jyot_singh Posted March 14, 2011 Share Posted March 14, 2011 I am trying to integrate Jasper Server cp-4.0.0 with our Active Directory server. Based on the readings, I've made below edits to the applicationContext-security.xml but was not able to get the authentication work. The error I get is - 2011-03-08 15:10:04,545 WARN LoggerListener,http-8080-4:60 - Authentication event AuthenticationFailureServiceExceptionEvent: jsingh; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 2875CD561ECF9F58A41D3333171FE570; exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772I've tried various combination of the way I'm looking up the AD users but still had no luck. Will appreciate any guidance. Thanks,Jyot Code: <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> <ref bean="${bean.daoAuthenticationProvider}"/> <ref bean="anonymousAuthenticationProvider"/><!-- --> </list> </property> </bean> <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key"><value>foobar</value></property> </bean> <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider"> <!-- jdbcDaoImpl --> <!-- <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> --> <property name="userDetailsService"><ref bean="${bean.internalUserAuthorityService}"/></property> <property name="passwordEncoder"><ref local="passwordEncoder"/></property> </bean> <!-- For LDAP authentication --> <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://adserver:389/dc=hxs,dc=local"/> <!-- You may not need the next properties --> <property name="managerDn"><value>reportingserver</value></property> <property name="managerPassword"><value>password</value></property> <property name="extraEnvVars"> <map> <entry key="java.naming.referral" value="follow"/> </map> </property> </bean> <!-- For LDAP authentication This bean is not used by default --> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(sAMAccountName={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <!-- For LDAP authentication --> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <!--property name="userDnPatterns"><list><value>uid={0}</value></list></property--> <property name="userSearch" ref="userSearch"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg> <constructor-arg index="1"><value></value></constructor-arg> <property name="groupRoleAttribute"><value>cn</value></property> <property name="groupSearchFilter"><value>member={0}</value></property> <!-- <property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property> --> <property name="convertToUpperCase"><value>true</value></property> <property name="rolePrefix"><value></value></property> <property name="searchSubtree"><value>true</value></property> </bean> </constructor-arg> </bean> Link to comment Share on other sites More sharing options...
shmee Posted March 14, 2011 Share Posted March 14, 2011 You need to change your config just a little bit.Code:<property name="extraEnvVars"> <map> <entry key="java.naming.referral" value="follow"/> </map><property>You needed to put:<property name="referral" value="follow" /> Link to comment Share on other sites More sharing options...
jyot_singh Posted March 14, 2011 Author Share Posted March 14, 2011 Thanks. I did try it still getting the same LDAP error code. Link to comment Share on other sites More sharing options...
sjongenelen Posted March 16, 2011 Share Posted March 16, 2011 i used this config (mind the capitalizations!) <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"><constructor-arg value="ldap://mydomain:389/ou=users,dc=mydomain,dc=com"/><property name="userDn"><value>CN=Administrator,CN=Users,DC=somecomp,DC=com</value></property><property name="password"><value>passwordhere</value></property><property name="referral"><value>follow</value></property></bean> this works for a 2003 forest (in my case) also, i've read that some users experience more succes with a java naming referral like:<property name="referral" value="follow"></property> Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now