| Jamie Allison 2006-05-02, 4:06 am |
| Hi All,
I have the below code which is supposed to return a true if the user is
authenticated against active directory and false if the user is not.
This works fine if you send it a correct username and correct password. It
also works if you send it a correct username with an incorrect password. It
also works if you send it an in-correct username with a password.
My problem is that a few accounts in the directory don't have passwords set.
I.e. password is blank. If I send any username without a password then it
always returns true, even if that user has a password set or the user
doesn't exist. Does anyone have any ideas why this is?
<code>
public boolean authenticateUser(String userName, String password){
//Try to log in with the supplied username and password
//If it fails then either the user doesn't exist or the wrong
crudentials where supplied
try{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapConnectionString);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, userName + "@" +
ADName);
env.put(Context.SECURITY_CREDENTIALS, password);
DirContext ctx = new InitialDirContext(env);
return true;
}catch(Exception ex){
//Authentication failed
return false;
}
}
</code>
|