Anonymous_User Absent Member.
Absent Member.
431 views

Determine user identify logged into eDirectory


I am developing a Java web application in the following environment:
SuSe Linux Enterprise Server 11
Tomcat 6.0
Apache 2.0.47

The web application must determine the identity of the user, as logged
into eDirectory (username or email address). The configuration of Apache
and Tomcat is out-of-box, containing no references to eDirectory via
LDAP/JNDI. What is required to have either Apache or Tomcat be able to
query eDirectory and retrieve the username or email address?

Thanks.

Ashwin


--
ashwinkraj
------------------------------------------------------------------------
ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
View this thread: http://forums.novell.com/showthread.php?t=418198

Labels (1)
0 Likes
9 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory


I guess I forgot to mention that users will be logging into the Novell
network using Novell Client for Windows, to access the above mentioned
Java web application.


--
ashwinkraj
------------------------------------------------------------------------
ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
View this thread: http://forums.novell.com/showthread.php?t=418198

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory


There isn't anything you can do via LDAP since your webapp doesn't
interact with the client (user) via LDAP - you're talking to the client
via HTML so to speak. One way is to embed an ActiveX control on the
webpage to query C32 - although no longer supported but you can still
find it on developer.novell.com somewhere.


--
peterkuo
------------------------------------------------------------------------
peterkuo's Profile: http://forums.novell.com/member.php?userid=88
View this thread: http://forums.novell.com/showthread.php?t=418198

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory

In fact there is nothing like "THE username or email address", since a
Client32 can be connected to 0..n trees with 0..n identities.

Depending on the OS you may even have multiple concurrent identities on the
same tree.
However, you can use Java to query the info from your Client32.

See also the comments in this older thread:
http://forums.novell.com/novell-product-support-forums/edirectory/edir-windows/359519-how-get-logged-user-java-applet.html

You'll find the (free) needed Java libraries, sources and JavaDoc on my home
page as "JniClient32"
www.WolfgangSchreiber.de


Good luck

Wolfgang




"ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
news:ashwinkraj.4fl9s7@no-mx.forums.novell.com...
>
> I guess I forgot to mention that users will be logging into the Novell
> network using Novell Client for Windows, to access the above mentioned
> Java web application.
>
>
> --
> ashwinkraj
> ------------------------------------------------------------------------
> ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
> View this thread: http://forums.novell.com/showthread.php?t=418198
>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory


Thanks Wolfgang. I will try this. In the meantime, is there any other
option such as trying to determine user identity based on logged IP
address? I am trying to pursue a cross-platform solution.

Thanks,
Ashwin

Wolfgang Schreiber;2010456 Wrote:
> In fact there is nothing like "THE username or email address", since a
> Client32 can be connected to 0..n trees with 0..n identities.
>
> Depending on the OS you may even have multiple concurrent identities on
> the
> same tree.
> However, you can use Java to query the info from your Client32.
>
> See also the comments in this older thread:
> http://forums.novell.com/novell-product-support-forums/edirectory/edir-windows/359519-how-get-logged-user-java-applet.html
>
> You'll find the (free) needed Java libraries, sources and JavaDoc on my
> home
> page as "JniClient32"
> 'WS Tools (WolfgangSchreiber.de)' (http://www.WolfgangSchreiber.de)
>
>
> Good luck
>
> Wolfgang
>
>
>
>
> "ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
> news:ashwinkraj.4fl9s7@no-mx.forums.novell.com...
> >
> > I guess I forgot to mention that users will be logging into the

> Novell
> > network using Novell Client for Windows, to access the above

> mentioned
> > Java web application.
> >
> >
> > --
> > ashwinkraj
> >

> ------------------------------------------------------------------------
> > ashwinkraj's Profile: 'NOVELL FORUMS - View Profile: ashwinkraj'

> (http://forums.novell.com/member.php?userid=91916)
> > View this thread: 'Determine user identify logged into eDirectory -

> NOVELL FORUMS' (http://forums.novell.com/showthread.php?t=418198)
> >



--
ashwinkraj
------------------------------------------------------------------------
ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
View this thread: http://forums.novell.com/showthread.php?t=418198

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory

Querying eDirectory for the network address may work, but may not always
immediately reflect the logged-in/out status.

Wolfgang

>> > I guess I forgot to mention that users will be logging into the

>> Novell
>> > network using Novell Client for Windows, to access the above

>> mentioned
>> > Java web application.



"ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
news:ashwinkraj.4fsr82@no-mx.forums.novell.com...
>
> Thanks Wolfgang. I will try this. In the meantime, is there any other
> option such as trying to determine user identity based on logged IP
> address? I am trying to pursue a cross-platform solution.
>
> Thanks,
> Ashwin
>
> Wolfgang Schreiber;2010456 Wrote:
>> In fact there is nothing like "THE username or email address", since a
>> Client32 can be connected to 0..n trees with 0..n identities.
>>
>> Depending on the OS you may even have multiple concurrent identities on
>> the
>> same tree.
>> However, you can use Java to query the info from your Client32.
>>
>> See also the comments in this older thread:
>> http://forums.novell.com/novell-product-support-forums/edirectory/edir-windows/359519-how-get-logged-user-java-applet.html
>>
>> You'll find the (free) needed Java libraries, sources and JavaDoc on my
>> home
>> page as "JniClient32"
>> 'WS Tools (WolfgangSchreiber.de)' (http://www.WolfgangSchreiber.de)
>>
>>
>> Good luck
>>
>> Wolfgang
>>
>>
>>
>>
>> "ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
>> news:ashwinkraj.4fl9s7@no-mx.forums.novell.com...
>> >
>> > I guess I forgot to mention that users will be logging into the

>> Novell
>> > network using Novell Client for Windows, to access the above

>> mentioned
>> > Java web application.
>> >
>> >
>> > --
>> > ashwinkraj
>> >

>> ------------------------------------------------------------------------
>> > ashwinkraj's Profile: 'NOVELL FORUMS - View Profile: ashwinkraj'

>> (http://forums.novell.com/member.php?userid=91916)
>> > View this thread: 'Determine user identify logged into eDirectory -

>> NOVELL FORUMS' (http://forums.novell.com/showthread.php?t=418198)
>> >

>
>
> --
> ashwinkraj
> ------------------------------------------------------------------------
> ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
> View this thread: http://forums.novell.com/showthread.php?t=418198
>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory


Thanks Wolfgang. My network administrator also gave a similar comment.
For the initial rollout of the web app, the users will be required to
provide their Novell eDirectory credentials to authenticate themselves
into the application. This is supposed to be very straightforward, but I
have one question regarding the user's DN. We have several OUs
corresponding to location or group and users underneath those OUs.
Something like this:

Code:
--------------------
O=Company
OU=CityA
CN=User1CityA
CN=User2CityA
OU=CityB
CN=User3CityB
--------------------

If I bind to the server for the purpose of authentication, the DN needs
to include the correct OU attribute corresponding to the user. But I
don't know the OU because all I have is a user name and password. This
is preventing me from authenticating via a single bind operation. What
is the recommended approach to authenticating a user in this situation?
Do I need to first bind as an authorized (to query eDirectory) user,
determine the user's DN via a search operation and then bind with that
DN? FYI, I am using the Novell LDAP libraries for Java.

Thanks,
Ashwin

Wolfgang Schreiber;2011218 Wrote:
> Querying eDirectory for the network address may work, but may not
> always
> immediately reflect the logged-in/out status.
>
> Wolfgang
>
> >> > I guess I forgot to mention that users will be logging into the
> >> Novell
> >> > network using Novell Client for Windows, to access the above
> >> mentioned
> >> > Java web application.

>
>
> "ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
> news:ashwinkraj.4fsr82@no-mx.forums.novell.com...
> >
> > Thanks Wolfgang. I will try this. In the meantime, is there any

> other
> > option such as trying to determine user identity based on logged IP
> > address? I am trying to pursue a cross-platform solution.
> >
> > Thanks,
> > Ashwin
> >
> > Wolfgang Schreiber;2010456 Wrote:
> >> In fact there is nothing like "THE username or email address", since

> a
> >> Client32 can be connected to 0..n trees with 0..n identities.
> >>
> >> Depending on the OS you may even have multiple concurrent identities

> on
> >> the
> >> same tree.
> >> However, you can use Java to query the info from your Client32.
> >>
> >> See also the comments in this older thread:
> >>

> http://forums.novell.com/novell-product-support-forums/edirectory/edir-windows/359519-how-get-logged-user-java-applet.html
> >>
> >> You'll find the (free) needed Java libraries, sources and JavaDoc on

> my
> >> home
> >> page as "JniClient32"
> >> 'WS Tools (WolfgangSchreiber.de)' ('WS Tools (WolfgangSchreiber.de)'

