The Java Naming and Directory Interface (JNDI) is the standard Java API for multiple naming and directory services such as Lightweight Directory Access Protocol (LDAP).
Active Directory is a group of network services like account authentication and it supports LDAP. Therefore, you can write a Java program using JNDI in order to obtain the account credentials in the Active Directory of a Windows Server. Here comes the example.
I have already setup Windows Server with Active Directory and created my account there.
The following Java program could connect to the above Windows Server through LDAP. Please note that you have to use the User logon name (username@domain) for Context.SECURITY_PRINCIPAL.
LdapContextCreation.java
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class LdapContextCreation {
public static void main(String[] args) {
try {
// Create a LDAP Context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "ykyuen@cecid03server.hku.hk");
env.put(Context.SECURITY_CREDENTIALS, "your password here");
env.put(Context.PROVIDER_URL, "ldap://cecid-03server:389");
LdapContext ctx = new InitialLdapContext(env, null);
System.out.println("Connection Successful.");
// Print all attributes of the name in namespace
Attributes attributes = null;
attributes = ctx.getAttributes(ctx.getNameInNamespace());
for (NamingEnumeration ae = attributes.getAll(); ae.hasMoreElements();) {
Attribute attr = (Attribute)ae.next();
String attrId = attr.getID();
for (NamingEnumeration vals = attr.getAll(); vals.hasMore();) {
String thing = vals.next().toString();
System.out.println(attrId + ": " + thing);
}
}
ctx.close();
} catch (NamingException e) {
System.out.println("LDAP Connection: FAILED");
e.printStackTrace();
}
}
}
Done =)
Reference: Active Directory Access Authentication using LDAP and Java
Eureka! 
Hi,
There is a requirement for my application to support multiple AD instances(replica). That means authentication against secondary AD instance if primary would be down. Please suggest how can I implement the same using java. As the above example only connect to one instance at a time and if we want to connect o another instance we need to change the code.env.put(Context.PROVIDER_URL, “ldap://cecid-03server:389”);
But I m looking for a way so that code will handle the switching.
Thanks
Ravinder
LikeLike
Hi Ravinder,
That’s really out of my knowledge. What i found in Google is…
Java LDAP will switch to the next URL in context if it couldn’t make the connection. But this is only valid when the LdapContext has not yet initialized.
Reference: switching LDAP contexts for failover
In order words, you can set the server URL as follow
Reference: LDAP Failover
If it cannot make the connection with ldap://ldap1, then it will try ldap://ldap2 and so on. but once the connection is setup, there is switching mechanism to handle failover. If you really wants to do client side failover, i found this proprietary library. UnboundID – LDAP SDK for Java
Kit
LikeLike
Hi all,
I’m Rahayya. I have done as suggested to switching LDAP failover. But it’s took more than 10 mins to open my website to look for the secondary LDAP. Any suggestion for my problem. Please help me.
Thank you.
LikeLike
I suggest you to check what are being done during that 10 mins. do you know where is the bottleneck?
LikeLike