48817

LDAP/Java auth: How to specify workstation?

Developer FAQ 4

Question:

We have a small LAN where each user is logging into Windows via Active Directory server. I want to be able to authenticate users from Java code in the same way. I was doing this in the following way:

Hashtable <String, String> env = new Hashtable <>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://192.168.0.1:389"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "user1"); env.put(Context.SECURITY_CREDENTIALS, "pass1")); env.put(Context.REFERRAL, "ignore"); try { new InitialDirContext(env).close(); return true; } catch (AuthenticationException ex) { return false; }

where user1 and pass1 was user credentals.

That worked fine until local administrator restricted access by explicitly setting a list of allowed workstations for each user. Now users are still able to log into Windows, but my code (executed on allowed workstation) produces

javax.naming.AuthenticationException: [LDAP: error code 49 - ...: LdapErr: ..., comment: AcceptSecurityContext error, data 531, ...]

where <a href="https://confluence.atlassian.com/display/CONFKB/LDAP+Error+Code+49" rel="nofollow">"data 531" means "not permitted to logon at this workstation"</a>.

So the question is: how should I authenticate a user on LDAP server when user's allowed workstations are set? Should I somehow pass current workstation to the LDAP server or what?

Answer1:

Allowed workstations parameter is set in the AD in <strong>userWorkstations</strong> attribute.

So you may need to set the server name that hosts your java code to the <strong>userWorkstations</strong> attribute in the AD for the login user.

Refere to below link for more details

<a href="https://stackoverflow.com/questions/18766158/cant-get-connection-with-ad-from-java-code/18767613#18767613?newreg=854061f7965244399fec2b7757c3b325" rel="nofollow">Can't get connection with AD from Java code</a>

Answer2:

<blockquote>

I want to be able to authenticate users from Java code in the same way.

</blockquote>

Then you want Kerberos and not LDAP bind.

Similar

Exception Using PayPal-PHP-SDK [Http response code 400]

Exception Using PayPal-PHP-SDK [Http response code 400]

hooking another program's calls to winapi functions in vb.net

hooking another program's calls to winapi functions in vb.net

error 500 for .htaccess error

error 500 for .htaccess error

How to get data from Tab in Tabpane JavaFX

How to get data from Tab in Tabpane JavaFX

How do I use Identity Server with .NET Core 2.1?

How do I use Identity Server with .NET Core 2.1?

socket buffer size: pros and cons of bigger vs smaller

socket buffer size: pros and cons of bigger vs smaller

Does RAILS have GROUP BY…WITH ROLLUP query?

Does RAILS have GROUP BY…WITH ROLLUP query?

Android dialog background with corner radius has layered background

Android dialog background with corner radius has layered background

How to remove IE toolbar and menu bar

How to remove IE toolbar and menu bar

Good way to ensure that a property on a UserControl gets set?

Good way to ensure that a property on a UserControl gets set?

How to Play Youtube video in webview in iphone?

How to Play Youtube video in webview in iphone?

Disable/Enable applicationbar Button in runtime with event textchanged (Windows Phone)

Disable/Enable applicationbar Button in runtime with event textchanged (Windows Phone)

Does facebook use comet or ajax for its notifications?

Does facebook use comet or ajax for its notifications?

Ajax with slide effects onready witout using a toolkit

Ajax with slide effects onready witout using a toolkit

Change file names before uploading with SWFUpload

Change file names before uploading with SWFUpload

Loading an array from a .txt file? (Android)

Loading an array from a .txt file? (Android)

Trouble with input using scanf()

Trouble with input using scanf()

PHP form dropdown containing options based on SQL data

PHP form dropdown containing options based on SQL data

Uiimage as photolibrary file or camera

Uiimage as photolibrary file or camera

A few XmlElement attributes on a property C#

A few XmlElement attributes on a property C#

How can I verify that a variable is a number in Python?

How can I verify that a variable is a number in Python?

Developer FAQ 4

Goback Developer FAQ 4

Recommend

  • Find BASE DN from LDAP directory context object
  • How to find most similar terms/words of a document in doc2vec? [duplicate]
  • How to retrieve “windows active directory - attributes id's ” in java?
  • Repeated inserts with Primary key, foreign key
  • how to create a list of span for a given array
  • How to startActivity from Options Menu
  • iMacros javascript nested loops in firefox
  • Is there a way to query if array field contains a certain value in Doctrine2?
  • Renaming file by its name and date using batch file
  • Copying Data from an Excel File in Word using Word VBA
  • How to make NAnt send an email using a real account
  • Post message php, error, please suggest a change
  • Restricting file access to certain users
  • How to get a normalised slope of a trend
  • postgres aggregate join matches to an array field
  • SharePoint - Claims Based Authentication - New user use-case
  • VBA pass cell value to Print dialogue box
  • AWS Creating POST policy base64 encoded + signature
  • Authentication with custom authenticator via Azure Mobile Services and cordova app
  • Excel macro to save pptx as pdf; error with code
  • Returning custom fields in MongoDB
  • App to web video calling using Sinch
  • ASp.Net MVC routing
  • Ruby CSV - Illegal quoting in line 1. CSV::MalformedCSVError
  • Take column of string data in pandas dataframe and split into separate columns
  • How do I prevent malicious javascript in V8 (with Python)
  • The signature of pandas scatter_matrix method
  • c# merge objects
  • Finding mutual friend sql
  • dilemma on the use of inheritance in EF code-first
  • Define the file path from the file name in R
  • MonoTouch Dialog. Buttons with the Elements API
  • Socket io in node app on google app engine
  • R Split data.frame using a column that represents and on/off switch
  • Can I programmatically choose the Android layout folder?
  • Not able to aggregate on nested fields in elasticsearch
  • Unable to install Git-core+svn by MacPorts
  • Django simple Captcha “No module named fields” error
  • Could not find rake using whenever rails
  • Can Visual Studio XAML designer handle font family names with spaces as a resource?