Re: Connect Directory Services : invalid credentials
Re: Connect Directory Services : invalid credentials
- Subject: Re: Connect Directory Services : invalid credentials
- From: WebObjects - Anazys <email@hidden>
- Date: Thu, 13 Aug 2009 17:38:03 +0200
Ok thanks for that Mike.
If somebody want to try this, you can use these properties :
System.setProperty("java.security.krb5.realm", "<server_adress>");
System.setProperty("java.security.krb5.kdc",
"<server_adress>:<kerberos_port>");
The user name must be the short name of the user.
Thanks.
Cedric
Le 12 août 09 à 01:01, Mike Schrag a écrit :
If you're talking to OS X Open Directory, you probably want to auth
with Kerberos ... random chunks of appropriate code:
System.setProperty("java.security.auth.login.config",
KerberosAuthenticationManager.class.getResource("/com/mdimension/
authentication/kerberos.conf").toExternalForm());
System.setProperty("java.security.krb5.realm", realm);
System.setProperty("java.security.krb5.kdc", kdc);
String krbUserName = // email@hidden
char[] krbPassword = (password == null) ? null :
password.toCharArray();
LoginContext lc = new LoginContext("primaryLoginContext", new
UserNamePasswordCallbackHandler(krbUserName, krbPassword));
lc.login();
protected static class UserNamePasswordCallbackHandler implements
CallbackHandler {
private String _userName;
private char[] _password;
public UserNamePasswordCallbackHandler(String userName, char[]
password) {
_userName = userName;
_password = password;
}
public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback && _userName != null) {
((NameCallback) callback).setName(_userName);
}
else if (callback instanceof PasswordCallback && _password !=
null) {
((PasswordCallback) callback).setPassword(_password);
}
else {
throw new UnsupportedCallbackException(callback);
}
}
}
}
vdoop:authentication mschrag$ cat kerberos.conf
primaryLoginContext {
com.sun.security.auth.module.Krb5LoginModule required client=true
useTicketCache=false;
};
ms
On Aug 11, 2009, at 6:18 PM, WebObjects - Anazys wrote:
Hello everybody,
I try to connect to Directory Services via WO.
I successfully connect EOModeler to my LDAP server.
But now I want to authenticate with a login and password to the
Directory Services. After many different test, I didn't know how to
do that.
I also try Novell API but with the same result..
My last try was with LdapContext and
com.sun.jndi.ldap.LdapCtxFactory but I always have a [LDAP: error
code 49 - Invalid Credentials] for all my tests.
My code was nearly that, I think I tried all possible combination :
uid, cn
LdapContext ctx1;
Hashtable env = newHashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://<IP_SERVER>:389/
dc=<SERVER>,dc=<DOMAIN>,dc=com");
env.put(Context.SECURITY_AUTHENTICATION, "simple" );
env.put(Context.SECURITY_PRINCIPAL, "uid=<SHORT_NAME>");
env.put(Context.SECURITY_CREDENTIALS, <PASSWORD_STRING> );
try {
ctx1 = new InitialLdapContext(env, null);
ctx1.close();
}
Maybe the password can't be send in clear text. I also tried with
slappasswd (OpenLDAP password utility) to encrypt the password but
I have the same error...
Somebody succeed to use these API or another solution ?
Maybe I miss something..
My server is MacOSX 10.5.7
Thanks
Cedric
Le 7 oct. 05 à 20:19, Chuck Hill a écrit :
On Oct 6, 2005, at 7:53 PM, .::welemski::. wrote:
Hi,
I tried binding to ldap using this syntax in webobjects
String strCredentials;
// strCredentials="uid="+varUsername+",cn=users";
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"ldap://server.domain.com:389/dc=server,dc=comainl,dc=com");
// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
//env.put(Context.SECURITY_PRINCIPAL, "cn=S. User,
ou=NewHires,
o=JNDITutorial");
env.put(Context.SECURITY_PRINCIPAL, "cn=Directory
Administrator,dc=domain,dc=com");
try userid=<user id> instead of cn=Directory Administrator
Chuck
env.put(Context.SECURITY_CREDENTIALS, "mypassword");
try {
// Create initial context
DirContext ctx = new InitialDirContext(env);
System.out.println(ctx.lookup("ou=People"));
// do something useful with ctx
varResult=":D";
// Close the context when we're done
ctx.close();
} catch (NamingException e) {
varResult=":(";
e.printStackTrace();
}
but I get an error, "Invalid Credentials". my password is correct
--
-- -- -- -- -- -- -- -- -- -- --
welemski
-- -- -- -- -- -- -- -- -- -- --
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Coming in 2006 - an introduction to web applications using
WebObjects and Xcode http://www.global-village.net/wointro
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve
specific problems. http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden