Integrating Active Directory with Jasper Server

[jyot_singh]

I am trying to integrate  Jasper Server cp-4.0.0 with our Active Directory server. Based on the readings, I've made below edits to the applicationContext-security.xml but was not able to get the authentication work. The error I get is - 

2011-03-08 15:10:04,545  WARN LoggerListener,http-8080-4:60 - Authentication event AuthenticationFailureServiceExceptionEvent: jsingh; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 2875CD561ECF9F58A41D3333171FE570; exception: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772

I've tried various combination of the way I'm looking up the AD users but still had no luck. Will appreciate any guidance.

 

Thanks,

Jyot

 

  

Code:

    <!-- ======================== AUTHENTICATION ======================= -->    <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">        <property name="providers">            <list>                 <ref local="ldapAuthenticationProvider"/> 				  <ref bean="${bean.daoAuthenticationProvider}"/>                <ref bean="anonymousAuthenticationProvider"/><!--				-->                           </list>        </property>    </bean>     <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">        <property name="key"><value>foobar</value></property>    </bean>     <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">        <!-- jdbcDaoImpl -->         <!-- <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> -->        <property name="userDetailsService"><ref bean="${bean.internalUserAuthorityService}"/></property>        <property name="passwordEncoder"><ref local="passwordEncoder"/></property>    </bean>             <!--   For LDAP authentication    -->   <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">     <constructor-arg value="ldap://adserver:389/dc=hxs,dc=local"/>        <!--     You may not need the next properties	 -->	      <property name="managerDn"><value>reportingserver</value></property>     <property name="managerPassword"><value>password</value></property>	 <property name="extraEnvVars">		<map>		<entry key="java.naming.referral" value="follow"/>		</map>		</property>	       </bean>       <!--    For LDAP authentication   This bean is not used by default      -->   <bean id="userSearch"            class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">     <constructor-arg index="0">       <value></value>     </constructor-arg>     <constructor-arg index="1">       <value>(sAMAccountName={0})</value>     </constructor-arg>     <constructor-arg index="2">       <ref local="ldapContextSource" />     </constructor-arg>                 <property name="searchSubtree">       <value>true</value>     </property>               </bean>                        <!--   For LDAP authentication      -->   <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">     <constructor-arg>       <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">          <constructor-arg><ref local="ldapContextSource"/></constructor-arg>          <!--property name="userDnPatterns"><list><value>uid={0}</value></list></property-->          <property name="userSearch" ref="userSearch"/>       </bean>     </constructor-arg>     <constructor-arg>       <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">          <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>          <constructor-arg index="1"><value></value></constructor-arg>          <property name="groupRoleAttribute"><value>cn</value></property>		  <property name="groupSearchFilter"><value>member={0}</value></property>		  <!--          <property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property>          -->		  <property name="convertToUpperCase"><value>true</value></property>          <property name="rolePrefix"><value></value></property>          <property name="searchSubtree"><value>true</value></property>                 </bean>     </constructor-arg>   </bean>

[shmee]

You need to change your config just a little bit.

Code:

<property name="extraEnvVars">   <map>      <entry key="java.naming.referral" value="follow"/>   </map><property>You needed to put:<property name="referral" value="follow" />

[jyot_singh]

 Thanks. I did try it still getting the same LDAP error code. 

[sjongenelen]

i used this config (mind the capitalizations!)

 

 <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://mydomain:389/ou=users,dc=mydomain,dc=com"/>

<property name="userDn"><value>CN=Administrator,CN=Users,DC=somecomp,DC=com</value></property>
<property name="password"><value>passwordhere</value></property>
<property name="referral"><value>follow</value></property>
</bean>

 

this works for a 2003 forest  (in my case)

 

also, i've read that some users experience more succes with a java naming referral like:

<property name="referral" value="follow"></property>