Boris Gisselere Posted November 20, 2013 Share Posted November 20, 2013 I configure 2 types of LDAP one with CAS is doing well, but the other one without CAS doesn't work .. it stops like this : 2013-11-20 15:03:06,987 DEBUG FilterBasedLdapUserSearch,TP-Processor11:109 - Searching for user 'test', with user search [ searchFilter: '(& (cn={0}) (employeeType=*STATS_CONSULT*))', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]2013-11-20 15:03:06,987 DEBUG FilterBasedLdapUserSearch,TP-Processor11:109 - Searching for user 'test', with user search [ searchFilter: '(& (cn={0}) (employeeType=*STATS_CONSULT*))', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]2013-11-20 15:03:07,025 DEBUG SpringSecurityLdapTemplate,TP-Processor11:197 - Searching for entry in under DN 'ou=personnes,o=ADALIS,dc=inpes,dc=com', base = '', filter = '(& (cn={0}) (employeeType=*STATS_CONSULT*))'2013-11-20 15:03:07,025 DEBUG SpringSecurityLdapTemplate,TP-Processor11:197 - Searching for entry in under DN 'ou=personnes,o=ADALIS,dc=inpes,dc=com', base = '', filter = '(& (cn={0}) (employeeType=*STATS_CONSULT*))'2013-11-20 15:03:07,032 DEBUG SpringSecurityLdapTemplate,TP-Processor11:214 - Found DN: cn=test2013-11-20 15:03:07,032 DEBUG SpringSecurityLdapTemplate,TP-Processor11:214 - Found DN: cn=testAnd we don't have any further information on what is wrong.Any idea ? For example with CAS authentication we've got :2013-11-20 11:38:34,959 DEBUG SpringSecurityLdapTemplate,TP-Processor9:214 - Found DN: cn=adminStats2013-11-20 11:38:34,959 DEBUG SpringSecurityLdapTemplate,TP-Processor9:214 - Found DN: cn=adminStatsand after that :2013-11-20 11:38:34,983 DEBUG DefaultLdapAuthoritiesPopulator,TP-Processor9:176 - Getting authorities for user cn=adminStats,ou=personnes,o=A_A,dc=inpes,dc=com2013-11-20 11:38:34,983 DEBUG DefaultLdapAuthoritiesPopulator,TP-Processor9:176 - Getting authorities for user cn=adminStats,ou=personnes,o=A_A,dc=inpes,dc=cometc ... Here is a part of my configuration : <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"><constructor-arg><bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"><constructor-arg><ref local="ldapContextSource"/></constructor-arg><property name="userSearch" ref="userSearch"/></bean></constructor-arg><constructor-arg><bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"><constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg><constructor-arg index="1"><value></value></constructor-arg><property name="groupRoleAttribute" value="title"/><property name="groupSearchFilter" value="(cn={1})"/><property name="searchSubtree" value="true"/><!-- Can setup additional external default roles here <property name="defaultRole" value="LDAP"/> --></bean></constructor-arg></bean> <bean id="userSearch"class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"><constructor-arg index="0"><value></value></constructor-arg><constructor-arg index="1"><value>(& (cn={0}) (employeeType=*STATS_CONSULT*))</value></constructor-arg><constructor-arg index="2"><ref local="ldapContextSource" /></constructor-arg><property name="searchSubtree"><value>true</value></property></bean> Link to comment Share on other sites More sharing options...
d.moonen Posted November 21, 2013 Share Posted November 21, 2013 Did you set referral to follow in the ldapContextSource like mentioned on the Secure Active Directory/LDAP/LDAPS Authentication for Groups wiki? Link to comment Share on other sites More sharing options...
Boris Gisselere Posted November 21, 2013 Author Share Posted November 21, 2013 I didn't had set referral to follow before ... so i tried it .. but still blocked :-( On the other hand I put more logs in log4j.properties and did have this : 2013-11-21 11:18:23,327 DEBUG SpringSecurityLdapTemplate,TP-Processor10:214 - Found DN: cn=adminStats2 2013-11-21 11:18:23,330 DEBUG BindAuthenticator,TP-Processor10:106 - Attemptimg to bind as cn=adminStats2,ou=personnes,o=ADALIS,dc=inpes,dc=com 2013-11-21 11:18:23,330 DEBUG BindAuthenticator,TP-Processor10:106 - Attemptimg to bind as cn=adminStats2,ou=personnes,o=ADALIS,dc=inpes,dc=com 2013-11-21 11:18:23,333 DEBUG BindAuthenticator,TP-Processor10:142 - Failed to bind as cn=adminStats2: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] 2013-11-21 11:18:23,333 DEBUG BindAuthenticator,TP-Processor10:142 - Failed to bind as cn=adminStats2: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] 2013-11-21 11:18:23,334 DEBUG ProviderManager,TP-Processor10:183 - Authentication attempt using com.jaspersoft.jasperserver.multipleTenancy.MTDaoAuthenticationProvider 2013-11-21 11:18:23,334 DEBUG ProviderManager,TP-Processor10:183 - Authentication attempt using com.jaspersoft.jasperserver.multipleTenancy.MTDaoAuthenticationProvider 2013-11-21 11:18:23,373 WARN LoggerListener,TP-Processor10:60 - Authentication event AuthenticationFailureBadCredentialsEvent: adminStats2; details: com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails@b364: RemoteIpAddress: 160.92.7.69; SessionId: 32BC22B906AD965BB53C4B56FB90FF75.37DEE6C137D5D7C53E8C8EC6; exception: Bad credentials 2013-11-21 11:18:23,373 WARN LoggerListener,TP-Processor10:60 - Authentication event AuthenticationFailureBadCredentialsEvent: adminStats2; details: com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails@b364: RemoteIpAddress: 160.92.7.69; SessionId: 32BC22B906AD965BB53C4B56FB90FF75.37DEE6C137D5D7C53E8C8EC6; exception: Bad credentials We're thinking that LDAP user are created by an application which encrypt password before saving it in LDAP. So, in the case of CAS connection, our CAS had a extra class passwordEncoder to match with the one of LDAP. So maybe it comes from here and we have to try to do the same with Jaspersoft before attempting connection to LDAP ? By the way, I tried to create an user direct in LDAP with clear password and it didn't work either .. so I'm still wondering what is the solution for this case ? Link to comment Share on other sites More sharing options...
Solution Boris Gisselere Posted November 25, 2013 Author Solution Share Posted November 25, 2013 We did it. So it was what we suspected the other day .. we just took the part of code to encrypt password which was used in Creating users application in LDAP, ans do we made a single jar of it, and implemented it with this code in application context file : <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <property name="userSearch" ref="userSearch"/> <property name="passwordEncoder" ref="OurPasswordEncoder"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg> <constructor-arg index="1"><value></value></constructor-arg> <property name="groupRoleAttribute" value="title"/> <property name="groupSearchFilter" value="(cn={1})"/> <property name="searchSubtree" value="true"/> <!-- Can setup additional external default roles here <property name="defaultRole" value="LDAP"/> --> </bean> </constructor-arg> </bean> <bean class="our.jasper.auth.encoding.JasperPasswordEncoder" id="OurPasswordEncoder"/> Link to comment Share on other sites More sharing options...
k.mertic Posted June 27, 2014 Share Posted June 27, 2014 I am having the same issue. Did you end up creating a custom password encoder. How did you find your LDAP's encoding procedures? Thanks in advance Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now