Login/Register
Active Directory authentication through ssl as anonymous user
Asked Answered
Solved javaspringactive-directoryopenldap
I

2

0

I'm able to authenticate Active Directory with a user configured for ContextSource lifetime using Spring-ldap. My Spring xml configuration looks lilke this:

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <property name="contextSource" ref="contextSource" />
</bean>


<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://xxx.xxx.xxx.xxx:389" />
    <property name="userDn" value="[email protected]" />
    <property name="password" value="password" />

</bean>

The java code to authenticate the user is :

public boolean login(String username, String password) {
    AndFilter filter = new AndFilter();
    this.ldapTemplate.setIgnorePartialResultException(true); // Active Directory doesn’t transparently handle referrals. This fixes that.
    filter.and(new EqualsFilter("objectCategory","****"));
    filter.and(new EqualsFilter("objectClass","****"));
    filter.and(new EqualsFilter("sAMAccountName", username));
    return this.ldapTemplate.authenticate("OU=myBaseOu,DC=xyz,DC=def", filter.encode(), password);

    }

The same works with Linux open Ldap v3 also even if I don't set userDn and password property inside contextSource bean.

All I need is to configure this xml such that I can access Active Directory as anonymous user(Without setting userDn and password).

Also I need to authenticate user through SSL. For that I used 

<property name="url" value="ldaps://xxx.xxx.xxx.xxx:636" />

but I got exception like:

Exception in thread "main" org.springframework.ldap.CommunicationException: simple bind failed: 192.168.0.13:636; nested exception is javax.naming.CommunicationException: simple bind failed: 192.168.0.13:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

While searching though, I got solution that I need to point out the keystore where the certificates are stored. Here I'm not sure where to this(Either in java class or in xml file).

Your quick response will be appreciated. Thanks.

Illusion answered 13/6, 2013 at 10:16 Comment(0)
D
1

I did some research and found other applications having similar issues.

  1. Make sure you have imported your certificates into the keystore according to the Connect to LDAP or Other Services Via SSL instructions.
  2. Make sure any certificates have been imported into the correct keystore; you may have multiple JDKs.
Duodenum answered 13/6, 2013 at 10:34 Comment(2)
Well, I'm not clear but I was able to connect to Ldap server through SSL level using JXplorer.Illusion
You have to check if your JXplorer using the same jvm/jdk as your application. The keystore being used could be different.Duodenum
I
1

Some addition on DevZer0's answer on my SSL issue.

Just follow the instruction given in this link to get the certificate and put it into the jre\lib\security\ folder.

http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

Illusion answered 14/6, 2013 at 7:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.