kchanna Posted June 29, 2010 Share Posted June 29, 2010 Hi Guys,Hope someone can help me with this one.I am running JasperServer Pro 3.7 on RHEL. I am configuring it to authenticate against a Windows 2003 AD. I have confirmed that the LDAP service is running on the AD and can connect using an Softerra LDAP browser.Authentication bean looks like this: <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> <ref local="daoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> <!--ref local="jaasAuthenticationProvider"/--> </list> </property> </bean> The context source config looks like this: <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://10.0.3.21:389/dc=entitysolutions,dc=local"/> <property name="userDn"><value>cn=Application Authenticator,cn=Users,dc=entitysolutions,dc=local</value></property> <property name="password"><value>Password_1</value></property> </bean> The user 'Application Authenticator' is a basic AD user which can browse the LDAP directory easily using the external utility (See 1.jpg)To locate the users, I have made the following modifications: <!-- For LDAP authentication This bean is not used by default --> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"><value>cn=Users</value></constructor-arg> <constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg> <constructor-arg index="2"><ref local="ldapContextSource" /></constructor-arg> <property name="searchSubtree"><value>true</value></property> </bean> The below code i.e. the first constuctor, I haven't modified, please advise if any modifications have to be made? <!-- For LDAP authentication --> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <!-- <property name="userDnPatterns"><list><value>uid={0}</value></list></property> --> <property name="userSearch"><ref local="userSearch"/> </property> </bean> </constructor-arg> I have however modified the second constructor which is as below:<constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg> <constructor-arg index="1"><value>cn=Builtin</value></constructor-arg> <property name="groupRoleAttribute"><value>cn</value></property> <property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property> <property name="searchSubtree"><value>true</value></property> </bean></constructor-arg> needless to say the authentication isnt working when I try to log in as JasperTest, and in the log, I get the below message: 2010-06-29 14:14:26,775 WARN LoggerListener,http-8080-Processor24:60 - Authentication event AuthenticationFailureBadCredentialsEvent: JasperTest; details: com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails@0: RemoteIpAddress: 10.0.3.249; SessionId: 358C8EEA5CC208C4E0532E7BCDC64539; exception: Bad credentials Any help will be greatly appreciated:Cheers Kamran 1.jpg - Screen grab of LDAP Browser2.jpg - Screen grab of the ADPost Edited by kchanna at 06/29/2010 06:05 Link to comment Share on other sites More sharing options...
sjongenelen Posted July 12, 2010 Share Posted July 12, 2010 Im having the same issue, your config seems about right..two things i could think of: first; make absolutely sure your capitals are rightsecond; i think the bad credentials is due to the bad credentials of the (in your case) application authenticator. In JS 3.5 i had the encrypt these credentials, but since 3.7 JS is using a new bean for LDAP authentication Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now