CODEWITHSUNDEEP
authenticationactive-directoryldapldap-queryvds
user3402264
user3402264

Reputation: 1

Authentication against VDS LDAP

I want to authenticate user against VDS(virtual directory server) using Java.

Please help with any sample Java code for authentication against VDS

A sample code to authenticate against LDAP is as below

String userName = "John P R-Asst General Manager";
String passWord = "asdfgh123";
String base ="OU=SOU,DC=example,DC=com";
String dn = "cn=" + userName + "," + base;

String ldapURL = "ldap://mdsdc3.example.com:389";
authEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, ldapURL);
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
authEnv.put(Context.SECURITY_PRINCIPAL, dn);
authEnv.put(Context.SECURITY_CREDENTIALS, password);

try {
    DirContext authContext = new InitialDirContext(authEnv);
    return true;

} catch (NamingException namEx) {
    return false;
}

To authenticate against VDS, is a complete dn required. Because as per experts only username and password needs to be send to VDS. It will automatically find its DN and do the authentication. Will be thankful if anyone provide nice reference material regarding ldap and vds

Upvotes: 0

Views: 4706

Answers (1)

ig0774
ig0774

Reputation: 41237

A virtual directory server is a type of server that provides a unified view of identities regardless of how they are stored. (Or you may prefer Wikipedia's definition: "a software layer that delivers a single access point for identity management applications and service platforms"

LDAP is a protocol (hence the "P") for communicating with directory servers.

There isn't a necessary link between LDAP and a VDS, but it is likely that a VDS provides and LDAP interface and, potentially, other programmatic interfaces (Kerberos in particular comes to mind). The details of how you communicate with the VDS are going to be dependent on the configuration you are trying to talk to, but LDAP is a good bet.

Regarding needing a full DN, you don't even need a full DN to authenticate against plain Active Directory. The more usual mode would be to supply something like DOMAIN\username (using the sAMAccountName) or [email protected] (that is, the user principal name) as the SECURITY_PRINCIPAL. In your example, the user would need to type John P R-Asst General Manager rather than anything they are likely to regard as their "user name."

You do, however, need to work out what the VDS you are trying to communicate with requires as the user name. Does it need DOMAIN\username, something else? These are details that whoever runs the VDS you are communicating with should be able to provide you.

In code, you should wind up with something like this (assuming you can use LDAP):

String userName = "DOMAIN\johnp";
String passWord = "asdfgh123";

String ldapURL = "ldaps://vds.example.com";
authEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, ldapURL);
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
authEnv.put(Context.SECURITY_PRINCIPAL, username);
authEnv.put(Context.SECURITY_CREDENTIALS, password);

try {
    DirContext authContext = new InitialDirContext(authEnv);
    return true;
} catch (NamingException namEx) {
    return false;
}

Upvotes: 0

Related Questions