"adldap.example.com" "CN=bob,OU=Users,DC=example,DC=com" "connPwd" "OU=Users,DC=example,DC=com" "samAccountName" "findUserValue" "userPassword"
/**
* @author jwilleke <br/>
* Use For Demonstration Purposes ONLY!
* @param args
*/
public static void main(String[] args)
{
String connHost = args[0];
String connID = args[1];
String connPwd = args[2];
String searchBase = args[3];
String findUserByAttribute = args[4];
String findUserValue = args[5];
String userPassword = args[6];
int connPort = 389;
// TODO Auto-generated method stub
String actualLDAPServer = null;
RootDSE rootDSE = null;
// If I were doing this for real, I would use a POOL for Connections
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); // Use For Demonstration Purposes ONLY!
SSLSocketFactory sslSocketFactory = null;
try
{
sslSocketFactory = sslUtil.createSSLSocketFactory();
}
catch (GeneralSecurityException e1)
{
// TODO Auto-generated catch block
e1.printStackTrace();
}
SimpleBindRequest adminBindRequest = new SimpleBindRequest(connID, connPwd);
LDAPConnection adminConnection = new LDAPConnection(sslSocketFactory);
try
{
adminConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP adminConnection to:" + connHost + ":" + connPort);
adminConnection.bind(adminBindRequest);
log.debug("Successful Bind as:" + connID);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
LDAPConnection userConnection = new LDAPConnection(sslSocketFactory);
try
{
userConnection = new LDAPConnection(connHost, connPort);
log.debug("Successful LDAP userConnection to:" + connHost + ":" + connPort);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
// Construct Filter to find user
Filter findUserfilter = null;
findUserfilter = Filter.createEqualityFilter(findUserByAttribute, findUserValue);
// Create Search Request
SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, findUserfilter);
searchRequest.setSizeLimit(1); // We will error if we get more than one hit
SearchResult searchResult = null;
try
{
searchResult = adminConnection.search(searchRequest);
}
catch (LDAPSearchException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
String userDN = null;
if (searchResult.getEntryCount() > 1)
{
log.error("We got more than one Entry for:" + searchRequest.getFilter());
}
if (searchResult.getEntryCount() == 0)
{
log.error("We got No Entries for:" + searchRequest.getFilter());
}
for (SearchResultEntry entry : searchResult.getSearchEntries())
{
userDN = entry.getDN();
log.debug("Found an Entry: " + userDN);
}
SimpleBindRequest userBindRequest = new SimpleBindRequest(userDN, userPassword);
if (userBindRequest.getBindDN() == null)
{
log.warn("We got a null for the userBindRequest UserDN and therefore the bind is anonymous !");
}
if (userBindRequest.getPassword() == null)
{
log.warn("We got a null for the userBindRequest Password and therefore the bind is anonymous !");
}
try
{
userConnection.bind(userDN, userPassword);
log.debug("Successful userConnection Bind as:" + userDN);
}
catch (LDAPException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
-jim
Upvotes: 5
Related Questions
- Java LDAP authentication with username
- unlock user account using UNBoundID SDK
- OpenDJ with UnboundId LDAP SDK for Java
- Bind to Active Directory via SSL using unbound id
- Anonymous Bind using UnboundID LDAP sdk
- Unboundid not returning requested LDAP attributes. Why?
- How do I connect to the localhost using UnboundID LDAP SDK?
- How to get DN and password with UnboundID
- how to use UnboundID LDAP in android?
- how to get DN in LDAP with user ID using UnboundID LDAP SDK