• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

servlet querying active directory

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure if this post is in the right area, but I'm in need of some direction. I've been working through a document library web app and it's working like a champ. I've come to find out that the project is requiring that the users come from win2000 active directory instead of a database. Does anyone have information or know where I can find info on how to get my servlet to be able to query the domain controllers active directory for user info?
-Thanks
Chris
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Active Directory implements the LDAP protocol, so you can use this to query Active Directory via JNDI.
Do you know whether you need to query LDAP declaratively or programatically? You can configure application servers to authenticate against LDAP servers automagically, and you may be able to provide the integration you need without rewriting anything. Except maybe your login stuff to tie into the declarative security.
Dave
 
Chris Snapp
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Basically I'm looking to verify username and password from web inputs against the active directory. I would like to have a database table that associates that user and password with a "workspace". Upon a successfull login the server would check which "workspace" the user is authorized to view and pass them over to the servlet handling data connections for that "workspace". Anyways....as you can tell, I'm not familiar at all with working against an LDAP. Any info would be greatly appreciated.
-Thanks
Chris
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What I have done is incorporate Windows2000 groups as the "workspace" piece you are referring to. The Windows user ID must be created in order to authenticate into active directory anyway, so why not create group structures in active directory?
I would not keep a Windows password as a key in a database file. The user name would be OK. Passwords can be and should be changed at will by the user. No one else should know or be able to reference them.
Here is a simple method that can be placed in a class that would provide authentication to an active directory.
Note that Windows2000 active directory requires the user name to be in a user@domain.com format. Change the domain string to your domain.
Note that the providerURL must be the name of your server that houses the active directory. Change server.domain.com to your server name. Also change the "dc=" structures just after it.
In your class, you will need to import:
javax.naming.directory.*;
javax.naming.ldap.*;
javax.naming.*;
java.util.*;



This should work. This method is just part of a class that I call AuthenticateUser. Other methods I have in this will also look up group information which is more complex depending on your Windows group structure, but doable.
A great tool that I found to view the active directory along with all those funny "dc" and "ou" codes is called the LDAP Browser\Edtior at LDAP Browser\Editor. I found this immensely helpful while researching this topic. It is a java app, and I run it on my Linux box. Should run on Windows too.
Hope this helps.
--Tim
 
Chris Snapp
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry for the delayed response, holidays had me busy. Thanks Tim....I'm gonna give yer method a shot. It's definitely a huge help in getting me going on this. I've downloaded the ldap editor...one question on that. I'm running XP at home and was looking to test it, does XP use an active directory? Obviously my lack of knowledge on this ldap stuff should be apparent. Thanks again.
-Chris
 
Legend has it that if you rub the right tiny ad, a genie comes out.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic