Skip to Content
author's profile photo Former Member
Former Member

Accessing Portal LDAP with(out) UserManagement API

Hi,

i would like to check from a non-portal applikation the user-data and especially the password of the user in the EP5 Portal LDAP. What is the easiest way to check for the password?

I wonder when i use JNDI (sun) if i can check the password correctly since its encrypted in LDAP and i don't know how it's done (md5?, key?...).

Has anybody done anything similar? Did you do it by using the usermanagement API or simply via JNDI? If you maybe could add some sample code of how to check for the password i would be very glad.

thanks

stefan

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jan 19, 2004 at 07:30 PM

    Here is a snippet of code from an EP5 iView I wrote a long time ago...:

    public void onChange (Event event)

    throws PageException {

    state = RESULT_STATE;

    Hashtable env = new Hashtable();

    InputField userid = (InputField) getComponentByName("userid");

    InputField password = (InputField) getComponentByName("password");

    m_request = (IPortalComponentRequest) getRequest();

    IUserManagementService us = (IUserManagementService) m_request.getService("usermanagement");

    IPortalComponentProfile userProfile = m_request.getComponentContext().getProfile();

    boolean isADS = false;

    String getDC = userProfile.getProperty("useADS");

    if (getDC != null && (getDC.equalsIgnoreCase("yes") || getDC.equalsIgnoreCase("true"))) {

    isADS = true;

    }

    String authSvr = userProfile.getProperty("LDAPHost");

    String root = userProfile.getProperty("LDAPOrg");

    if (authSvr == null || authSvr.length() == 0) {

    IRepositories reps = us.getRepositories();

    IRepository rep = reps.getRepository("Corporate Authentication Server");

    authSvr = "ldap://" + rep.getServer(0) + ":" + rep.getPort(0);

    root = rep.getRoot(0);

    }

    String sPrincID = userProfile.getProperty("LDAPPrincipal");

    if (sPrincID == null || sPrincID.length() == 0) {

    sPrincID = "cn";

    }

    String sUser = userid.getValueAsDataType().toString();

    String sPassword = password.getValueAsDataType().toString();

    mLogin = us.getAuthenticator();

    if ((user = mLogin.getLoggedInUser(m_request.getServletRequest(), m_request.getServletResponse(false), null)) == null) {

    passwordCheck = false;

    return;

    }

    if (isADS==true || sUser.equalsIgnoreCase(user.getId())) { // did they get the ID correct?

    StringBuffer sPrincipal = new StringBuffer();

    if (isADS==true) {

    sPrincipal.append(sUser); // ADS

    } else {

    sPrincipal.append(sPrincID.concat("="));

    sPrincipal.append(sUser);

    sPrincipal.append(", ");

    sPrincipal.append(root);

    }

    if (env.isEmpty()) {

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.PROVIDER_URL, authSvr); // Other

    if (isADS==true) {

    env.put(Context.SECURITY_AUTHENTICATION, "simple");

    }

    env.put(Context.SECURITY_PRINCIPAL, sPrincipal.toString());

    env.put(Context.SECURITY_CREDENTIALS, sPassword);

    }

    try {

    DirContext ctx = new InitialDirContext(env);

    // if we got here, everything is OK...

    passwordCheck = true;

    StringBuffer err = new StringBuffer();

    err.append("Autheticated user principal:");

    err.append(sPrincipal);

    err.append("; pass=" + sPassword);

    err.append(";ldaphost=" + authSvr);

    result = err.toString();

    m_request.getLogger("iview_logger").info("AuthCheckPage: Authcheck OK: " + result);

    } catch (NamingException e) {

    StringBuffer err = new StringBuffer();

    err.append(" Failed to autheticate user principal:");

    err.append(sPrincipal);

    err.append("; pass=" + sPassword);

    err.append(";ldaphost=" + authSvr);

    err.append(";error = " + e.toString());

    String reason = e.getExplanation();

    if ( reason != null && reason.indexOf("error code 49") != -1 ) {

    //Invalid password

    err.append("WARNING, USER PROVIDED INCORRECT PASSWORD");

    } else if ( reason != null && reason.indexOf("password expired") != -1 ) {

    err.append("WARNING, USER HAS EXPIRED ACCOUNT");

    } else {

    err.append(e);

    }

    result = err.toString();

    m_request.getLogger("iview_logger").warning("AuthCheckPage: Authcheck failed: " + result);

    failedCheck = true;

    passwordCheck = false;

    }

    } else {

    failedCheck = true;

    passwordCheck = false;

    result = "User ID is not the same as the logged in user";

    }

    }

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.