Authentication & Authorization In LDAP (through JNDI)
2 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Nicholas_Whitehead
Posted On:   Saturday, June 23, 2001 05:29 AM

I am attempting to use LDAP for a custom security model and I would like to know the general pattern using JNDI to authenticate and authorize.

In order to authenticate a user, do I simply attempt to connect to LDAP using the suppplied principal and credentials ?

To authorize, is it simply a matter of verifying that a user exists in a specific list of people ?

Thanks.

//Nicholas

Re: Authentication & Authorization In LDAP (through JNDI)

Posted By:   Sheldon_Brown  
Posted On:   Saturday, October 27, 2001 09:50 AM

As of LDAPv3, a bind operation is annonymous unless credentials are provided. By setting the credentials in the environment and then binding, if the bind has succeeded, the credentials were valid and the user is authenticated.


A better question is the authorization, one that I am interested in myself. LDAP apparently only supports read and write permissioning, making no distinction between object level properties, and attribute level properties. Is there anyways to test for read / write permission?


Sheldon

Re: Authentication & Authorization In LDAP (through JNDI)

Posted By:   james_deibel  
Posted On:   Wednesday, July 11, 2001 02:17 PM

Here's the sample code I use everytime I have to code up an
authentication program through LDAP and JNDI. Just be sure
to set the the o and ou settings properly, as well as the
address of your LDAP server. Furthermore, check to see
what authentication service you use.

static final String LDAPServer = "ldap://domain.com:389";

public static boolean authenticate(String name, String passwd)
{
boolean authorized = false;
if(name.equals("") || passwd.equals(""))
return false;

// prepare new env object
Hashtable env = new Hashtable();
// specify context factory
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFacto
ry");

// Specify host and port to use for directory service
env.put( Context.PROVIDER_URL, LDAPServer );
env.put( Context.SECURITY_AUTHENTICATION, "simple");
String principal = "uid="+name+",ou=Blah, o=something.com";
env.put( Context.SECURITY_PRINCIPAL, principal );
env.put( Context.SECURITY_CREDENTIALS, passwd );

try {
// Create initial context
DirContext ctx = new InitialDirContext( env );

// Close the context when we're done
ctx.close();
authorized = true;
}
catch( Throwable e ) {
authorized = false;
}
return authorized;

}
About | Sitemap | Contact