Binding to Domino LDAP using an LtpaToken to authenticate

HCL Domino Domino Forum
1

Hi there, Subject line says it all… I have a LtpaToken and want to make access our Domino Ldap directory in the context of that user. I don’t have access to the users password. Is their anyway to make this work?

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,

    "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, “ldap://nameserver:636”);

env.put(Context.SECURITY_AUTHENTICATION,“simple”);

env.put(Context.SECURITY_PRINCIPAL,“CN=Damon Rand/OU=Dept/O=My Org”); // specify the username

env.put(Context.SECURITY_CREDENTIALS, PASSWORD); // specify the password

env.put(Context.SECURITY_PROTOCOL,“ssl”);

System.out.println(“Starting”);

DirContext ctx = new InitialDirContext(env);

System.out.println(“Connected”);

I tried setting SECURITY_AUTHENTICATION to “ltpa” which didn’t work and I tried passing the LtpaToken as the password which also didn’t work.

Regards,

Damon.

2

Subject: Binding to Domino LDAP using an LtpaToken to authenticate

In what kind of server environment are you trying this exercise?

  • Anti Ohne -
3

Subject: RE: Binding to Domino LDAP using an LtpaToken to authenticate

Hi, We are running 6.5.3 under Windows. Pure Domino, no Websphere (for now).

Damon.

4

Subject: RE: Binding to Domino LDAP using an LtpaToken to authenticate

OK, but what kind of application are you writing that use this LDAP construction within this environment? If you are using a Java agent within Domino I suppose (I have no Java agent knowledge) there is an easier way to do the authentication.

In your first post you said the following: ‘I tried setting SECURITY_AUTHENTICATION to “ltpa” which didn’t work and I tried passing the LtpaToken as the password which also didn’t work’. Watch out! A LTPA token contains the following information in an encrypted way:

  • User ID

  • Expiration time (not to be confused with the cookie expiration information, the expiration time sets a time limit for expiration with 30 minutes being the default)

  • Digital signature to authenticate the token

Supplying the token as the password will not work because the token also contains the user id.

To read some more information about the LtpaToken check these URL’s. I even noticed some sample Java code in the second article:

  • Anti Ohne -