J2EE application access to LDAP Server for authentication

Technote (FAQ)
Problem
Our J2EE applications are currently accessing the Domino LDAP Server for authentication via the LDAPAuthentication class, that was developed this in-house. This LDAPAuthentication class uses the JNDI API to search the Domino LDAP Server. We are, however, not able to use this same LDAPAuthentication class to search the ActiveDirectory. This is because the JNDI API is not supported by ActiveDirectory. Is there an alternative JAVA API (supported by ActiveDirectory) that we can use to customize our LDAPAuthentication class? This would allow us to access the ActiveDirectory for authentication.
Solution

ActiveDirectory supports the LDAP protocol. You can access it from Java by using the standard Java JNDI APIs. The LDAP server does not really have to support the JNDI APIs, just the LDAP protocol. If you are having problems, it is most likely a configuration problem in how you are attempting to access ActiveDirectory. I have included a simple test case program to authenticate a distinguished name to an LDAP server. Make sure your LDAPAuthentication class looks basically like this. In general, you should not have to treat ActiveDirectory any differently than any other LDAP Server.
      import java.util.Properties;
      import javax.naming.*;
      import javax.naming.directory.*;

      //include the JNDI in the classpath. You should use the same JDK used by WebSphere Application server.

      class wasLdapAuth
      {
      public static void main(String[] args)
      {
      //***************** user information to be authenticated ********************************
      //*****************Please modify the following three properties accordingly ************
      String ldapHost= "ldap://cliang1.austin.ibm.com:389"; //ldap host + port number
      String DN = "cn=user1, ou=Austin,o=ibm,c=us"; // DN to be authenticated
      String password = "security"; // DN's password
      //***************** End of user information

      Properties props = new Properties();
      props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      //for websphere 4.0 and 5.0
      //props.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.jndi.LDAPCtxFactory");
      // for WebSphere 3.5 release
      props.put(Context.SECURITY_AUTHENTICATION, "simple"); //use simple authentication mechanism
      props.put(Context.SECURITY_CREDENTIALS, password);
      props.put(Context.SECURITY_PRINCIPAL, DN);
      props.put(Context.PROVIDER_URL, ldapHost);

      long start = System.currentTimeMillis();
      long end=0;
      long time =0;

      try
      {
      System.out.println("authenticating");
      DirContext ctx = new InitialDirContext(props);
      System.out.println("authenticated");
      end = System.currentTimeMillis();
      time = end - start;
      System.out.println( "authentication takes = " + time + " millis");
      System.out.println("successfully authenticate DN: "+DN);

      }
      catch (Exception ex)
      {
      end = System.currentTimeMillis();
      time = end - start;
      System.out.println("Exception is "+ex.toString());
      ex.printStackTrace();
      System.out.println( "authentication takes = " + time + " millis");
      System.out.println("fail to authenticate DN: "+DN);
      }
      }
      }











    Document Information

    Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Administrative Console (all non-scripting)
    Operating system(s): Multi-Platform
    Software version: 3.5, 4.0, 5.0, 5.1, 6.0
    Software edition: Edition Independent
    Reference #: 1083788
    IBM Group: Software Group
    Modified date: 2003-02-06