> (http://www.WolfgangSchreiber.de))
> >>
> >>
> >> Good luck
> >>
> >> Wolfgang
> >>
> >>
> >>
> >>
> >> "ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
> >> news:ashwinkraj.4fl9s7@no-mx.forums.novell.com...
> >> >
> >> > I guess I forgot to mention that users will be logging into the
> >> Novell
> >> > network using Novell Client for Windows, to access the above
> >> mentioned
> >> > Java web application.
> >> >
> >> >
> >> > --
> >> > ashwinkraj
> >> >
> >>

> ------------------------------------------------------------------------
> >> > ashwinkraj's Profile: 'NOVELL FORUMS - View Profile: ashwinkraj'
> >> ('NOVELL FORUMS - View Profile: ashwinkraj'

> (http://forums.novell.com/member.php?userid=91916))
> >> > View this thread: 'Determine user identify logged into eDirectory

> -
> >> NOVELL FORUMS' ('Determine user identify logged into eDirectory -

> NOVELL FORUMS' (http://forums.novell.com/showthread.php?t=418198))
> >> >

> >
> >
> > --
> > ashwinkraj
> >

> ------------------------------------------------------------------------
> > ashwinkraj's Profile: 'NOVELL FORUMS - View Profile: ashwinkraj'

> (http://forums.novell.com/member.php?userid=91916)
> > View this thread: 'Determine user identify logged into eDirectory -

> NOVELL FORUMS' (http://forums.novell.com/showthread.php?t=418198)
> >



--
ashwinkraj
------------------------------------------------------------------------
ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
View this thread: http://forums.novell.com/showthread.php?t=418198

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory

You can start with an anonymous query if your [Public] rights include the
right to search for the user's CN - if req'd, check the online eDir
documentation on handling the [Public] rights


Wolfgang

"ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
news:ashwinkraj.4fuum1@no-mx.forums.novell.com...
>
> Thanks Wolfgang. My network administrator also gave a similar comment.
> For the initial rollout of the web app, the users will be required to
> provide their Novell eDirectory credentials to authenticate themselves
> into the application. This is supposed to be very straightforward, but I
> have one question regarding the user's DN. We have several OUs
> corresponding to location or group and users underneath those OUs.
> Something like this:
>
> Code:
> --------------------
> O=Company
> OU=CityA
> CN=User1CityA
> CN=User2CityA
> OU=CityB
> CN=User3CityB
> --------------------
>
> If I bind to the server for the purpose of authentication, the DN needs
> to include the correct OU attribute corresponding to the user. But I
> don't know the OU because all I have is a user name and password. This
> is preventing me from authenticating via a single bind operation. What
> is the recommended approach to authenticating a user in this situation?
> Do I need to first bind as an authorized (to query eDirectory) user,
> determine the user's DN via a search operation and then bind with that
> DN? FYI, I am using the Novell LDAP libraries for Java.
>
> Thanks,
> Ashwin
>


0 Likes
jwilleke Trusted Contributor.
Trusted Contributor.

Re: Determine user identify logged into eDirectory

We have never found the network address to be reliable.

We put up some info on it:
http://ldapwiki.willeke.com/wiki/NetworkAddress

-jim

On 8/16/10 3:32 PM, Wolfgang Schreiber wrote:
> Querying eDirectory for the network address may work, but may not always
> immediately reflect the logged-in/out status.
>
> Wolfgang
>
>>> > I guess I forgot to mention that users will be logging into the
>>> Novell
>>> > network using Novell Client for Windows, to access the above
>>> mentioned
>>> > Java web application.

>
>
> "ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
> news:ashwinkraj.4fsr82@no-mx.forums.novell.com...
>>
>> Thanks Wolfgang. I will try this. In the meantime, is there any other
>> option such as trying to determine user identity based on logged IP
>> address? I am trying to pursue a cross-platform solution.
>>
>> Thanks,
>> Ashwin
>>
>> Wolfgang Schreiber;2010456 Wrote:
>>> In fact there is nothing like "THE username or email address", since a
>>> Client32 can be connected to 0..n trees with 0..n identities.
>>>
>>> Depending on the OS you may even have multiple concurrent identities on
>>> the
>>> same tree.
>>> However, you can use Java to query the info from your Client32.
>>>
>>> See also the comments in this older thread:
>>> http://forums.novell.com/novell-product-support-forums/edirectory/edir-windows/359519-how-get-logged-user-java-applet.html
>>>
>>>
>>> You'll find the (free) needed Java libraries, sources and JavaDoc on my
>>> home
>>> page as "JniClient32"
>>> 'WS Tools (WolfgangSchreiber.de)' (http://www.WolfgangSchreiber.de)
>>>
>>>
>>> Good luck
>>>
>>> Wolfgang
>>>
>>>
>>>
>>>
>>> "ashwinkraj" <ashwinkraj@no-mx.forums.novell.com> wrote in message
>>> news:ashwinkraj.4fl9s7@no-mx.forums.novell.com...
>>> >
>>> > I guess I forgot to mention that users will be logging into the
>>> Novell
>>> > network using Novell Client for Windows, to access the above
>>> mentioned
>>> > Java web application.
>>> >
>>> >
>>> > --
>>> > ashwinkraj
>>> >
>>> ------------------------------------------------------------------------
>>> > ashwinkraj's Profile: 'NOVELL FORUMS - View Profile: ashwinkraj'
>>> (http://forums.novell.com/member.php?userid=91916)
>>> > View this thread: 'Determine user identify logged into eDirectory -
>>> NOVELL FORUMS' (http://forums.novell.com/showthread.php?t=418198)
>>> >

