Active directory 2008 R2 integration

[jsantiago]

We have unsuccesfully tried to integrate our JasperServer with our Server 2008 R2 AD organization. These are the contents for the configuration file (applicationContext-externalAuth-LDAP.xml) :

 

<bean id="ldapAuthenticationProvider"      class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">  <constructor-arg>    <bean      class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">      <constructor-arg><ref local="ldapContextSource"/></constructor-arg>      <property name="userDnPatterns">        <list>          <value>uid={0},ou=users</value>        </list>      </property>    </bean>  </constructor-arg>  ...</bean><bean id="ldapContextSource"      class="org.springframework.security.ldap.JSLdapContextSource">  <constructor-arg value="ldap://ad1.contoso.com:389/dc=contoso,dc=com"/>  <property name="userDn"><value>cn=Administrator,dc=contoso,dc=com</value></property>  <property name="password"><value>Password</value></property></bean><bean id="userSearch"      class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">  <constructor-arg index="0"><value><span class="Forceful">cn=Users</span></value></constructor-arg>  <constructor-arg index="1"><value><span class="Forceful">(sAMAccountName={0})</span></value></constructor-arg>  <constructor-arg index="2"><ref local="ldapContextSource"/></constructor-arg>  <property name="searchSubtree"><value>true</value></property></bean>[/code]

Once the server is restarted it dows not just fail to login, it gives a 404 Tomcat Error.

The "Administrator" user is part of the Builtin "Administrators" group.

 

When the server starts, there is a new entry displaying the following error when reading applicationContext-externalAuth-LDAP.xml file:

2014-07-02 13:15:07,165 ERROR ContextLoader,localhost-startStop-1:318 - Context initialization failedorg.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:Line 1 in XML document from ServletContext resource[/WEB-INF/applicationContext-externalAuth-LDAP.xml] is invalid; nestedexception is org.xml.sax.SAXParseException: cvc-elt.1.a: Cannot find thedeclaration of element 'bean'.[/code]

 

Regards.

 

EDIT:

 

Ok, we hve been testing anc checking this and "some" progress has been mande. Apparently AD binds. The user is checked (as per the user fulter search) and do found (we introduce the sAMAccountName string, i.e johndoe@contoso.com.

 

We have a sample user who is part of a group following this schema:

DOMAIN > OU=jasperusers > GROUP=jasper_users

DOMAIN > OU=CityX > OU=Users >OU = it > CN = jhondoe

This is what the log says:

2014-07-04 16:21:37,696 DEBUG SpringSecurityLdapTemplate,http-bio-0.0.0.0-80-exec-3:214 - Found DN: cn=John Doe,ou=IT,ou=Users,ou=CityX

2014-07-04 16:21:39,873 DEBUG BindAuthenticator,http-bio-0.0.0.0-80-exec-3:106 - Attemptimg to bind as cn=John Doe,ou=IT,ou=Users,ou=CityX,dc=contoso,dc=com

And afther that error code 49 is triggered

2014-07-04 16:21:39,959 DEBUG BindAuthenticator,http-bio-0.0.0.0-80-exec-3:142 - Failed to bind as cn=John Doe,ou=IT,ou=Users,ou=CityX,dc=contoso,dc=com: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]
 

Any ideas?.