Unable to log in with JS default users after configuring LDAP

[gkaechelin]

  Hi All.

I successfully configured LDAP and am able to log into JS server with my LDAP credentials. However, even though I have left the original daoAuthProvider and anonymous provider in place, I can no longer log in using any of the default credentials. My understanding is that if the LDAP auth fails, the default should then be attempted.

I've included the auth manager and LDAP configuration below. All other applicationContext-security.xml config has be untouched.

I've also attached a clean log file which seems to show that the LDAP auth is being attempted with "superuser" but the default auth is not being executed.

Any ideas would be greatly appreciated.

Thanks.

Gus

Code:

	<!-- ======================== AUTHENTICATION ======================= -->	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">		<property name="providers">			<list>				<ref local="ldapAuthenticationProvider" />				<ref bean="${bean.daoAuthenticationProvider}" />				<ref bean="anonymousAuthenticationProvider" />				<!--ref local="jaasAuthenticationProvider"/ -->			</list>		</property>	</bean>	<!-- ********** LDAP CONFIGURATION START ********** -->	<bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">		<constructor-arg value="ldap://localhost:10389/ou=users,ou=system" />		<property name="userDn">			<value>uid=admin,ou=system</value>		</property>		<property name="password">			<value>secret</value>		</property>	</bean>	<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">		<constructor-arg index="0">			<value></value>		</constructor-arg>		<constructor-arg index="1">			<value>(uid={0})</value>		</constructor-arg>		<constructor-arg index="2">			<ref local="ldapContextSource" />		</constructor-arg>		<property name="searchSubtree">			<value>true</value>		</property>	</bean>	<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">		<constructor-arg>			<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">				<constructor-arg>					<ref local="ldapContextSource" />				</constructor-arg>				<property name="userDnPatterns">					<list>						<value>uid={0}</value>					</list>				</property>				<property name="userSearch" ref="userSearch" />			</bean>		</constructor-arg>		<constructor-arg>			<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">				<constructor-arg index="0">					<ref local="ldapContextSource" />				</constructor-arg>				<constructor-arg index="1">					<value></value>				</constructor-arg>				<property name="groupRoleAttribute">					<value>cn</value>				</property>				<property name="groupSearchFilter">					<value>(&(member={0})(objectclass=groupOfNames))</value>				</property>				<property name="searchSubtree">					<value>true</value>				</property>			</bean>		</constructor-arg>	</bean>

[mikewoinoski]

The log indicates that the ldapAuthenticationProvider is throwing an exception when it can't authenticate the user, which might break the provider chain. Maybe the ldapAuthenticationProvider needs to be the last provider in the chain.

[gkaechelin]

 Hi and thanks for the quick response!

That was it. I moved teh ldap authenticator to be the last in the auth manager series and works great now. I can log in using both my LDAP users and teh defult JS users.

 

Thanks again!

Gus