Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
LDAP example for searching and simple binding (authentication)
* First create the keystore (to allow SSL protection) by importing the LDAP
* certificate (cert.pem) with:
* keytool -import -keystore keystore -storepass changeit -noprompt -file cert.pem
* You can get the certificate with OpenSSL:
* openssl s_client -connect </dev/null 2>/dev/null | sed -n '/^-----BEGIN/,/^-----END/ { p }' > cert.pem
* Then compile this class with:
* javac
* Finally execute it with:
* java LdapAuth <username> <password>
import java.util.*;
import javax.naming.*;
import java.util.regex.*;
public class LdapAuth {
private final static String ldapURI = "ldaps://,dc=server,dc=com";
private final static String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
private static DirContext ldapContext () throws Exception {
Hashtable<String,String> env = new Hashtable <String,String>();
return ldapContext(env);
private static DirContext ldapContext (Hashtable <String,String>env) throws Exception {
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
env.put(Context.PROVIDER_URL, ldapURI);
DirContext ctx = new InitialDirContext(env);
return ctx;
private static String getUid (String user) throws Exception {
DirContext ctx = ldapContext();
String filter = "(uid=" + user + ")";
SearchControls ctrl = new SearchControls();
NamingEnumeration answer ="", filter, ctrl);
String dn;
if (answer.hasMore()) {
SearchResult result = (SearchResult);
dn = result.getNameInNamespace();
else {
dn = null;
return dn;
private static boolean testBind (String dn, String password) throws Exception {
Hashtable<String,String> env = new Hashtable <String,String>();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
catch (javax.naming.AuthenticationException e) {
return false;
return true;
public static void main(String args[]) throws Exception {
if (args.length != 2) {
System.out.println( "missing requried username and password" );
String user = args[0];
String password = args[1];
String dn = getUid( user );
if (dn != null) {
/* Found user - test password */
if ( testBind( dn, password ) ) {
System.out.println( "user '" + user + "' authentication succeeded" );
else {
System.out.println( "user '" + user + "' authentication failed" );
else {
System.out.println( "user '" + user + "' not found" );
Copy link

jjose122 commented Jan 20, 2016

Thanks for sharing.. This helped me.

Copy link

kjguruprasad commented Sep 3, 2016

Thank you for sharing this. Helped me a lot.

Copy link

surighanta commented Sep 13, 2016

It did not worked as is for us. I assume first we are trying for a search anonymously, which is not allowed in our environment. avoiding the anonymous search worked for us. I shall paste the modified code if you want.


Copy link

KumarNavneet commented Dec 2, 2016

Thanks for the write up but as @surighanta pointed that anonymous search was not allowed in their environment, I too faced such an issue.
Can you help me in getting what all authentication protocols is supported by the server to which i am trying to bind. Is there a programmatic way to find that so that i can query the user for the appropriate additional information.


Copy link

azedine--taha commented Jan 2, 2017

Hello i want to store a user in ldap i use bind method but when i search the user in ldap i found it but serialisable ,

Copy link

gncabrera commented Jul 11, 2018

It worked great! Thanks for sharing!

Copy link

grendizer commented Jul 17, 2018


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment