Re: Unable to bind to ADAM using windows account
- From: "Lee Flight" <lef@xxxxxxxxxxxxxxx>
- Date: Wed, 21 Nov 2007 23:18:41 -0000
Hi
a further thought on this, do you hit this problem for
an ADAM instance running on a member server rather than
on the DC?
Lee Flight
"choukse" <choukse.30dm7g@xxxxxxxxxxxxx> wrote in message
news:choukse.30dm7g@xxxxxxxxxxxxxxxx
Hi All,
I am trying to bind to ADAM instance with a windows user through JNDI
and it keeps failing. My ADAM and AD is running on same Windows 2k3
server.
But, through LDP I am able to bind with the same windows user
successfully and browse through the entire tree successfully.
The error is as below
Kerberos username [CHOUKSE]:My code is as follows
Kerberos password for CHOUKSE: password
Context initialization attempt failed
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
LdapErr: DSID-0C090441, comment: AcceptSecurityContext error, data 56,
vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown
Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at
com.nortel.kerberos.action.JndiAction.performJndiOperation(JndiAction.java:63)
at com.nortel.kerberos.action.JndiAction.run(JndiAction.java:27)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at
com.nortel.kerberos.cli.KerberosAuthenticator.main(KerberosAuthenticator.java:87)
Code:
--------------------
package com.nortel.kerberos.cli;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import com.nortel.kerberos.handler.KerberosCallBackHandler;
public class KerberosAuthenticator
{
public static void main(String[] args) {
// 1. Log in (to Kerberos)
LoginContext lc = null;
try
{
lc = new LoginContext(KerberosAuthenticator.class.getName(),
new KerberosCallBackHandler());
// Attempt authentication
lc.login();
}
catch (LoginException le) {
System.err.println("Authentication attempt failed " + le);
System.exit(-1);
}
// 2. Perform JNDI work as logged in subject
Subject.doAs(lc.getSubject(), new JndiAction(args));
}
}
class JndiAction implements java.security.PrivilegedAction
{
private String[] args;
public JndiAction(String[] origArgs)
{
this.args = (String[])origArgs.clone();
}
public Object run()
{
performJndiOperation(args);
return null;
}
private static void performJndiOperation(String[] args)
{
String dn;
// Set up environment for creating initial context
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// Must use fully qualified hostname
env.put(Context.PROVIDER_URL,
"ldap://ac007899.shell.com:50000";);
// Request the use of the "GSSAPI" SASL mechanism
// Authenticate by using already established Kerberos credentials
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
// Optional first argument is comma-separated list of auth, auth-int,
// auth-conf
if (args.length > 0) {
env.put("javax.security.sasl.qop", args[0]);
dn = args[1];
} else {
dn = "O=Test,C=CA";
}
try
{
/* Create initial context */
DirContext ctx = new InitialDirContext(env);
System.out.println(ctx.getAttributes(dn));
// Close the context when we're done
ctx.close();
}
catch (NamingException e)
{
System.err.println("Context initialization attempt failed");
e.printStackTrace();
}
}
}
--------------------
I am able to authenticate AD using context.PROVIDER_URL as
"ldap://ac007899.shell.com:389";.
I went through the given link:
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
but didn't find it much help. As it talks more about linux and windows
interoperability.
Please let me know, if I am missing anything.
--
choukse
------------------------------------------------------------------------
choukse's Profile: http://forums.techarena.in/member.php?userid=34893
View this thread: http://forums.techarena.in/showthread.php?t=856741
http://forums.techarena.in
.
- Follow-Ups:
- Re: Unable to bind to ADAM using windows account
- From: choukse
- Re: Unable to bind to ADAM using windows account
- References:
- Unable to bind to ADAM using windows account
- From: choukse
- Unable to bind to ADAM using windows account
- Prev by Date: Re: Granting client local admin access via GPO to logged on user o
- Next by Date: Re: Granting client local admin access via GPO to logged on user o
- Previous by thread: Re: Unable to bind to ADAM using windows account
- Next by thread: Re: Unable to bind to ADAM using windows account
- Index(es):
Relevant Pages
|
