Last active
January 16, 2020 10:26
-
-
Save ecki/cdd7a14575b7dca10da8d362974731a0 to your computer and use it in GitHub Desktop.
ActiveDirectory Test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.Arrays; | |
import java.util.Enumeration; | |
import java.util.Hashtable; | |
import javax.naming.Context; | |
import javax.naming.NamingException; | |
import javax.naming.directory.Attributes; | |
import javax.naming.directory.DirContext; | |
import javax.naming.directory.InitialDirContext; | |
import javax.security.sasl.Sasl; | |
import javax.security.sasl.SaslClientFactory; | |
/** | |
* Demonstrates how to discover a LDAP server's supported SASL mechanisms. | |
* <p> | |
* Can also be used to check LDAP connections. | |
*/ | |
class ServerSasl | |
{ | |
public static void main(String[] args) | |
{ | |
//diagSasl(); System.out.printf("%n----------%n%n"); | |
boolean isTLS = false; | |
boolean isDigest = true; // requires AD user with reversible PW encryption | |
String serverName = "bernd-adwin.bernd.test"; // URL must end in actual domain/realm: | |
try { | |
Hashtable<String, Object> env = new Hashtable<String, Object>(11); | |
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // TODO IBM | |
if (isTLS) { | |
env.put(Context.PROVIDER_URL, "ldaps://"+serverName+":636/"); | |
//env.put(Context.SECURITY_PROTOCOL, "ssl"); // default for ldaps | |
System.setProperty("javax.net.debug", "all"); // extreme JSSE debugging | |
} else { | |
env.put(Context.PROVIDER_URL, "ldap://"+serverName+":389/"); | |
} | |
if (isDigest) { | |
// configure it for DIGEST-MD5 with LDAP Signing (integrity protection) | |
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); // case sensitive in java11 | |
if (!isTLS) env.put("javax.security.sasl.qop", "auth-int"); // default auth | |
} else { | |
// simple bind is also the default | |
env.put(Context.SECURITY_AUTHENTICATION, "simple"); | |
} | |
// output hex dump of all LDAP messages | |
env.put("com.sun.jndi.ldap.trace.ber", System.out); | |
// UPN, Netbios or dn: format is fine: (realm is extracted from servername) | |
env.put(Context.SECURITY_PRINCIPAL, "bernd\\testview"); // testview@bernd.test | |
env.put(Context.SECURITY_CREDENTIALS, "PASS12345678); | |
DirContext ctx = new InitialDirContext(env); | |
System.out.println("Connected: name="+ ctx.getNameInNamespace() + " (obj=" + ctx + ")"); | |
// Sample Request (Read supportedSASLMechanisms from root DSE) | |
Attributes attrs = ctx.getAttributes("", new String[]{"supportedSASLMechanisms"}); | |
System.out.println(attrs); | |
// Close the context when we're done | |
ctx.close(); | |
} catch (NamingException e) { | |
e.printStackTrace(); | |
} | |
} | |
private static void diagSasl() | |
{ | |
Enumeration<SaslClientFactory> fs = Sasl.getSaslClientFactories(); | |
