Announcement Announcement Module
Collapse
No announcement yet.
Windows/NT/AD Username Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows/NT/AD Username

    Hi all,
    I'm trying to access the windows username for use with Spring LDAP.
    Does anyone know how to achieve this?

    Any help would be much appreciated.
    Cheers
    Glenn

  • #2
    If you elaborate a little more i might be able to help you. The name of the attribute for the windows username is "sAMAccountName". Is that what you're asking for?

    Comment


    • #3
      By username I mean the windows signon credentials ie "doe_j" - not John Doe. Once I get "doe_j", I can query Active Directory & relevant details I need - primarily security roles.

      I have found JCIFS (http://jcifs.samba.org/) which allows you to access the windows user name in IE without prompting the user for any details.
      Non IE browsers present a basic challenge, but that will be fine as the business users use IE anyway.

      Does this make sense?
      I'll keep you all up-to-date on my progress & post the results for future reference by others.

      Cheers

      Comment


      • #4
        i have been trying to do the same thing

        currently i have a web based login that successfully validates against ldap (or cookie). it's not bad, lots of interesting code to make everything work correctly. but it would be a hell of a lot simpler (on both myself and my users) if i could just do identification: easily find out who is logged into windows, and check their account name against my database.

        but i can't find out how. i would think that it can be setup in tomcat's server.xml. then i should be able to call request.getRemoteUser()

        also we have IIS piping requests to tomcat via isapi. it's a very sensitive setup, i really don't want to touch it because i'll F it up and won't be able to fix it. but i'm not sure if that makes it easier / harder / impossible to do what i need. IIS is a piece of shit but it's what they use.

        anyone help us out?

        Comment


        • #5
          figured this out, posting for future reference.

          setup is tomcat 5.5.17, iis 6, isapi connector, and active directory.

          IIS manager > jakarta virtual directory properties > directory security > disable anonymous access > turn on windows authentication ... if you goto a webapp now you should get the username / password box


          in tomcat/conf/server.xml, inside the connector tag for IIS, put tomcatAuthentication="false" ... then request.getRemoteUser() should return DOMAIN\NT_NAME !

          huge success, my users are gonna be so happy. now that I already have a solid login via LDAP / remember me, i think i'll integrate the two. if I can pull a valid NT name out of getRemoteUser(), continue, if not fall back to the explicit login.

          Comment


          • #6
            This could certainly be applicable in a lot of public internet software. How about the security? Any issues that you know of?

            Comment


            • #7
              Originally posted by lloyd.mcclendon View Post
              figured this out, posting for future reference.

              setup is tomcat 5.5.17, iis 6, isapi connector, and active directory.

              IIS manager > jakarta virtual directory properties > directory security > disable anonymous access > turn on windows authentication ... if you goto a webapp now you should get the username / password box


              in tomcat/conf/server.xml, inside the connector tag for IIS, put tomcatAuthentication="false" ... then request.getRemoteUser() should return DOMAIN\NT_NAME !

              huge success, my users are gonna be so happy. now that I already have a solid login via LDAP / remember me, i think i'll integrate the two. if I can pull a valid NT name out of getRemoteUser(), continue, if not fall back to the explicit login.
              I know this is a blast to/from the past, but this was pretty useful for us to get the same thing working with JBoss 5, IIS 7.5 and isapi_redirect.

              Comment


              • #8
                Still trying to figure out....

                Comment

                Working...
                X