Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
LDAP example for searching and simple binding (authentication)
/*
* First create the keystore (to allow SSL protection) by importing the LDAP
* certificate (cert.pem) with:
* keytool -import -keystore keystore -storepass changeit -noprompt -file cert.pem
*
* You can get the certificate with OpenSSL:
* openssl s_client -connect ldap.server.com:636 </dev/null 2>/dev/null | sed -n '/^-----BEGIN/,/^-----END/ { p }' > cert.pem
*
* Then compile this class with:
* javac LdapAuth.java
*
* Finally execute it with:
* java -Djavax.net.ssl.trustStore=keystore -Djavax.net.ssl.keyStorePassword=changeit LdapAuth <username> <password>
*/
import java.util.*;
import javax.naming.*;
import java.util.regex.*;
import javax.naming.directory.*;
public class LdapAuth {
private final static String ldapURI = "ldaps://ldap.server.com/dc=ldap,dc=server,dc=com";
private final static String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
private static DirContext ldapContext () throws Exception {
Hashtable<String,String> env = new Hashtable <String,String>();
return ldapContext(env);
}
private static DirContext ldapContext (Hashtable <String,String>env) throws Exception {
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
env.put(Context.PROVIDER_URL, ldapURI);
DirContext ctx = new InitialDirContext(env);
return ctx;
}
private static String getUid (String user) throws Exception {
DirContext ctx = ldapContext();
String filter = "(uid=" + user + ")";
SearchControls ctrl = new SearchControls();
ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration answer = ctx.search("", filter, ctrl);
String dn;
if (answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
dn = result.getNameInNamespace();
}
else {
dn = null;
}
answer.close();
return dn;
}
private static boolean testBind (String dn, String password) throws Exception {
Hashtable<String,String> env = new Hashtable <String,String>();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
ldapContext(env);
}
catch (javax.naming.AuthenticationException e) {
return false;
}
return true;
}
public static void main(String args[]) throws Exception {
if (args.length != 2) {
System.out.println( "missing requried username and password" );
System.exit(1);
}
String user = args[0];
String password = args[1];
String dn = getUid( user );
if (dn != null) {
/* Found user - test password */
if ( testBind( dn, password ) ) {
System.out.println( "user '" + user + "' authentication succeeded" );
System.exit(0);
}
else {
System.out.println( "user '" + user + "' authentication failed" );
System.exit(1);
}
}
else {
System.out.println( "user '" + user + "' not found" );
System.exit(1);
}
}
}
@jjose122
Copy link

jjose122 commented Jan 20, 2016

Thanks for sharing.. This helped me.

@kjguruprasad
Copy link

kjguruprasad commented Sep 3, 2016

Thank you for sharing this. Helped me a lot.

@surighanta
Copy link

surighanta commented Sep 13, 2016

It did not worked as is for us. I assume first we are trying for a search anonymously, which is not allowed in our environment. avoiding the anonymous search worked for us. I shall paste the modified code if you want.

THANKS A LOT!!!

@KumarNavneet
Copy link

KumarNavneet commented Dec 2, 2016

Thanks for the write up but as @surighanta pointed that anonymous search was not allowed in their environment, I too faced such an issue.
Can you help me in getting what all authentication protocols is supported by the server to which i am trying to bind. Is there a programmatic way to find that so that i can query the user for the appropriate additional information.

Thanks,
-Navneet

@azedine--taha
Copy link

azedine--taha commented Jan 2, 2017

Hello i want to store a user in ldap i use bind method but when i search the user in ldap i found it but serialisable ,

@gncabrera
Copy link

gncabrera commented Jul 11, 2018

It worked great! Thanks for sharing!

@grendizer
Copy link

grendizer commented Jul 17, 2018

Brilliant!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment