Friday, January 26, 2007

Authenticating Users with Windows Active Directory from Java

Authenticating Users with Windows Active Directory from Java

Here is a sample code that works with me:



/////////////////////////////////////////////////////////////////////


import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;

public class Main {

 public static void main(String[] args) {

 try {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,
             "LDAP://my.ldap.server:389"); //replace with your server URL/IP
             //only DIGEST-MD5 works with our Windows Active Directory
    env.put(Context.SECURITY_AUTHENTICATION,
             "DIGEST-MD5"); //No other SALS worked with me
    env.put(Context.SECURITY_PRINCIPAL,
            "user1"); // specify the username ONLY to let Microsoft Happy
    env.put(Context.SECURITY_CREDENTIALS, "secret1");   //the password

    DirContext ctx = new InitialDirContext(env);

    ctx.close();

  } catch(NamingException ne) {
    System.out.println("Error authenticating user:");
    System.out.println(ne.getMessage());
    return;
}

  //if no exception, the user is already authenticated.
  System.out.println("OK, successfully authenticating user");
}

////////////////////////////////////////////////////////////////////

I stripped comments to make the blog shorter.

Resources Helped Me:

Notes:
  1. The RFC2829 - http://www.ietf.org/rfc/rfc2829.txt - at section "6. Password-based authentication" states that supporting authentication with a password using the DIGEST-MD5 SASL mechanism is mandatory, so I am confident Microsoft will not drop its support.
  2. This is tested on JDK 1.5, I am sure it works on JRE1.5 and even may work with 1.4.


Posted by Ahmed Hammad

Labels: ,

8 comments:

Baptiste said...

You save my life :)

This code works fine and it's very easy to use and very intuitive.

Good work and thank you :)

6:04 PM
Piwe said...

This code is super portable and is just the tool I need for my web app.

Thanx :-)

6:11 PM
Smake54 said...

Hi Nice Blog,

But it doesnt works in my case, I get an error like Error authenticating user:
[LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece]

I got it when I set up my domain in the PROVIDER_URL in other.

Hope you can help me,
Carlos

9:35 PM
Anonymous said...

Hi
It was simple program but powerfull.but i am getting eception like this
"
Error authenticating user:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 "

Could you tell us what was wrong i am trying to figure this out for long time

can u guide me here

3:04 PM
bleh said...

@Snake54 and anoymous

The SecurityContext error is because you haven't included the domain in your login id. Usually it's "YourDomain/UserName".

2:41 PM
Omer AKDENIZ said...

Thank You very Much: this few lines makes me happy.

Mays you also help to get, once authenficationis sucessfull, the group list he user belongs ?

And Again, thanks a lot

Omer AKDENIZ
omer.akdeniz@free.fr

6:49 AM
RajaS* Forever * said...

Hi i saw your code authenticate user from active directory.but i need retrive user group from Active directory and take when user login and logout time using java is it possible means sent me some sample code Advance in thanks.....

12:00 PM
Ahmed Hammad said...

I don't have any code, sorry.

8:22 PM

Post a Comment

Subscribe to: Post Comments (Atom)