Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

Problems Binding to AD

Hi,

I have created one user in Active Directory using ssl with the code in

http://forum.java.sun.com/thread.jspa?threadID=582103

My code to create the user ibBSO_prueba02 is:

publicstaticvoid main(String[] args){

//some useful constants from lmaccess.h

int UF_ACCOUNTDISABLE = 0x0002;

int UF_PASSWD_NOTREQD = 0x0020;

int UF_PASSWD_CANT_CHANGE = 0x0040;

int UF_NORMAL_ACCOUNT = 0x0200;

int UF_DONT_EXPIRE_PASSWD = 0x10000;

int UF_PASSWORD_EXPIRED = 0x800000;

Hashtable env =new Hashtable();

try{

System.setProperty("javax.net.ssl.trustStore","C:\\temp\\ldap.truststore");

System.setProperty("javax.net.ssl.trustStorePassword","ibsoftdev");

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

//set security credentials, note using simple cleartext authentication

env.put(Context.SECURITY_AUTHENTICATION,"simple");

env.put(Context.SECURITY_PRINCIPAL,"svc_portalelectronico_des@Desextra.banesco.com");

env.put(Context.SECURITY_CREDENTIALS,"XXXXXXX");

//specify the use of SSL

env.put(Context.SECURITY_PROTOCOL,"ssl");

//connect to my domain controller

env.put(Context.PROVIDER_URL,"ldaps://Desextra.banesco.com:636");

// Create the initial directory context

LdapContext ctx =new InitialLdapContext(env,null);

// Create attributes to be associated with the new user

Attributes attrs =new BasicAttributes(true);

String userName ="CN=ibBSO_prueba02,OU=Usuarios,DC=Desextra,DC=banesco,DC=com";

String userPassword ="\"Password123\"";

attrs.put("objectClass","user");

attrs.put("samAccountName","ibBSO_prueba02");

attrs.put("cn","ibBSO_prueba02");

attrs.put("displayName","ibBSO_prueba02");

attrs.put("userPrincipalName","ibBSO_prueba02@Desextra.banesco.com");

//Note that you need to create the user object before you can

//set the password. Therefore as the user is created with no

//password, user AccountControl must be set to the following

//otherwise the Win2K3 password filter will return error 53

//unwilling to perform.

attrs.put("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));

// Create the context

Context result = ctx.createSubcontext(userName, attrs);

System.out.println("Created disabled account for: " + userName);

//now that we've created the user object,

//set the password and change the userAccountControl

ModificationItem[] mods =new ModificationItem[2];

//Replace the "unicdodePwd" attribute with a new value

//Password must be both Unicode and a quoted string

String newQuotedPassword = userPassword;

byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");

mods[0] =new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("unicodePwd", newUnicodePassword));

//mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT+UF_PASSWORD_EXPIRED)));

mods[1] =new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl", Integer.toString(UF_NORMAL_ACCOUNT)));

// Perform the update

ctx.modifyAttributes(userName, mods);

ctx.close();

}

catch (IOException e){

System.err.println("Problem creating object: " + e);

}

}

The user is created in Active Directory with userAccountControl=512 and I can view the user with LDAP Browser/Editor 2.8.2 (Very Good Tool). However when I try bind to the new user the next exception appear:

Problem creating object: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 775, vece

My code to bind is:

publicstaticvoid main(String[] args){

Hashtable env =new Hashtable();

String name ="ibBSO_prueba02@Desextra.banesco.com";

String password ="Password123";

//set security credentials, note using simple cleartext authentication

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL,"ldap://Desextra.banesco.com:389");

env.put(Context.SECURITY_AUTHENTICATION,"simple");

env.put(Context.SECURITY_PRINCIPAL, name);

env.put(Context.SECURITY_CREDENTIALS, password);

try{

// Create the initial directory context

LdapContext ctx =new InitialLdapContext(env,null);

ctx.close();

}

catch (NamingException e){

System.err.println("Problem creating object: " + e);

}

}

Why this Exception ?

Thanks

Cesar

[7699 byte] By [cesar_cuchivanoa] at [2007-11-27 0:16:53]
«« Generate dynamic JSF Pages
»» Submit problem when valuechangeListener is used
# 1

LDAP error 49, means invalid credentials. In other words you did not successfully login.

The Active Directory error message, specifically "data 775" means the account is locked.

Did you perhaps try logging in a few times with an incorrect password just to test your application was working correctly ?

If the account lockout policy has been enabled, after x unsuccessful logon attempts, the account will be locked out.

You have to either explicitly unlock the account, or wait until the lockout duration has expired.

Information on account lockout can be found at http://forum.java.sun.com/thread.jspa?threadID=716240&messageID=9401215

Good luck.

adler_stevena at 2007-7-11 22:05:21 > top of Java-index,Core,Core APIs...
Core
Core APIs

Core New Topic

Core Hot Topic

Core

All Classified