Thanks very much for taking the time to reply. What you've said makes a lot more sense than what I thought was the case.
I've been reading up on LDAP over the last couple of days, and trying to understand how it functions, and how it's accessed via JNDI. I've also been looking at the source for LDAPAuthenticator, as I've been having problems in getting the connection to Active Directory working. I can see a few problems with the class as it stands:
1. The initial connection to the LDAP repository is made using the credentials of the user who is logging in - this means that when an exception is thrown, you cannot tell if the problem is with the connection itself, or with the users credentials.
2. Possibly as a result of the above, logging has been omitted from the class. This makes diagnosis of LDAP connection problems difficult.
I've written a quick replacement for the class; which works well with Apache Directory server; although it still doesn't work with our local Active Directory install - I think this is because of Active Directory. The approach is different - you connect with an administrative account (in the same way you would with, say,
JDBC), run a search on the username supplied, and if you get something back, reconnect to the repository as that user. This allows you to differentiate between situations where there's a problem with the LDAP setup, and where the user has supplied an incorrect username or password.
This is still a work in progress until I can confirm it works with AD; but here you go:
I made some changes to the LDAP section of the props file as well.
If I figure out what the problem is with AD, I'll let you know.
[originally posted on jforum.net by jsp1611]