MS ADAM authentication with Java app - can authenticate with local ADAM accounts; CANNOT authenticate with proxy accounts sync'd from AD domain
We are having an issue where we cannot authenticate to our Java app with the proxy accounts sync'd from our parent AD domain.
[our environment]
We have an OU within an AD environment, which we have limited rights. In order to maintain security, we stood up a ADAM environment for our internet-facing Java(JBoss) web application. Local accounts in ADAM are for our vendor. We perform ADAMsync to grab the proxy accounts from our AD OU.
[how we have designed it on paper to work]
We have had success with local ADAM accounts. However, we have failed at each login attempt while attempting to use proxy accounts. We did notice that the Java app was coded to use the CN attribute. Furthermore, we noticed that CN=login ID with our local ADAM accounts, per our setting...which differed from the sync'd proxy accounts where CN=First Name, Last Name....obviously this wouldn't work(character limits in login field of app)...so we changed the Java(JBoss) code to use the samAccountName attribute, which is a matched login ID on both sides(ADAM/AD). This still failed. We even attempted to bind using samAccountname attribute during our Adamsync but could not. Lastly, we attempted to use the UserPrincipalName attribute...but that failed as well.
What are we missing guys?!
Please help.
Re: MS ADAM authentication with Java app - can authenticate with local ADAM accounts; CANNOT authenticate with proxy accounts sync'd from AD domain
The API access to LDAP is in Javas (since version 1.3) with the package javax.naming and javax.naming.directory. And for authentication, you must create a person object in the directory that contains several attributes including Uid and Password. You can use standard LDAP predefined classes such as class person or a derived class. If your LDAP directory will not do you as an app, you can store the rights directly as an attribute (multivalued) of your person object.