Contexts

Is the context safe for multithreaded access, or do I need to lock/synchronize access to a context?
The answer depends on the implementation. This is because the Context and DirContext interfaces do not specify synchronization requirements. Sun's LDAP implementation is optimized for single-threaded access. If you have multiple threads accessing the same Context instance, then each thread needs to lock the Context instance when using it. This also applies to any NamingEnumeration that is derived from the same Context instance. However, multiple threads can access different Context instances (even those derived from the same initial context) concurrently without locks.
Why does the LDAP provider ignore my security environment properties if I do not set the Context.SECURITY_CREDENTIALS ("java.naming.security.credentials") property or set it to the empty string?
If you supply an empty string, an empty byte/char array, or null to the Context.SECURITY_CREDENTIALS environment property, then an anonymous bind will occur even if the Context.SECURITY_AUTHENTICATION property was set to "simple". This is because for simple authentication, the LDAP requires the password to be nonempty. If a password is not supplied, then the protocol automatically converts the authentication to "none".
Why do I keep getting a CommunicationException when I try to create an initial context?
You might be talking to a server that supports only the LDAP v2. See the Miscellaneous lesson for an example of how to set the version number.
I'm seeing some strange behavior. How do I find out what's really going on?
Try using the "com.sun.jndi.ldap.trace.ber" environment property. If the value of this property is an instance of java.io.OutputStream, then trace information about BER buffers sent and received by the LDAP provider is written to that stream. If the property's value is null, then no trace output is written.
For example, the following code will send the trace output to System.err.
env.put("com.sun.jndi.ldap.trace.ber", System.err);
How do I use a different authentication mechanism such as Kerberos?
Follow the instructions in the GSS-API/Kerberos v5 Authentication section in the Security lesson for information on how to use Kerberos authentication. To use other authentication mechanisms, see the Using Arbitrary SASL Mechanisms section.

Frequently Asked Questions

Contexts

Is the context safe for multithreaded access, or do I need to lock/synchronize access to a context?

Why does the LDAP provider ignore my security environment properties if I do not set the `Context.SECURITY_CREDENTIALS` (`"java.naming.security.credentials"`) property or set it to the empty string?

Why do I keep getting a `CommunicationException` when I try to create an initial context?

I'm seeing some strange behavior. How do I find out what's really going on?

How do I use a different authentication mechanism such as Kerberos?

Contexts

Is the context safe for multithreaded access, or do I need to lock/synchronize access to a context?

Why does the LDAP provider ignore my security environment properties if I do not set the Context.SECURITY_CREDENTIALS ("java.naming.security.credentials") property or set it to the empty string?

Why do I keep getting a CommunicationException when I try to create an initial context?

I'm seeing some strange behavior. How do I find out what's really going on?

How do I use a different authentication mechanism such as Kerberos?

Why does the LDAP provider ignore my security environment properties if I do not set the `Context.SECURITY_CREDENTIALS` (`"java.naming.security.credentials"`) property or set it to the empty string?

Why do I keep getting a `CommunicationException` when I try to create an initial context?