>>
>>
>> --
>> ashwinkraj
>> ------------------------------------------------------------------------
>> ashwinkraj's Profile: http://forums.novell.com/member.php?userid=91916
>> View this thread: http://forums.novell.com/showthread.php?t=418198
>>

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Determine user identify logged into eDirectory


Hi Ashwin

I had a similar problem. I solved it using an activex component called
NWDIR.OCX suplied by novell. Place the OCX file on your web server. The
following was placed into a HTML file which then posted the userid to a
Java Server Page to continue.

---------------------------------------------------------------------------------------------
<form name="SSOForm" action="index.jsp" method="POST">
<input type="hidden" name="USERID" value="">
</form>

<object id="NWDir1"
classid="CLSID:4F021AE3-9E98-11D0-A808-00C04FDCD94A"
codebase="http://iis8.cambs.police.uk/NWDIR.OCX"
width="32"
height="32">
<param name = "FullName" values="NDS:\\NDS_TREE\[Root]">
</object>

<!-- Window_Onload is usually used for initialisation sequences
-->
<script language="VBScript">
function Window_OnLoad
dim VBloginID, VBGetIDForm
set VBloginID=document.all("USERID")
<!-- Pick up LoginName will be in format
NDS:\\CAMBRIDGESHIRE_CONSTABULARY\CAMSPOL\HQ\IT\BloggsJ -->
VBloginID.VALUE=NWDir1.LoginName
set VBGetIDForm=document.all("SSOForm")
VBGetIDForm.submit
end function
</script>

---------------------------------------------------------------------------------------------

To do LDAP browsing using java, you'll need the com.novell.ldap.*
packages. The following JSP code carries out a anonymous search of a
specific LDAP tree: Your need to set the ldapHost variable to your LDAP
server.

-----------------------------------------------------------------------------------------------------------------
<%@ page contentType="text/html; charset=iso-8859-1" language="java"
import="java.sql.*" errorPage="" %>
<%@ page import="com.novell.ldap.*" %>
<%@ page import="java.io.UnsupportedEncodingException" %>
<%
try
{

int ldapPort = LDAPConnection.DEFAULT_PORT;
int searchScope = LDAPConnection.SCOPE_ONE;
int ldapVersion = LDAPConnection.LDAP_V3;;
boolean attributeOnly = true;
String attrs[] = {LDAPConnection.NO_ATTRS};
String ldapHost = "barton.cambs.police.uk";
String loginDN = "";
String password = "";
String searchBase = "ou=IT,ou=HQ,o=CAMSPOL";
String searchFilter = "(objectclass=*)";
LDAPConnection lc = new LDAPConnection();


// connect to the server
lc.connect( ldapHost, ldapPort );
// bind to the server
lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );

LDAPSearchResults searchResults =
lc.search( searchBase, // container to search
searchScope, // search scope
searchFilter, // search filter
attrs, // "1.1" returns entry name
only
attributeOnly); // no attributes are returned

// print out all the objects
while ( searchResults.hasMore()) {
LDAPEntry nextEntry = null;
try {
nextEntry = searchResults.next();
}
catch(LDAPException e) {
out.println("Error: " + e.toString());

// Exception is thrown, go for next entry
continue;
}

out.println("\n" + nextEntry.getDN());
}
// disconnect with the server
lc.disconnect();
}
catch( LDAPException e ) {
out.println( "Error: " + e.toString() );
}
catch( UnsupportedEncodingException e ) {
out.println( "Error: " + e.toString() );
}
%>
----------------------------------------------------------------------------------------------------------------


--
dante123
------------------------------------------------------------------------
dante123's Profile: http://forums.novell.com/member.php?userid=96445
View this thread: http://forums.novell.com/showthread.php?t=418198

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.