Running the ActiveDirectoryServer sample

The ActiveDirectoryServer sample application implements an LDAPS proxy server for communications with Microsoft Active Directory.

  • Run the proxy server on the computer hosting Microsoft Active Directory because it authenticates itself to Microsoft Active Directory using simple authentication.

  • Clients should not connect directly to Microsoft Active Directory using simple authentication because this protocol requires sending a clear Microsoft Windows login over the network.

  • NT LAN Manager (NTLM) authentication is not supported because client applications written in Java cannot access the Microsoft Windows login context.

To run this sample, execute the following command line in the etjava/examples directory.

java -classpath classes;../lib/enttoolkit.jar com.entrust.toolkit.examples.activeDirectory.ActiveDirectoryServer data/activeDirectory/activeDirectoryProxy.properties <epf_file)> <epf_pwd> [-dir <ad_ip>] [-AD <ad_user> <ad_pwd>] [-pki <ra_ip>]

Parameter

Value

<epf_file>

The path of an Entrust user profile in .epf file format.

<epf_pwd>

The password for accessing the Entrust profile.

<ad_ip>

The hostname of IP address of the Microsoft Active Directory for which this application will act as a proxy.

<ad_user>

The name of a Microsoft Active Directory user

<ad_pwd>

The password of the Microsoft Active Directory user

<ra_ip>

The IP address of the Registration Authority of the PKI to which the user belongs (optional).

For example:

C:\etjava\examples>java -classpath classes;../lib/enttoolkit.jar com.entrust.toolkit.examples.activeDirectory.ActiveDirectoryServer data/activeDirectory/activeDirectoryProxy.properties EntrustUser.epf Passw0rd -dir localhost -AD WindowsUserName WindowsPassword -pki localhost
 
Warning: This proxy uses Simple Authentication to Active Directory.
Run this proxy on same computer as Active Directory or on a computer
that has a secure network connection to it.
 
Continue (y/n) ?
y
 
"WindowsUserName" is attempting to connect to Active Directory...
Windows user "WindowsUserName" has authenticated to Active Directory.
Logging in to: EntrustUser.epf
Loading data/activeDirectory/activeDirectoryProxy.properties
No root folder specified
...connecting to X.500 Directory at localhost:389
Connected !
host IP address: 127.0.0.1
port: 443
host name: localhost
SSL is enabled
client authentication is required
not serving files
serving LDAP from : "localhost:389"
message trace=1
SSL trace=0
thread and memory trace=0
logging will go to stdout
socket timeout (millisecs): 1000000000
initial number of client handlers: 30
garbage collection interval (number of messages): 30
time period during which SSL sessions may be resumed (secs.): 60
time interval at which SSL session cache will be resized (secs.): 20
 
Listening for SSL on server socket localhost/127.0.0.1:443