johnhenry Posted May 9, 2011 Share Posted May 9, 2011 Im having a few issues trying to get Active Directory integration working reliably in JasperServer 4 with our 2003 Windows domain using LDAP.I have managed to authenticate and log in before with the applicationContext-security.xml file I have attached. Though it seems that it is very intermittent.So far, out of around 100 login attempts, only a half a dozen or so have actually succeeded. (setting not changed between login attempts). The rest just return the error as shown in the attached log file.There are times when simple restarting the jasper services allows me to log in temporarily with AD authentication, but its very flakey. Does anyone have any ideas as to what might be causing such unreliable authentication? Link to comment Share on other sites More sharing options...
f_chas01 Posted May 9, 2011 Share Posted May 9, 2011 Check following things.1) Check if you really can use- <property name="userDn"> <value>Administrator</value> FAs far as I know you have to use a Full DN Name as a value. Here is the example:<property name="userDn"><value>CN=Servicer Serv,CN=Users,DC=corp,DC=ama-eve,DC=dyndns,DC=org</value></property> 32) Check the userSearch bean. I am quite sure that the reason for bad credentials error is caused by not being able to find the user. Try to change <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">- <constructor-arg index="0"> <value>OU=xxxxxxxx,OU=xxxxx,OU=xxxxxxxxxx</value> t to <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">- <constructor-arg index="0"> <value></value> It will alow to search in the entire tree. 3) if it does not help try to turn on the logs for following packages. It will give you a bit more information.log4j.logger.com.jaspersoft.jasperserver.multipleTenancy.MTUserAuthorityServiceImpl=DEBUG, stdout, fileoutlog4j.logger.org.springframework.security.ldap=DEBUG, stdout, fileoutlog4j.logger.org.springframework.security.providers.dao=DEBUG, stdout, fileoutlog4j.logger.org.springframework.security.userdetails.ldap=DEBUG, stdout, fileoutlog4j.logger.org.springframework.security.ui.webapp=DEBUG, stdout, fileoutlog4j.logger.org.springframework.security.event.authentication=DEBUG, stdout, fileout Let me know, if it does not work for you. Post Edited by f_chas01 at 05/09/2011 11:08 Link to comment Share on other sites More sharing options...
johnhenry Posted May 9, 2011 Author Share Posted May 9, 2011 Surely if it finds the users full name (displayed immediately after the 'Getting authorities for user' log entries) then it has found the user in the active directory. Doesn't that mean that the initial credentials and user search are ok?Alas, the first and second suggestions you made didn't make any difference...Im about to turn on the extra logging and see if I can spot anything. I will post up a copy also. Link to comment Share on other sites More sharing options...
johnhenry Posted May 9, 2011 Author Share Posted May 9, 2011 All logging modules have been turned on as suggested and the output created upon a login attempt (which ultimately failed of course) has been attached.(I haven't edited the log this time as I dont think they contain anything that could be a security risk as all.)Thank you by the way for your help. Post Edited by johnhenry at 05/09/2011 12:30 Link to comment Share on other sites More sharing options...
f_chas01 Posted May 9, 2011 Share Posted May 9, 2011 It seems to fail while searching for the groups the user is assigned to (in the AD)Try to check following things.1) Change the default ldapContextSource for searching for groups. <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">- ...- <constructor-arg index="1"> <value /> </constructor-arg>Here is an example:<constructor-arg index="1"><value>cn=Users</value></constructor-arg>In the Spring Security API it is said that you have to provide this parameter. In other case the search function will not work.2) Check and recheck whether you can access your entire AD with the account you use to bind with AD. It might be that it is restricted in some way. (try LDAP Browser as a Tool) When the roles are found you will see the following message:2011-05-09 11:46:26,718 DEBUG DefaultLdapAuthoritiesPopulator,http-8484-3:202 - Searching for roles for user ....2011-05-09 11:46:26,718 DEBUG SpringSecurityLdapTemplate,http-8484-3:148 - Using filter: ...2011-05-09 11:46:26,734 DEBUG DefaultLdapAuthoritiesPopulator,http-8484-3:210 - Roles from search: [LAWUSER, LOCALUSER] Post Edited by f_chas01 at 05/09/2011 12:53 Link to comment Share on other sites More sharing options...
johnhenry Posted May 9, 2011 Author Share Posted May 9, 2011 Brilliant!!!! Adding cn=Users under the DefaultLdapAuthoritiesPopulator bean appears to have solved the problem.I have added the working file to help anyone else if they are having any problems connecting Jasper Server 4 to a Microsoft Active Directory. Link to comment Share on other sites More sharing options...
f_chas01 Posted May 9, 2011 Share Posted May 9, 2011 I am glad it worked for you. Link to comment Share on other sites More sharing options...
johnhenry Posted May 9, 2011 Author Share Posted May 9, 2011 Thanks for your help, its greatly appreciated! Link to comment Share on other sites More sharing options...
eckris1 Posted July 7, 2011 Share Posted July 7, 2011 Hi ,Thanks for your refernce regarding AD -Jasper integration.I am newbbie to this Jasper application.Took reference of your " applicationContext-security.xml" file and trying to integrate jasper to AD.While I am trying to login with jasper I am getting the following error 2011-07-07 16:07:11,211 WARN LoggerListener,http-8080-2:60 - Authentication event AuthenticationFailureBadCredentialsEvent: username; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 10.11.3.173; SessionId: 6C78B91BA951E322B3DC1D67623CE833; exception: Bad credentials. What could it be?I have no clue why im getting all these errors, I tried to read as much threads but still i'm completely lost in this case.Appreciate some help from more experienced users. Link to comment Share on other sites More sharing options...
gedmf Posted April 30, 2012 Share Posted April 30, 2012 Hi eckris,Did you manage to resolve your authentication problem? I seem to be stuck with a similar problem and was wondering what steps you took in addition to those in the earlier posts.RegardsGedMF Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now