jsantiago

Hi, Apparently the jasperserver we have is able to find users but tries to log in with the CN instead of the sAMAcountName (we have a Server 2008 R2 AD domain): 2014-07-07 15:55:05,641 DEBUG FilterBasedLdapUserSearch,http-bio-0.0.0.0-80-exec-4:109 - Searching for user 'jdoe', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] 2014-07-07 15:55:15,150 DEBUG BindAuthenticator,http-bio-0.0.0.0-80-exec-4:142 - Failed to bind as cn=John Doe,ou=jasperusers: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@] My userSearch bean: <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <!--<value>(&(sAMAccountName={0})(&((objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=jasperusers,dc=sga,dc=es))))</value>--> <!-- <value>(&(objectClass=User)(memberOf=CN=JASPER_USERS,OU=jasperusers,DC=SGA,DC=ES)(sAMAccountName={0}))</value>--> <value>(sAMAccountName={0})</value> <!--<value>(sAMAccountName={0})</value>--> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean>[/code]Any ideas?. Regards.

Hi!. Same problem here..any news?

We have unsuccesfully tried to integrate our JasperServer with our Server 2008 R2 AD organization. These are the contents for the configuration file (applicationContext-externalAuth-LDAP.xml) : <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <property name="userDnPatterns"> <list> <value>uid={0},ou=users</value> </list> </property> </bean> </constructor-arg> ...</bean><bean id="ldapContextSource" class="org.springframework.security.ldap.JSLdapContextSource"> <constructor-arg value="ldap://ad1.contoso.com:389/dc=contoso,dc=com"/> <property name="userDn"><value>cn=Administrator,dc=contoso,dc=com</value></property> <property name="password"><value>Password</value></property></bean><bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"><value><span class="Forceful">cn=Users</span></value></constructor-arg> <constructor-arg index="1"><value><span class="Forceful">(sAMAccountName={0})</span></value></constructor-arg> <constructor-arg index="2"><ref local="ldapContextSource"/></constructor-arg> <property name="searchSubtree"><value>true</value></property></bean>[/code]Once the server is restarted it dows not just fail to login, it gives a 404 Tomcat Error. The "Administrator" user is part of the Builtin "Administrators" group. When the server starts, there is a new entry displaying the following error when reading applicationContext-externalAuth-LDAP.xml file: 2014-07-02 13:15:07,165 ERROR ContextLoader,localhost-startStop-1:318 - Context initialization failedorg.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:Line 1 in XML document from ServletContext resource[/WEB-INF/applicationContext-externalAuth-LDAP.xml] is invalid; nestedexception is org.xml.sax.SAXParseException: cvc-elt.1.a: Cannot find thedeclaration of element 'bean'.[/code] Regards. EDIT: Ok, we hve been testing anc checking this and "some" progress has been mande. Apparently AD binds. The user is checked (as per the user fulter search) and do found (we introduce the sAMAccountName string, i.e johndoe@contoso.com. We have a sample user who is part of a group following this schema: DOMAIN > OU=jasperusers > GROUP=jasper_users DOMAIN > OU=CityX > OU=Users >OU = it > CN = jhondoe This is what the log says: 2014-07-04 16:21:37,696 DEBUG SpringSecurityLdapTemplate,http-bio-0.0.0.0-80-exec-3:214 - Found DN: cn=John Doe,ou=IT,ou=Users,ou=CityX 2014-07-04 16:21:39,873 DEBUG BindAuthenticator,http-bio-0.0.0.0-80-exec-3:106 - Attemptimg to bind as cn=John Doe,ou=IT,ou=Users,ou=CityX,dc=contoso,dc=com And afther that error code 49 is triggered 2014-07-04 16:21:39,959 DEBUG BindAuthenticator,http-bio-0.0.0.0-80-exec-3:142 - Failed to bind as cn=John Doe,ou=IT,ou=Users,ou=CityX,dc=contoso,dc=com: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@] Any ideas?.