I'm not sure if this is a case that's just for my location, or if this will help others, but it seems reasonable to post:
The TIBCO JasperReports® Server documentation for Active Directory Authentication appears to have a problem - they have you setup the UserSearch with the sAMAccountName, but then have the authentication attempt using the property "userDnPatterns", which never uses the sAMAccountName, but instead, attempts to use the value of the AccountName as the Distinguished Name. This might work on rare occasion, but mostly doesn't.
To use the sAMAccountName, you must follow the instructions for the usersearch, but change the AuthenticationProvider property. Here's mine
<bean id="ldapAuthenticationProvider"
class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg>
<ref local="ldapContextSource"/>
</constructor-arg>
<property name="userSearch" ref="userSearch" />
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0">
<ref local="ldapContextSource"/>
</constructor-arg>
<constructor-arg index="1">
<value></value>
</constructor-arg>
<property name="groupRoleAttribute" value="title"/>
<property name="groupSearchFilter" value="(uid={1})"/>
<property name="searchSubtree" value="true"/>
<!-- Can setup additional external default roles here <property name="defaultRole" value="LDAP"/> -->
</bean>
</constructor-arg>
</bean>
The main difference is that I replaced
<property name="userDnPatterns">
<list>
<value>uid={0},ou=users</value>
</list>
</property>with
<property name="userSearch" ref="userSearch" />
Rest of the instructions make it come together.
Recommended Comments
There are no comments to display.