Java, LDAP: Make it not ignore blank passwords?
- by Steve
I'm maintaining some legacy Java LDAP code. I know next to nothing about LDAP.
The program below basically just sends the userid and password to the LDAP server, receives notification back if the credentials are good. If so, it prints out the LDAP attributes received from the LDAP server, if not it prints out an exception.
All works well if a bad password is given. An "invalid credentials" exception gets thrown. However, if a blank password is sent to the LDAP Server, authentication will still happen, LDAP attributes will still be returned.
Is this unhappy situation due to the LDAP server allowing blank passwords, or does the code below need to be adjusted such a blank password will get fed to the LDAP server in such a way so it will get rejected?
I do have data validation in place. I took it off in a testing environment to solve another issue and noticed this problem. I would prefer not to have this problem underneath the data validation.
Thanks much in advance for any information
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
import java.sql.*;
public class LDAPTEST {
public static void main(String args[]) {
String lcf = "com.sun.jndi.ldap.LdapCtxFactory";
String ldapurl = "ldaps://ldap-cit.smew.acme.com:636/o=acme.com";
String loginid = "George.Jetson";
String password = "";
DirContext ctx = null;
Hashtable env = new Hashtable();
Attributes attr = null;
Attributes resultsAttrs = null;
SearchResult result = null;
NamingEnumeration results = null;
int iResults = 0;
int iAttributes = 0;
env.put(Context.INITIAL_CONTEXT_FACTORY, lcf);
env.put(Context.PROVIDER_URL, ldapurl);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=" + loginid + ",ou=People,o=acme.com");
env.put(Context.SECURITY_CREDENTIALS, password);
try {
ctx = new InitialDirContext(env);
attr = new BasicAttributes(true);
attr.put(new BasicAttribute("uid",loginid));
results = ctx.search("ou=People",attr);
while (results.hasMore()) {
result = (SearchResult)results.next();
resultsAttrs = result.getAttributes();
for (NamingEnumeration enumAttributes = resultsAttrs.getAll(); enumAttributes.hasMore();) {
Attribute a = (Attribute)enumAttributes.next();
System.out.println("attribute: " + a.getID() + " : " + a.get().toString());
iAttributes++;
}// end for loop
iResults++;
}// end while loop
System.out.println("Records == " + iResults + " Attributes: " + iAttributes);
}// end try
catch (Exception e) {
e.printStackTrace();
}
}// end function main()
}// end class LDAPTEST