A JSP System that has to authenticate user from the active directory
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Albert_Einstein
Posted On:   Wednesday, December 19, 2001 05:13 AM

i have a jsp system and i want to authenticate the user from the active directory. i have read much from the jguru faq but i didnt found a correct answer to this problem. my question is, is it possible and when how; to ask with a form in the index.jsp the users name and his password and then connect anyhow to the active directory and controll his name and the password. it were super if someone would sent me sample code for that problem. i know i can do that with ldap but i have also read over the problem with the password encryption ? please help me urgent thanks a lot markus    More>>


i have a jsp system and i want to authenticate the user from the active directory. i have read much from the jguru faq but i didnt found a correct answer to this problem.

my question is, is it possible and when how; to ask with a form in the index.jsp the users name and his password and then connect anyhow to the active directory and controll his name and the password.

it were super if someone would sent me sample code for that problem. i know i can do that with ldap but i have also read over the problem with the password encryption ?


please help me urgent


thanks a lot


markus

   <<Less

Re: A JSP System that has to authenticate user from the active directory

Posted By:   Christopher_Schultz  
Posted On:   Wednesday, December 19, 2001 10:14 AM

First of all, you want to AUTHORIZE the user, not authenticate them. Authentication is done using certificates, keys, etc.



To authorize the user, you'll want to grab their record from the LDAP server. See your local LDAP administrator for how to query for a record based upon username, password, etc. They'll tell you if you need to send any encrypted password, or if you should send it plaintext, etc.



If you can't search by password, you'll want to just search by username (and other required fields as determined by your LDAP configuration). Then, check the records you get to see if the password matches. You may have to use trap-door encryption to check the LDAP record password, since it is likely to be encrypted.



Gooe luck,

-chris
About | Sitemap | Contact