Announcement Announcement Module
No announcement yet.
ActiveDirectory authentication Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • ActiveDirectory authentication

    Hello all
    i have a webapp which is currently usign LDAP for authenticating our users.
    At the moment i am using a LdapAuthenticationProvider along with ldap.authenticator.BindAuthenticator (and a user string, as i can login anonymously)

    I need to move to ActiveDirectory authentication very soon...

    the problem i have is that i can't bind anonymously to AD, so will need to login.

    That would be enough for me as the only reason i use AD is to authenticate users (roles are stored somewhere else).

    i have few issues here:
    I have tried to implement my own BindAuthenticator, which creates a DirContext with userCredentials., this way
            public DirContextOperations authenticate(Authentication authentication)
                    String principal = userPrefix + authentication.getPrincipal();
                    String password  = (String) authentication.getCredentials();
                    Hashtable<String, String> env = new Hashtable<String, String>();
                    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
                    env.put(Context.PROVIDER_URL, URL); 
                    env.put(Context.SECURITY_PRINCIPAL, principal); 
                    env.put(Context.SECURITY_CREDENTIALS, password); 
                    DirContext context = new InitialDirContext(env);
                    DirContextOperations authAdapter = new DirContextAdapter();
                    authAdapter.addAttributeValue("ldapContext", context);
                    return authAdapter;
                catch(Exception e)
                    throw new IllegalArgumentException(e);
    The problem i have with the code above (beign new to LDAP as well) is that for every authentication i need to create a DirContext.
    Will i run then out of connection in LDAP?
    Ideally when a user logs off, i should 'close' the connection to ldap, is that correct?
    but where do i do that if i use my custom LdapAuthenticator? at teh end of the DirContext creation?

    w/kindest regards