baseDN problem

**mihai.patrascu** · Sep 6th, 2006, 05:18 AM

Hi, i've got a problem in the sense that i try to connect to an Active Directory server. I have set the baseDN in the folowing way:

Code:

   <bean id="userContextSource" class="org.springframework.ldap.support.LdapContextSource">
         <property name="authenticationSource"
                   ref="ldapUserAuthService"/>
         <property name="url" value="ldap://192.168.16.196:389"/>
         <property name="base" value="CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro" />
   </bean>

ldapUserAuthService is a bean for a class that implements AuthenticationSource.

Problem is that i cannot auth against the AD, if from ldapUserAuthService

Code:

public String getPrincipal() {
        return "CN=Administrator";
}

the method returns only this relative name.

If I return the full DN: CN=Administrator, CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro it works.

and it is confirmed by the post "If you are using the distinguished name form, even if your initial LDAP Context URL is something like:

"LDAP://mydc.antipodes.com:389/OU=IT Admins,DC=Antipodes,DC=Com"

you cannot just use the Relative Distingusihed Name (RDN)

"CN=John Smith", you must use the full distinguished name:

"CN=John Smith,OU=IT Admins,DC=Antipodes,DC=Com"

on http://forum.java.sun.com/thread.jsp...sageID=2736182

Ok, they way i thought of getting over it was that i will need to override the method in AbstractContextSource

Code:

protected void setupAuthenticatedEnvironment(Hashtable env) {
        env
                .put(Context.SECURITY_PRINCIPAL, authenticationSource
                        .getPrincipal());
        log.debug("Principal: '" + userName + "'");
        env.put(Context.SECURITY_CREDENTIALS, authenticationSource
                .getCredentials());
    }

to .put(Context.SECURITY_PRINCIPAL, username + baseDN);
But how can i get my hands on baseDN since base is private and there is no getter for it?
But i guess my solution of overriding the method may be a wrong one and there is a more simpler, logical solution.

**rasky** · Sep 6th, 2006, 06:33 AM

There's probably no elegant way to go about it at the moment.

As you say, in the general case there is really no connection between the base path and the serurity principal. This is because the base path is for convenience in LDAP operations and it's quite possible (and not uncommon) that the security principal is placed elsewhere in the LDAP tree.

It really should be the AuthenticationSource's responsibility to return the full DN, but I realize it would be awkward to supply the base path to that instance as well.

There is a workaround, not all that ugly. We store away the base DN in the environment for use in DefaultDirObjectFactory, so you can retrieve it from there:

Code:

protected void setupAuthenticatedEnvironment(Hashtable env) {
  DistinguishedName baseName = (DistinguishedName) env.get(DefaultDirObjectFactory.JNDI_ENV_BASE_PATH_KEY);
  if(baseName == null){
    baseName = DistringuishedName.EMPTY_PATH;
  }
  baseName.append(authenticationSource.getPrincipal());
  env.put(Context.SECURITY_PRINCIPAL, baseName.toString());
  env.put(Context.SECURITY_CREDENTIALS, authenticationSource
                .getCredentials());
}

That should work for the time being. We'll add a protected getter for you to get the base path in a subclass in a future version.

**mihai.patrascu** · Sep 6th, 2006, 07:16 AM

Thanks for the answer guys.

Thread: baseDN problem

Thread Tools

Display

baseDN problem

Posting Permissions