LDAP authentication with Java

Question

I have a web application where I try to use LDAP authentication for logging in (users log in with their Windows session ID)

I've tried this class:

public static boolean ad (String log,String pass) throws NamingException
{
    try
    {
        System.out.println("Début du test Active Directory");

        Hashtable<String, String> ldapEnv = new Hashtable<String, String>();
        ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        ldapEnv.put(Context.PROVIDER_URL,  "ldap://LDAPserver:389");
        ldapEnv.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
        ldapEnv.put("java.naming.security.sasl.realm","MyCompany.com");
        ldapEnv.put("javax.security.sasl.qop", "auth");
        ldapEnv.put("javax.security.sasl.strength","high");
        ldapEnv.put(Context.SECURITY_PRINCIPAL,log.toLowerCase());
        System.out.println(pass);
        ldapEnv.put(Context.SECURITY_CREDENTIALS,pass);      
        ldapContext = new InitialDirContext(ldapEnv);
        return true;
    }
    catch (Exception e)
    {
        return false;
    }
}

It works for some users, but not for all, and I don't understand why.

Answer 1

I have done the same thing in my project, it might helpful to you.

package com.agileinfotech.bsviewer.ldap;

import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;

public class LDAPLoginAuthentication {

    public LDAPLoginAuthentication() {
        // TODO Auto-generated constructor
    }

    public String authenticateUser(String username, String password) {
        String strUrl = "success";

        System.out.print("username :" + username + " password" + password);

        Hashtable env = new Hashtable(11);
        boolean b = false;
        String Securityprinciple = "cn=" + username + ",ou=users,o=agile-infotech,ou=system";
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, Securityprinciple);
        env.put(Context.SECURITY_CREDENTIALS, password);

        try {
            // Create initial context
            DirContext ctx = new InitialDirContext(env);
            // Close the context when we're done
            b = true;
            ctx.close();

        } catch (NamingException e) {
            b = false;
        } finally {
            if (b) {
                strUrl = "success";
            } else {
                strUrl = "failure";
            }
        }

        return strUrl;
    }
}

Answer 2

My answer comes very late, but it might help some users in any case so...
The developer specified that the authentication works for some users and not others. So a possible mistake here is the way the md5 is being generated: Some algorithms used to store the value in a number format, which is an issue when the value starts with 0. This is because the number format (integer, etc) will remove these 0 from the value, and invalidate your MD5.