CODEWITHSUNDEEP
javaldapkerberosjndigssapi
cccccyy
cccccyy

Reputation: 1

Jndi connect to LDAP by GssApi KrbException: Server not found in Kerberos database (7)

I use GSSAPI to connect to LDAP.

JNDI connect to LDAP by GssApi KrbException: Server not found in Kerberos database (7)

This is my code:

URL url= this.getClass().getClassLoader().getResource("conf/jaas.conf");
System.setProperty("java.security.auth.login.config", url.getPath());
System.setProperty("sun.security.krb5.debug", "true");
String loginAppName = "test.test";
LoginContext lc = new LoginContext(loginAppName, new SampleCallbackHandler("test","password"));

lc.login();
Subject subject = lc.getSubject();
Subject.doAs(subject, new JndiAction(new String[] { "" }));

jaas.conf

test.test {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
doNotPrompt=false
debug=true;
};

JndiAction

static class JndiAction implements java.security.PrivilegedAction {
        private String[] args;

        public JndiAction(String[] origArgs) {
            this.args = (String[])origArgs.clone();
        }

        public Object run() {
            performJndiOperation(args);
            return null;
        }

        private static void performJndiOperation(String[] args) {
            // Set up environment for creating initial context
            try {
                Hashtable<String, String> env = new Hashtable<>();
                env.put(Context.PROVIDER_URL, "ldap://localhost:389");
                System.setProperty("sun.security.krb5.debug", "true");

                env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
                env.put("javax.security.sasl.server.authentication", "true");
                env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
                env.put(Context.SECURITY_CREDENTIALS, "password");
                InitialLdapContext context1 = new InitialLdapContext(env, null);
                context1.close();
            } catch (NamingException e) {
                e.printStackTrace();
            }
        }
    }

krb5.conf

[libdefaults]
default_realm = TEST.TEST
default_tkt_enctypes = arcfour-hmac-md5
default_tgs_enctypes = arcfour-hmac-md5
permitted_enctypes = arcfour-hmac-md5

dns_lookup_kdc = true
dns_lookup_realm = false

[realms]
WORKSPACE.TEST = {
kdc = localhost
}

When I'm trying to initiate the context, i'm getting the following exception:

>>> KDCRep: init() encoding tag is 126 req type is 13
>>>KRBError:
     sTime is Thu Mar 28 16:12:02 CST 2024 1711613522000
     suSec is 178908
     error code is 7
     error Message is Server not found in Kerberos database
     sname is ldap/[email protected]
     msgType is 30
KrbException: Server not found in Kerberos database (7)
    at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
    at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:217)
    at sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:473)
    at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:338)
    at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:163)
    at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:496)
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:697)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
    at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:201)
    at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:185)
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:236)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2901)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    at javax.naming.InitialContext.init(InitialContext.java:244)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    
Caused by: KrbException: Identifier doesn't match expected value (906)
    at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
    at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
    at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
    at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
    ... 99 more

Can someone help me with this issue? And If I use this method to create ldap users, can I set a password

Upvotes: 0

Views: 54

Answers (0)

Related Questions