Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

Unexpected checking with OpenLdap

Hi.

I'm trying to check user and password of uid into an OpenLdap session.

This is my method.

privatestaticboolean checkPsw(String host, String user, String psw){

boolean result =true;

Properties env =new Properties();

env.put(Context.INITIAL_CONTEXT_FACTORY,INITIAL_CONTEXT_FACTORY);

env.put(Context.PROVIDER_URL,host.trim());

env.put(Context.SECURITY_PRINCIPAL,user.trim());//"uid=master,cn=Users,o=myorganization,c=it");

env.put(Context.SECURITY_CREDENTIALS,psw.trim());//"qwertyui");

try{

// The following row (together with the catch block) is the only requested.

DirContext ctx =new InitialDirContext(env);

// The following rows are here for testing only

Attributes attrs = ctx.getAttributes(user,new String[]{"userPassword"});

if (attrs !=null){

Attribute attr = attrs.get("userPassword");

NamingEnumeration vals = attr.getAll();

while (vals.hasMoreElements()){

Object o = vals.nextElement();

System.out.println("userPassword:" +new String((byte[]) o));

}

}

}catch(Exception e){

result =false;

}

return result;

}

Now I print a piece of the .ldif which I used to load the server LDAP.

dn: cn=Users,o=myorganization,c=it

objectclass: container

objectclass: top

cn: Users

dn: cn=Groups,o=myorganization,c=it

objectclass: container

objectclass: top

cn: Groups

dn: uid=master,cn=Users,o=myorganization,c=it

objectclass: top

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

cn: master

givenName: master

sn: Master Master

uid: master

userPassword:: qwertyui

dn: uid=johndoe,cn=Users,o=myorganization,c=it

objectclass: top

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

cn: Doe

givenName: johndoe

sn: John Doe

uid: johndoe

userPassword:: abcdefgh

The problem is this:

If I try the authentication with the user "master" (and his password), I works correctly, i.e. I don't throw any Exception. I remember that "master" is the user root of my ldap.

On the other side, if I try the authentication with the user "johndoe" (and his password) I catch an AutenthicationException while, it works with the password equals to userid (userid=johndoe and password=johndoe).

In fact, if I "force" Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS with the user root values (look at the commented lines) I can explore the ldap with my user (johndoe).

The result is that the

System.out.println("userPassword:" + new String((byte[]) o));

returns "userPassword:johndoe".

If you think that I've loaded the LDAP uncorrectly, it's wrong.

I've browsed my server and re-exported into an ldif file into which the passwords are correct.

Could you help me?

Thanks a lot.

[4117 byte] By [mark.ofa] at [2007-10-2 20:19:35]
«« Starting point for Java Me
»» Is there any one to answer my question?XML is received in my Request obj
# 1
No idea about it?I can only add that the same trouble I've with an AIX Ldap and that my INITIAL_CONTEXT_FACTORY is "com.sun.jndi.ldap.LdapCtxFactory"
mark.ofa at 2007-7-13 23:01:45 > top of Java-index,Core,Core APIs...
# 2

import javax.naming.*;

import javax.naming.directory.*;

import java.util.*;

class TestPassword {

public static void main(String[] args) {

checkPsw("", "uid=master,ou=Users", "");

checkPsw("", "uid=johndoe,ou=Users", "");

}

private static boolean checkPsw(String host, String user, String psw){

// Set up environment for creating initial context

Hashtable<String,String> env = new Hashtable<String,String>(20);

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=myorganization,c=it");

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, "ou=Users,o=myorganization,c=it"); //rootdn in slapd.conf

env.put(Context.SECURITY_CREDENTIALS, "secret"); //rootpw in slapd.conf

try {

DirContext ctx = new InitialDirContext(env);

Attributes attrs = ctx.getAttributes(user.trim(), new String[] {"userPassword"});

if (attrs != null){

Attribute attr = attrs.get("userPassword");

NamingEnumeration vals = attr.getAll();

while (vals.hasMoreElements()){

Object o = vals.nextElement();

System.out.println("userPassword:" + new String((byte[]) o));

}

}

ctx.close();//

} catch (NamingException e) {

e.printStackTrace();

return false;

}

return true;

}

}

andresurbinaa at 2007-7-13 23:01:45 > top of Java-index,Core,Core APIs...
# 3

Nothing change.

The two System.out print the uid both (master and johndoe). And, I confirm that the password are different.

My test was been slightly different because,

env.put(Context.PROVIDER_URL, "ldap://10.50.5.173:389/cn=Users,o=myorganization,c=it");

env.put(Context.SECURITY_PRINCIPAL, "uid=master,cn=Users,o=myorganization,c=it");

and the calls are

checkPsw("", "uid=master", "");

checkPsw("", "uid=johndoe", "");

mark.ofa at 2007-7-13 23:01:45 > top of Java-index,Core,Core APIs...
Core APIs

Core New Topic

Core Hot Topic

Core

All Classified