JNDI Authenticate User

From:

"Jamie Allison" <jamie@jamieallison.co.uk>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 2 May 2006 10:25:56 +0100

Message-ID:

<Ar6dnQlcc5Y4uMrZnZ2dnUVZ8sidnZ2d@bt.com>

Hi All,

I have the below code which is supposed to return a true if the user is
authenticated against active directory and false if the user is not.

This works fine if you send it a correct username and correct password. It
also works if you send it a correct username with an incorrect password. It
also works if you send it an in-correct username with a password.

My problem is that a few accounts in the directory don't have passwords set.
I.e. password is blank. If I send any username without a password then it
always returns true, even if that user has a password set or the user
doesn't exist. Does anyone have any ideas why this is?

<code>
public boolean authenticateUser(String userName, String password){
            //Try to log in with the supplied username and password
            //If it fails then either the user doesn't exist or the wrong
crudentials where supplied

            try{
                Hashtable env = new Hashtable();
                env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
                env.put(Context.PROVIDER_URL, ldapConnectionString);

                env.put(Context.SECURITY_AUTHENTICATION, "simple");
                env.put(Context.SECURITY_PRINCIPAL, userName + "@" +
ADName);
                env.put(Context.SECURITY_CREDENTIALS, password);

                DirContext ctx = new InitialDirContext(env);

                return true;
            }catch(Exception ex){
                //Authentication failed
                return false;
            }
        }
</code>