LDAP example for searching and simple binding (authentication)

LdapAuth.java

/*
 * First create the keystore (to allow SSL protection) by importing the LDAP
 * certificate (cert.pem) with:
 *   keytool -import -keystore keystore -storepass changeit -noprompt -file cert.pem
 *
 * You can get the certificate with OpenSSL:
 *   openssl s_client -connect ldap.server.com:636 </dev/null 2>/dev/null | sed -n '/^-----BEGIN/,/^-----END/ { p }' > cert.pem
 *  
 * Then compile this class with:
 *   javac LdapAuth.java
 *
 * Finally execute it with:
 *   java -Djavax.net.ssl.trustStore=keystore -Djavax.net.ssl.keyStorePassword=changeit LdapAuth <username> <password>
 */

import java.util.*;
import javax.naming.*;
import java.util.regex.*;
import javax.naming.directory.*;

public class LdapAuth {
	private final static String ldapURI = "ldaps://ldap.server.com/dc=ldap,dc=server,dc=com";
	private final static String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";

	private static DirContext ldapContext () throws Exception {
		Hashtable<String,String> env = new Hashtable <String,String>();
		return ldapContext(env);
	}

	private static DirContext ldapContext (Hashtable <String,String>env) throws Exception {
		env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
		env.put(Context.PROVIDER_URL, ldapURI);
		DirContext ctx = new InitialDirContext(env);
		return ctx;
	}

	private static String getUid (String user) throws Exception {
		DirContext ctx = ldapContext();

		String filter = "(uid=" + user + ")";
		SearchControls ctrl = new SearchControls();
		ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
		NamingEnumeration answer = ctx.search("", filter, ctrl);

		String dn;
		if (answer.hasMore()) {
			SearchResult result = (SearchResult) answer.next();
			dn = result.getNameInNamespace();
		}
		else {
			dn = null;
		}
		answer.close();
		return dn;
	}

	private static boolean testBind (String dn, String password) throws Exception {
		Hashtable<String,String> env = new Hashtable <String,String>();
		env.put(Context.SECURITY_AUTHENTICATION, "simple");
		env.put(Context.SECURITY_PRINCIPAL, dn);
		env.put(Context.SECURITY_CREDENTIALS, password);

		try {
			ldapContext(env);
		}
		catch (javax.naming.AuthenticationException e) {
			return false;
		}
		return true;
	}

	public static void main(String args[]) throws Exception {
		if (args.length != 2) {
			System.out.println( "missing requried username and password" );
			System.exit(1);
		}

		String user = args[0];
		String password = args[1];
		String dn = getUid( user );

		if (dn != null) {
			/* Found user - test password */
			if ( testBind( dn, password ) ) {
				System.out.println( "user '" + user + "' authentication succeeded" );
				System.exit(0);
			}
			else {
				System.out.println( "user '" + user + "' authentication failed" );
				System.exit(1);
			}
		}
		else {
			System.out.println( "user '" + user + "' not found" );
			System.exit(1);
		}
	}
}

Thanks for sharing.. This helped me.

Thank you for sharing this. Helped me a lot.

It did not worked as is for us. I assume first we are trying for a search anonymously, which is not allowed in our environment. avoiding the anonymous search worked for us. I shall paste the modified code if you want.

THANKS A LOT!!!

Thanks for the write up but as @surighanta pointed that anonymous search was not allowed in their environment, I too faced such an issue.
Can you help me in getting what all authentication protocols is supported by the server to which i am trying to bind. Is there a programmatic way to find that so that i can query the user for the appropriate additional information.

Thanks,
-Navneet

Hello i want to store a user in ldap i use bind method but when i search the user in ldap i found it but serialisable ,

It worked great! Thanks for sharing!

Brilliant!