Simple JNDI Authentication to Active Directory/ADAM
I'm trying to do a simple JNDI/LDAP example to authenticate against an instance of Active Directory Application Mode (basically, a standalone version of Active Directory--much cleaner, IMHO), but I'm having a DEVIL of a time figuring out the LDAP URL and username/password settings. I'm certain it's something stupid, but the various permutations of the posible combinations haven't reached success so far....
Any takers out there? Just a simple example using "simple" auth would be great--I've written a bunch of JNDI code before, just can't figure out the right syntax for ADAM itself.
# 1
I am actually trying to do something similar.
I want to use JNDI to access MS AD as well...just to query to see if a user has an account. If they have an account, let then into the app. If not, don't let them in.
I am running into the same questions as the original poster.
Thanks
# 3
First of all I suggest that you familiarise yourself with ADAM as it has a few subtle differences compared to Active Directory. A good start is the Step-By-Step Guide available at http://www.microsoft.com/downloads/details.aspx?familyid=5163b97a-7df3-4b41-954e-0f7c04893e83
and The ADAM reference at
http://technet2.microsoft.com/WindowsServer/en/library/7cfc8997-bab2-4770-aff2-be424fd03cda1033.mspx?mfr=true
Secondly, have a look through my posts on Active Directory Authentication;
JNDI, Active Directory and Authentication (Part 1) (Kerberos)
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
JNDI, Active Directory & Authentication (part 2) (SSL)
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
JNDI, Active Directory & Authentication (part 3) (Digest-MD5)
http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)
http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0
The subtle nuances are:
By default only the adminstrator (the user who originally installed an ADAM instance) has access to the ADAM directory.
You must explicitly add Windows or ADAM users to the ADAM roles (administrators, readers, users)
An ADAM user is a user (or inetorgPerson or userproxy) object that has been added to the ADAM directory.
A Windows user is a user that has either been created on the local machine that is hosting ADAM, or if that machine is also a member of an Active Directory domain, then a user in the domain.
You can authenticate as an ADAM user (or userproxy) using simple authentication with either the full distinguished name or user principal name, or as a Windows user (using one of the supported SASL mechanisms such as GSS-API).
# 4
Thanks a million adler_steven. I had already seen the ADAM documentation and been through all of your posts on JNDI but to no avail. The two nuances which u mentioned in ur post did the job for me.
"The subtle nuances are:
By default only the adminstrator (the user who originally installed an ADAM instance) has access to the ADAM directory.
You must explicitly add Windows or ADAM users to the ADAM roles (administrators, readers, users)
An ADAM user is a user (or inetorgPerson or userproxy) object that has been added to the ADAM directory."
Thnx a lot :-)