while(fs.hasMoreElements()) | |
{ | |
SaslClientFactory f = fs.nextElement(); | |
String[] ms = f.getMechanismNames(null); | |
System.out.println(" factory=" + f + " mechs=" + Arrays.deepToString(ms)); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
test with requiresigning=off server, isTLS=FALSE, isDIGEST=true | |
-> bernd-adwin.bernd.test:389 | |
0000: 30 18 02 01 01 60 13 02 01 03 04 00 A3 0C 04 0A 0....`.......... | |
0010: 44 49 47 45 53 54 2D 4D 44 35 DIGEST-MD5 | |
<- bernd-adwin.bernd.test:389 | |
0000: 30 84 00 00 00 FC 02 01 01 61 84 00 00 00 F3 0A 0........a...... | |
0010: 01 0E 04 00 04 00 87 82 00 E8 71 6F 70 3D 22 61 ..........qop="a | |
0020: 75 74 68 2C 61 75 74 68 2D 69 6E 74 2C 61 75 74 uth,auth-int,aut | |
0030: 68 2D 63 6F 6E 66 22 2C 63 69 70 68 65 72 3D 22 h-conf",cipher=" | |
0040: 33 64 65 73 2C 72 63 34 22 2C 61 6C 67 6F 72 69 3des,rc4",algori | |
0050: 74 68 6D 3D 6D 64 35 2D 73 65 73 73 2C 6E 6F 6E thm=md5-sess,non | |
0060: 63 65 3D 22 2B 55 70 67 72 61 64 65 64 2B 76 31 ce="+Upgraded+v1 | |
0070: 30 34 32 64 64 34 66 35 61 64 63 33 66 64 33 66 042dd4f5adc3fd3f | |
0080: 63 32 36 39 31 64 64 37 63 62 31 39 33 31 36 66 c2691dd7cb19316f | |
0090: 65 30 36 65 33 35 31 34 34 32 62 38 64 35 30 31 e06e351442b8d501 | |
00A0: 31 39 30 34 39 33 64 31 35 39 65 66 61 38 35 34 190493d159efa854 | |
00B0: 39 65 63 63 37 37 62 62 34 31 63 38 38 33 36 35 9ecc77bb41c88365 | |
00C0: 34 34 65 30 30 61 37 61 63 36 39 63 34 32 62 39 44e00a7ac69c42b9 | |
00D0: 32 62 39 38 63 34 31 61 39 65 30 65 63 32 66 63 2b98c41a9e0ec2fc | |
00E0: 22 2C 63 68 61 72 73 65 74 3D 75 74 66 2D 38 2C ",charset=utf-8, | |
00F0: 72 65 61 6C 6D 3D 22 62 65 72 6E 64 2E 74 65 73 realm="bernd.tes | |
0100: 74 22 t" | |
-> bernd-adwin.bernd.test:389 | |
0000: 30 82 01 8B 02 01 02 60 82 01 84 02 01 03 04 00 0......`........ | |
0010: A3 82 01 7B 04 0A 44 49 47 45 53 54 2D 4D 44 35 ......DIGEST-MD5 | |
0020: 04 82 01 6B 63 68 61 72 73 65 74 3D 75 74 66 2D ...kcharset=utf- | |
0030: 38 2C 75 73 65 72 6E 61 6D 65 3D 22 62 65 72 6E 8,username="bern | |
0040: 64 5C 5C 74 65 73 74 76 69 65 77 22 2C 72 65 61 d\\testview",rea | |
0050: 6C 6D 3D 22 62 65 72 6E 64 2E 74 65 73 74 22 2C lm="bernd.test", | |
0060: 6E 6F 6E 63 65 3D 22 2B 55 70 67 72 61 64 65 64 nonce="+Upgraded | |
0070: 2B 76 31 30 34 32 64 64 34 66 35 61 64 63 33 66 +v1042dd4f5adc3f | |
0080: 64 33 66 63 32 36 39 31 64 64 37 63 62 31 39 33 d3fc2691dd7cb193 | |
0090: 31 36 66 65 30 36 65 33 35 31 34 34 32 62 38 64 16fe06e351442b8d | |
00A0: 35 30 31 31 39 30 34 39 33 64 31 35 39 65 66 61 501190493d159efa | |
00B0: 38 35 34 39 65 63 63 37 37 62 62 34 31 63 38 38 8549ecc77bb41c88 | |
00C0: 33 36 35 34 34 65 30 30 61 37 61 63 36 39 63 34 36544e00a7ac69c4 | |
00D0: 32 62 39 32 62 39 38 63 34 31 61 39 65 30 65 63 2b92b98c41a9e0ec | |
