I'm implementing a profiled (user / group) web application and I need to import into my application database all users and groups of my Active Directory. I'm running this application on Apache Tomcat under Ubuntu Server. I'd like to leave the import operation to some admin user direclty under my webapplication but, if it's not possible, I thought to use a .NET client to manager the user.
I saw on some tuturial it's possible to reach the windows domain controller using java to authenticathe the user but, in that case, I don't need to authenticate the user, I just need to recognize the group of user using the property
System.getProperty("user.name")
to retrieve the user. I took a look to this tutorial:
http://gwallen.com/code/java/activedirectory.php
I tryied the first one but it doesn't works (LDAP: error code 49).
May you help me (suggesting me some tutorial or samples)?
thanks,Andrea
If you want to query AD without password you need core Windows solution. E.g. you can run dsquery command
You can use Spring Security to do so. Or just take a look at the classes which does so.
Related
A customer wants to reach a section (where a process with a wizard take place) of our app from their portal. It means, from their app (.Net) they want to have a link in order to reach a particular section of our app BUT! without having to go through the login process. Our app is a java app (GWT) and it uses FORM based authentication. I did an implementation with oAuth but they don't want login. I have not idea how to deal with this problem, I don't know if there is an alternative to get logged in by following the way they are looking for.
You probalbly need Single Sign On.
If you choose to go the SSO way, there are some libraries that might help like JCIFS (useful for auth using NTLM) , Jespa. There is also Waffle, but this one works just on Windows server.
This article explore many options for JBoss:
https://dzone.com/articles/choosing-sso-your-jboss
If I have a JBoss server which connects to an Active Directory Server using the LdapExtLoginModule, is it possible for my java restful web servlet to take in the name of a Group in Active Directory as a String, and ask the Active Directory Server for a list of Users which are a part of that Group?
Absolutely. The hard way would be to use JNDI to do an LDAP query for all users (objectCategory=person) with the attribute member=. But JNDI is not the most elegant API, finding an AD server properly is not trivial and you would have to do everything using DN strings and not the usual Windows names.
The easy way would be to use Jespa which makes this sort of thing almost trivial, it will fail-over to another AD server properly and it understands Windows group names, account names, SIDs and so on. Jespa also does a lot of other stuff. If you're ultimately trying to check group membership and you use the Jespa NtlmSecurityProvider for auth instead, you can check group membership using Account.isMemberOf (or isUserInRole) and it's MUCH quicker than doing LDAP.
We are in the process of developing a JSP based Web application. This application needs the logged in user ID from the local PC (Windows / Ubuntu?)
This can be achieved with the help of VBScript on the but unfortunately this solution will work only on Internet Explorer
Are there any ways to get the Windows (AD) user ID in Firefox as well as IE using JSP?
My requirement is very simple. I will store a list of User ID's on my Web application (XML file preferably) and will verify against the request and if the logged in user on Windows matches my list, the user can use my application.
This is a very simple application and the user base is very minimum.
Setup: Apache Tomcat v7.x, JSP
This question may have been asked many times but I still don't see a proper way to do this
I guess what you are looking for is Windows Authentication. Tomcat has built-in support for what you want.
How do I query the active directory in Java using the current logged on user in windows?
This is possible using C++ with ldap_bind_s and passing null in the credential.
It lets you bind to the AD with the current logged on user and query AD but I could not find its equivalent in Java.
I saw at other places that I can use kerberos but kerberos forces me to generate a keytab file for the user and uses it to communicate with AD using GSSAPI. I want to avoid asking users to generate keytab file.
I see that NTLMLoginModule lets you login without asking for any kind of keytab file or credential but then again there is no java library for binding to AD using the NTLMLoginModule.
Again, I am looking for a solution only for AD and not a generic LDAP solution. I know that a generic LDAP solution will not work this way.
I'm going off of this guy's post. You can go with the commercial Jespa library, which uses NTLMv2. Or you can go with the open source com4j project that uses ADSI, created by Kohsuke Kawaguchi.
I need to know if a user entered correct login information to Microsoft Active directory
I want the user to enter username and password on an xpage and it should only return if these values was entered correctly or not.
I know I can use ldap requests and send in credentials but have not seen any working solutions for this.
I need to use java as the code should be able to run on non windows servers
There are a number of approaches you can take:
The easiest would be to link the AD to Domino using DirectoryAssistance and let users login using their AD credentials in the first place.
If IIS is running on the AD server you could send an HTTP request using the Apache HTTPClient (and basic authentication) and see what's coming back
The best working Java libraries are listed in the Apache Directory project. There you would do an LDAP query (e.g. the user herself)
Let us know which one works for you
You can use JNDI to access the Active Directory. There are a lot of ressources on the web on how to do this, for example have a look at http://mhimu.wordpress.com/2009/03/18/active-directory-authentication-using-javajndi/
You have tagged the question as XPage, do you want to do the authentication from inside domino? In that case the domino server could do the authentication.