views:

3436

answers:

2

You can see in the following posts

http://forums.sun.com/thread.jspa?threadID=603815

http://forums.devshed.com/ldap-programming-76/active-directory-services-using-java-api-89586.html an example of accessing LDAP using the InitialLdapContext class in Java. This requires a login and a password to be passed in. (Even though the service account or user running the java process has already logged in to be able to run.)

As the user or service account is already logged in - they can already run active directory commands like the following without a user name or password:

dsquery user -samid "login" |dsget user -samid -email -display

So why does Java need the login and a password - if this query is already available to windows? Kosuke hints that it is not required in this blog post under conclusion:

http://weblogs.java.net/blog/kohsuke/archive/2008/06/more_active_dir.html

My question is - how can we call active directory in java without:

  • using a login or password (running under an account that is already logged in)?
  • executing a command on the command line?
+2  A: 

This probably occurs because

  • You are using LDAP libraries/contexts to communicate with Active Directory, and these libraries need to support other types of LDAP (does AD even count as LDAP?)
  • The providers of these implementations are the ones requiring it. LDAP communication is done through providers that supply the implementation, it's not done by the actual Java runtime.
  • The current user's password is not (I hope) actually provided by Windows to Java.

When Windows authenticates you against AD as you run applications that require it, it presents some other set of credentials besides your actual password. These credentials are not available in Java, or at least none of the providers of LDAP communicators have provided a way to retrieve it.

In his other blog post on the subject Kohsuke expands a bit more on why things are the way they are in Java-land when it comes to Active Directory.

matt b
A: 

Also you can look into the below link to find detailed instruction to make Windows Integrated Authentication working in Java Platform.

http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/

Venkat
Will this work in a non-web environment - say for a a command line application?
hawkeye
No. This example is only for web with Internet Explorer.
Venkat