Java LDAP password authentication

The below search term seems to return match if a user simply exists in the active directory:

NamingEnumeration<SearchResult> ne = dirContext.search(
                        baseDN,
                        userO开发者_Go百科bjectQuery,
                        new String[] { userName },
                        SearchControls)

The userObjectQuery is like userObjectQuery=(&(sAMAccountName=%u)(objectclass=user))

Where %u above will be substituted by the username.

How do I make sure that the users password also matches and only then return true?

Once you find the user using your search code, you can get the user's full DN with getNameInNamespace()

Then you can bind as that full DN and password to authenticate.