AD Authentication in 7.1 Community Edition

[ndavis_1]

When I try to log in with AD credentials, I get the following error: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:

 

I assume the object can't be found due to some sort of permission error, or I'm pointing to the wrong DN.  Including my applicationContext-externalAuth-LDAP.xml file for reference.  Not sure what I'm doing wrong here.  

 

 

<!--  ~ Copyright © 2005 - 2018 TIBCO Software Inc.  ~ http://www.jaspersoft.com.  ~  ~ This program is free software: you can redistribute it and/or modify  ~ it under the terms of the GNU Affero General Public License as published by  ~ the Free Software Foundation, either version 3 of the License, or  ~ (at your option) any later version.  ~  ~ This program is distributed in the hope that it will be useful,  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the  ~ GNU Affero General Public License for more details.  ~  ~ You should have received a copy of the GNU Affero General Public License  ~ along with this program.  If not, see <https://www.gnu.org/licenses/>.  --><beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xsi:schemaLocation="http://www.springframework.org/schema/beans                           http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">    <!-- ############ LDAP authentication ############      - Sample configuration of external authentication via an external LDAP server.    -->    <bean id="proxyAuthenticationProcessingFilter"          class="com.jaspersoft.jasperserver.api.security.EncryptionAuthenticationProcessingFilter"          parent="authenticationProcessingFilter">        <property name="authenticationManager">            <ref local="ldapAuthenticationManager"/>        </property>        <property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />    </bean>    <bean id="proxyRequestParameterAuthenticationFilter"          class="com.jaspersoft.jasperserver.war.util.ExternalRequestParameterAuthenticationFilter"          parent="requestParameterAuthenticationFilter">        <property name="authenticationManager">            <ref local="ldapAuthenticationManager"/>        </property>        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>    </bean>    <bean id="externalAuthSuccessHandler"          class="com.jaspersoft.jasperserver.api.security.externalAuth.JrsExternalAuthenticationSuccessHandler"          parent="successHandler">        <property name="externalDataSynchronizer">            <ref local="externalDataSynchronizer"/>        </property>    </bean>    <bean id="proxyBasicProcessingFilter"          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter"          parent="basicProcessingFilter">        <property name="authenticationManager" ref="ldapAuthenticationManager"/>        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>    </bean>    <bean id="ldapAuthenticationManager"          class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager">        <property name="providers">            <list>                <ref local="ldapAuthenticationProvider"/>                <ref bean="${bean.daoAuthenticationProvider}"/>                <!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate                    is set to true                <ref bean="anonymousAuthenticationProvider"/>                -->            </list>        </property>    </bean>    <bean id="ldapAuthenticationProvider"          class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">        <constructor-arg>            <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">                <constructor-arg><ref local="ldapContextSource"/></constructor-arg>                <property name="userSearch" ref="userSearch"/>            </bean>        </constructor-arg>        <constructor-arg>            <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">                <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>                <constructor-arg index="1">                    <value>OU=Groups,OU=RollaMO-N,OU=CR,DC=**,DC=***,DC=***</value>                </constructor-arg>                <property name="groupRoleAttribute" value="CN"/>                <property name="groupSearchFilter" value="(&(member={0})(objectclass=group)(cn=Jasper*))"/>                <property name="searchSubtree" value="true"/>                <!-- Can setup additional external default roles here  <property name="defaultRole" value="LDAP"/> -->            </bean>        </constructor-arg>    </bean>    <bean id="userSearch"          class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">        <constructor-arg index="0">            <value>OU=Users,OU=RollaMO-N,OU=CR,DC=**,DC=***,DC=***</value>        </constructor-arg>        <constructor-arg index="1">            <value>(&(sAMAccountName={0}))</value>        </constructor-arg>        <constructor-arg index="2">            <ref local="ldapContextSource" />        </constructor-arg>        <property name="searchSubtree">            <value>true</value>        </property>    </bean>    <bean id="ldapContextSource"          class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">        <constructor-arg value="ldap://******:389/dc=**,dc=***,dc=***"/>         <property name="userDn">         <value>             CN=igskrdcn-nix2,OU=Service Accounts,OU=Users,OU=RollaMO-N,OU=CR,DC=**,DC=**,DC=**         </value>         </property>         <property name="password"><value>****</value></property>    </bean>    <!-- ############ LDAP authentication ############ -->    <!-- ############ JRS Synchronizer ############ -->    <bean id="externalDataSynchronizer"          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">        <property name="externalUserProcessors">            <list>                <ref local="externalUserSetupProcessor"/>                <!-- Example processor for creating user folder-->                <!--<ref local="externalUserFolderProcessor"/>-->            </list>        </property>    </bean>    <bean id="abstractExternalProcessor"          class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor"          abstract="true">        <property name="repositoryService" ref="${bean.repositoryService}"/>        <property name="userAuthorityService" ref="${bean.userAuthorityService}"/>        <property name="tenantService" ref="${bean.tenantService}"/>        <property name="profileAttributeService" ref="profileAttributeService"/>        <property name="objectPermissionService" ref="objectPermissionService"/>    </bean>    <bean id="externalUserSetupProcessor"          class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor"          parent="abstractExternalProcessor">        <!--Default permitted role characters; others are removed. Change regular expression to allow other chars.                    <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->        <property name="userAuthorityService">            <ref bean="${bean.internalUserAuthorityService}"/>        </property>        <property name="defaultInternalRoles">            <list>                <value>ROLE_USER</value>            </list>        </property>        <property name="organizationRoleMap">            <map>                <!-- Example of mapping customer roles to JRS roles -->                <entry>                    <key>                        <value>ROLE_IGSGRollaMO-N Jasper Reports Users</value>                    </key>                    <!-- JRS role that the <key> external role is mapped to-->                    <value>ROLE_ADMINISTRATOR</value>                </entry>            </map>        </property>    </bean>    <!-- EXAMPLE Processor    <bean id="externalUserFolderProcessor"          class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor"          parent="abstractExternalProcessor">        <property name="repositoryService" ref="${bean.unsecureRepositoryService}"/>    </bean>    -->    <!-- ############ JRS Synchronizer ############ --></beans>[/code]

 

[ndavis_1]

FYI, I'm a government contractor, so the *'s are intentional.  Just need anyone with the knowhow to chime in on the rest of the syntax.  Thanks!

[aalqinneh]

Did you figure this one out, i'm having the same issue.

[administrator_19]

I found a solution in another post. 

    <bean id="proxyBasicProcessingFilter"

          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter" parent="basicProcessingFilter">

        <constructor-arg index="0" ref="ldapAuthenticationManager"/>

        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>

    </bean>

Delete the line: 

<property name="authenticationManager" ref="ldapAuthenticationManager"/>

That worked for me. on version 7.5.0