00E0: 32 66 63 22 2C 6E 63 3D 30 30 30 30 30 30 30 31 2fc",nc=00000001 | |
00F0: 2C 63 6E 6F 6E 63 65 3D 22 46 36 6C 5A 76 6A 46 ,cnonce="F6lZvjF | |
0100: 57 55 31 72 59 32 52 6D 64 6C 53 49 6D 38 78 39 WU1rY2RmdlSIm8x9 | |
0110: 47 49 6B 48 67 65 69 61 50 34 34 6F 72 63 75 49 GIkHgeiaP44orcuI | |
0120: 34 22 2C 64 69 67 65 73 74 2D 75 72 69 3D 22 6C 4",digest-uri="l | |
0130: 64 61 70 2F 62 65 72 6E 64 2D 61 64 77 69 6E 2E dap/bernd-adwin. | |
0140: 62 65 72 6E 64 2E 74 65 73 74 22 2C 6D 61 78 62 bernd.test",maxb | |
0150: 75 66 3D 36 35 35 33 36 2C 72 65 73 70 6F 6E 73 uf=65536,respons | |
0160: 65 3D 39 32 36 35 33 63 32 65 32 37 35 35 64 36 e=92653c2e2755d6 | |
0170: 61 65 31 37 63 65 34 62 36 35 61 31 30 65 36 36 ae17ce4b65a10e66 | |
0180: 63 33 2C 71 6F 70 3D 61 75 74 68 2D 69 6E 74 c3,qop=auth-int | |
<- bernd-adwin.bernd.test:389 | |
0000: 30 84 00 00 00 3A 02 01 02 61 84 00 00 00 31 0A 0....:...a....1. | |
0010: 01 00 04 00 04 00 87 28 72 73 70 61 75 74 68 3D .......(rspauth= | |
0020: 39 36 32 31 33 30 38 39 65 39 62 37 65 66 36 64 96213089e9b7ef6d | |
0030: 36 65 30 34 38 64 31 65 32 64 33 61 32 34 35 35 6e048d1e2d3a2455 | |
Connected: name= (obj=javax.naming.directory.InitialDirContext@458c1321) | |
-> bernd-adwin.bernd.test:389 | |
0000: 30 5B 02 01 03 63 39 04 00 0A 01 00 0A 01 03 02 0[...c9......... | |
0010: 01 00 02 01 00 01 01 00 87 0B 6F 62 6A 65 63 74 ..........object | |
0020: 43 6C 61 73 73 30 19 04 17 73 75 70 70 6F 72 74 Class0...support | |
0030: 65 64 53 41 53 4C 4D 65 63 68 61 6E 69 73 6D 73 edSASLMechanisms | |
0040: A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 30 2E 31 ..0...2.16.840.1 | |
0050: 2E 31 31 33 37 33 30 2E 33 2E 34 2E 32 .113730.3.4.2 | |
<- bernd-adwin.bernd.test:389 | |
0000: 30 84 00 00 00 60 02 01 03 64 84 00 00 00 57 04 0....`...d....W. | |
0010: 00 30 84 00 00 00 4F 30 84 00 00 00 49 04 17 73 .0....O0....I..s | |
0020: 75 70 70 6F 72 74 65 64 53 41 53 4C 4D 65 63 68 upportedSASLMech | |
0030: 61 6E 69 73 6D 73 31 84 00 00 00 2A 04 06 47 53 anisms1....*..GS | |
0040: 53 41 50 49 04 0A 47 53 53 2D 53 50 4E 45 47 4F SAPI..GSS-SPNEGO | |
0050: 04 08 45 58 54 45 52 4E 41 4C 04 0A 44 49 47 45 ..EXTERNAL..DIGE | |
0060: 53 54 2D 4D 44 35 ST-MD5 | |
<- bernd-adwin.bernd.test:389 | |
0000: 30 84 00 00 00 10 02 01 03 65 84 00 00 00 07 0A 0........e...... | |
0010: 01 00 04 00 04 00 ...... | |
{supportedsaslmechanisms=supportedSASLMechanisms: GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} | |
-> bernd-adwin.bernd.test:389 | |
0000: 30 22 02 01 04 42 00 A0 1B 30 19 04 17 32 2E 31 0"...B...0...2.1 | |
0010: 36 2E 38 34 30 2E 31 2E 31 31 33 37 33 30 2E 33 6.840.1.113730.3 | |
0020: 2E 34 2E 32 .4.2 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment