f_chas01 Posted May 3, 2011 Share Posted May 3, 2011 I am trying to get my JasperServer authentication work with the ActiveDirectory. I encountered a problem which I can not solve for a long time. It would be great if someone could take a look on it.There is an error message in the jasperserver.log:"2011-05-03 15:17:41,104 WARN LoggerListener,http-8484-6:60 - Authentication event AuthenticationFailureBadCredentialsEvent: Administrator; details: com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: A5CD18C104C8CCD410A414B718CFEBC8; exception: Bad credentials"Here is detailed Information on my System configuration:I am using 2 machines in the same local network. 1) WindowsServer 2008 with an ActiveDirectory on it. 2) JasperServer configured to authenticate via ldap.The configuration of ActiveDirectory can be seen here:http://img218.imageshack.us/img218/7347/adconfiguration.pngI am able to acces ActiveDirectory on the JasperServer machine using LDAPAdministrator. Providing the following credentials I can browse the AD tree:http://img585.imageshack.us/img585/7297/ldapadmin.pngThe connection configuration is here:applicationContext-security.xml...<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> <ref bean="${bean.daoAuthenticationProvider}"/> <ref bean="anonymousAuthenticationProvider"/> </list> </property> </bean>...<bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://192.168.5.101:389/dc=corp,dc=ama-eve,dc=dyndns,dc=org"/> <property name="userDn"><value>CN=Administrator,CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value></property> <property name="password"><value>mypassword</value></property> </bean>...I tried following:- Changing the userDN value - same error- Trying to use user accounts which are not existing in AD - same error- Trying to disable ldap authentication by commenting <ref local="ldapAuthenticationProvider"/> - same error- I do restart the JasperServer each time after making changesThe fact that there is always the same error which is the same for the case when no ldap authentication is configured wonders me. Post Edited by f_chas01 at 05/03/2011 14:53Post Edited by f_chas01 at 05/03/2011 14:55 Link to comment Share on other sites More sharing options...
f_chas01 Posted May 4, 2011 Author Share Posted May 4, 2011 Here are the steps I made. As I sad the configuration of my System is:-Active Directory on Windows Server 2008 with the domain corp.ama-eve.dyndns.org-I am able to bind to Active Directory on the machine where my WebApp is. For binding I use LDAP Administrator. The LDAP URL used in LDAP Administrator is ldap://192.168.5.101:389/DC=corp,DC=ama-eve,DC=dyndns,DC=org??one?(objectClass=*)-Anonym browsing of AD is forbidden. For browsing ldap folders I can use different principals like: CN=Administrator,CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org (Administrator@corp.ama-eve.dyndns.org) or CN=service_acc,CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org (service_acc@corp.ama-eve.dyndns.org)I have added the ldap provider in applicationContext-security.xml: <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list><ref local="ldapAuthenticationProvider"/> <ref bean="${bean.daoAuthenticationProvider}"/> <ref bean="anonymousAuthenticationProvider"/></list> </property> </bean>I have entered the correct ldap url (Spring Security can connect to the ldap since it reacts on entering wrong ldap url): <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://192.168.5.101:389/DC=corp,DC=ama-eve,DC=dyndns,DC=org"/> <property name="userDn"><value>CN=service_acc,CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value></property> <property name="password"><value>MyPassword</value></property> </bean>I use userSearch for finding users: <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <property name="userSearch" ref="userSearch"/> </bean> </constructor-arg> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"><value>CN=Users</value></constructor-arg> <constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg> <constructor-arg index="2"><ref local="ldapContextSource"/></constructor-arg> <property name="searchSubtree"><value>true</value></property> </bean> Symptoms:- When I try to connect using credentials from ldap I get this:2011-05-04 16:07:30,160 WARN LoggerListener,http-8484-5:60 - Authentication event AuthenticationFailureBadCredentialsEvent: Administrator; details: com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: D5043C32241F76C089F3D182546C5239; exception: Bad credentials- I've tried to change userDn for ldap bind to Administrator@corp.ama-eve.dyndns.org - nothing happens.- Any changes to UserDN and Password in ldapContextSource have no effect. (logging in log4j.properties is set to log4j.logger.org.springframework.security.providers.ldap=ALL, stdout, fileout)- Adding userDnPatterns to BindAuthenticator:<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <property name="userDnPatterns"> <list> <value>sAMAccountName={0}, CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value> <value>sAMAccountName={0}, OU=Sales,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value> <value>sAMAccountName={0}, OU=accounts,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value> </list> </property> <property name="userSearch" ref="userSearch"/> </bean> </constructor-arg>...generate following log output:2011-05-04 16:07:29,988 DEBUG BindAuthenticator,http-8484-5:117- Failed to bind as sAMAccountName=Administrator, CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 ]2011-05-04 16:07:30,020 DEBUG BindAuthenticator,http-8484-5:117 - Failed to bind as sAMAccountName=Administrator, OU=Sales,DC=corp,DC=ama-eve,DC=dyndns,DC=org: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 ]2011-05-04 16:07:30,051 DEBUG BindAuthenticator,http-8484-5:117 - Failed to bind as sAMAccountName=Administrator, OU=accounts,DC=corp,DC=ama-eve,DC=dyndns,DC=org: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771 ]- I have tried to change<value>sAMAccountName={0}, CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value> to<value>sAMAccountName={0}, CN=Users</value>no effect.-I have tried to change first constr argument in FilterBasedLdapUserSearch from<constructor-arg index="0"><value>CN=Users</value></constructor-arg>to<constructor-arg index="0"><value></value></constructor-arg>no effect.- Changes in FilterBasedLdapUserSearch does not provide additional log output so I can't trace it. Post Edited by f_chas01 at 05/04/2011 14:29Post Edited by f_chas01 at 05/04/2011 14:39 Link to comment Share on other sites More sharing options...
steelwall Posted August 22, 2012 Share Posted August 22, 2012 I have the same type of problem. Did you find any solution for this? Link to comment Share on other sites More sharing options...
lisacbeaton Posted November 1, 2012 Share Posted November 1, 2012 I'm also having the same problem. Any luck? Link to comment Share on other sites More sharing options...
jsantiago Posted July 4, 2014 Share Posted July 4, 2014 Hi!. Same problem here..any news? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now