directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arvind N <Arvin...@citrix.com>
Subject RE: Using LDAPConnection class...
Date Mon, 06 Sep 2010 13:53:54 GMT
> -----Original Message-----
> From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On
> Behalf Of Kiran Ayyagari
> Sent: Monday, September 06, 2010 7:08 PM
> To: api@directory.apache.org
> Subject: Re: Using LDAPConnection class...
> 
> On Mon, Sep 6, 2010 at 6:51 PM, Arvind N <Arvind.N@citrix.com> wrote:
> > Hi,
> >   Just downloaded the ldap client api version 0.1 and wrote sample
> program to
> > connect to a Active Directory seem to hit a weird problem.
> > The tutorial does not provide much info so thought of checking in the
> list.
> > Do let me know if I have got the wrong list.
> >
> > The piece that is failing is
> >
> >                        LdapConnection connection = new
> LdapConnection(svrIP, new Integer(svrPort));
> >                        BindRequest request = new BindRequest();
> >                        request.setCredentials(password);
> >                        request.setName("cn=Arvind N");
> >                        BindResponse resp = connection.bind(request);
> >                        LdapResult result = resp.getLdapResult();
> >                        System.out.println("the error message is " +
> result.getErrorMessage());
> >
> > For this I always get an error message
> > ** the error message is 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece **
> > Googled quite a bit to not avail and to dig deeper hit ethereal.
> > Noticed that in the LDAP protocol extract, the bind request had
> something like this
> > ....
> > DN: cn=Arvind N
> > ..
> >
> > To cross verify if I had done anything wrong...
> >
> > I downloaded a java based LDAP browser JXplorer and provided the same
> input of
> > User DN of "Arvind N" and the same credentials and it logged in just
> fine
> > In this login ethereal trace noticed the below difference... and this
> seems to work always...
> >
> > ....
> > DN: Arvind N
> > .....
> >
> >
> > Other then the above difference I did not notice any other difference
> in the LDAP packet
> > between JXplorer(Which logged in just fine) and Apache LDAP Client
> API( failed to login)....
> > Do let me know how can I make Apache LDAP client API to send DN: as
> plain DN: Arvind N,
> > which I think should make the thing work just fine...

> client-api requires the user name in the form of a DN so 'Arvind N'
> cannot be used as it is not a valid DN. JXplorer must be doing some
> behind the scenes work to make it work with AD.

I have the ethereal trace of both the calls, and the only difference is
in the first call itself, when JXplorer was sending plain "Arvind N"
as DN where as Apache LDAP client API was forcing me to attach a variable
to "Arvind N" and was putting whatever I was sending as the value of DN

~A



Mime
View raw message