views:

177

answers:

0

Hello folks

I have an issue here, I guess you all know what is AD service account and why it is used for, if not please see the below description ? SSL-Explorer requires a dedicated Active Directory account to use for authenticating AD users. This account serves as a link to your Active Directory database. If the Service Account is not found on your AD database then the SSL-Explorer service will not start.

Well I have Active Directory service account details and user submitted login/password details.In the code below I validated service account by giving MEMBER_GRPUP and adminPassword and I check whether the user exists in Active Directory by submitting samaaccountname but my question here is how do I validate the password submitted for that user? I am not sure how to do this, I appreciate if anybody has any suggestions on this. Thanks for your time.

 public boolean validateUserFromActiveDirectory(String userId) {
            final String MEMBER_GROUP = "CN=asdadasd,OU=asdasdasd Accounts,OU=adasdas,OU=asdasdas,DC=asdasdas,DC=asdasdas,DC=adasdasd,DC=asdasdasd";
    String employeeNumber = "";
    final String LDAP_INIT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
    final String LDAP_URL = "ldap://xx-ssssssss.eee.eee.eeeee.eeeee:636";
    final String MY_ATTRS[] = { "employeeNumber" };
    String adminPassword = "somepassword";
    String securityProtocol = "ssl";
    boolean isValidUser = false;
    try {

          Hashtable env = new Hashtable();
          env.put(Context.INITIAL_CONTEXT_FACTORY, LDAP_INIT_CTX);
          env.put(Context.PROVIDER_URL, LDAP_URL);
          env.put(Context.SECURITY_AUTHENTICATION, "simple");
          env.put(Context.REFERRAL, "follow");
          env.put(Context.SECURITY_PRINCIPAL, MEMBER_GROUP);
          env.put(Context.SECURITY_CREDENTIALS, adminPassword);
          env.put(Context.SECURITY_PROTOCOL, securityProtocol);

    //C:\Documents and Settings\yourusername\Local Settings\Temp
    File tf = File.createTempFile("adentTruststore", ".jks");
    tf.deleteOnExit();
    byte buffer[] = new byte[0x1000];
       ClassLoader cl = JNDI.class.getClassLoader();
    InputStream in = cl.getResourceAsStream(
            "someTruststore.jks");
    FileOutputStream out = new FileOutputStream(tf);
    int cnt;
    while ((cnt = in.read(buffer)) != -1)
        out.write(buffer, 0, cnt);
    in.close();
    out.close();
    System.setProperty("javax.net.ssl.trustStore", tf
                    .getAbsolutePath());

          DirContext context = new InitialLdapContext(env, null);
          SearchControls searchControls = new SearchControls();
          searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
          NamingEnumeration results = context.search(
                      "XX=ent,XX=abc,XX=aaaaa,XX=aaaa", "(sAMAccountName="
                                  + userId + ")", searchControls);

          if (results != null && results.hasMore()) {
              //some logic

                }
          }
    } catch (Exception e) {
          e.printStackTrace();
    }
    return isValidUser;

}