Can't get LDAP working no matter what (6.3.0 community edition)

0

Hi,

I've been trying for 2 days to get LDAP authentication working but I am getting nowhere. I've edited the sample file provided and put it into place, but I just can't get a single successful login.

I've enabled debugging level logging on "org.springframework.security"  and this is the only reference to ldap in my jasperserver.log

 

2016-11-17 15:12:48,840 DEBUG ProviderManager,http-bio-8443-exec-5:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider
2016-11-17 15:12:48,841 DEBUG FilterBasedLdapUserSearch,http-bio-8443-exec-5:107 - Searching for user 'stewie', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'cn=jasperusers,OU=Security Groups,OU=MyBusiness', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2016-11-17 15:12:48,937 DEBUG SpringSecurityLdapTemplate,http-bio-8443-exec-5:211 - Searching for entry under DN 'dc=CBMR,dc=local', base = 'cn=jasperusers,ou=Security Groups,ou=MyBusiness', filter = '(sAMAccountName={0})'
2016-11-17 15:12:48,950 DEBUG ProviderManager,http-bio-8443-exec-5:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.internalAuth.InternalDaoAuthenticationProvider
 
The user "stewie" exists and is a member of the "Jasperusers" group that definitely exists in the following LDAP context (copied and pasted below from adsi edit):
 
The group: CN=jasperusers,OU=Security Groups,OU=MyBusiness,DC=CBMR,DC=local

The user: CN=Stewie,CN=Users,DC=CBMR,DC=local

 

This is my relevant config:

 

 <bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
        <constructor-arg>
            <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
                <constructor-arg><ref local="ldapContextSource"/></constructor-arg>
                <property name="userSearch" ref="userSearch"/>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
                <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
                <constructor-arg index="1"><value></value></constructor-arg>
                <property name="groupRoleAttribute" value="title"/>
                <property name="groupSearchFilter" value="(&amp;(member={0})(objectclass=group)(cn=jasper*))"/>
                <property name="searchSubtree" value="true"/>
                <!-- Can setup additional external default roles here  <property name="defaultRole" value="LDAP"/> -->
            </bean>
        </constructor-arg>
    </bean>
 
    <bean id="userSearch"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
        <constructor-arg index="0">
            <value>cn=jasperusers,OU=Security Groups,OU=MyBusiness</value>
        </constructor-arg>
        <constructor-arg index="1">
            <value>(sAMAccountName={0})</value>
        </constructor-arg>
        <constructor-arg index="2">
            <ref local="ldapContextSource" />
        </constructor-arg>
        <property name="searchSubtree">
            <value>true</value>
        </property>
    </bean>
 
    <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
        <constructor-arg value="ldap://luna.cbmr.local:389/DC=CBMR,DC=local"/>
        <!-- manager user name and password (may not be needed)  -->
        <property name="userDn" value="CN=Script Runner,OU=Domain Service Accounts,DC=CBMR,DC=local"/>
        <property name="password" value="mypassword"/>
    </bean>
 

I don't really know where to go from here. The Jasper docs are pretty thin in this regard and I've enabled debugging but am not getting any error messages, just the single instance of an auth attempt using LDAP. 

I've tested changing the LDAP binding details to an invalid username and was able to produce an ldap binding error in the logs so I know that part is working. I just don't know the exact syntax to get it to correctly look for members of the jasperusers group.

Any information greatly appreciated, we've wasted days on trying to get this to work :( Thanks

 

 

dion.g's picture
2
Joined: Oct 19 2016 - 4:34pm
Last seen: 3 years 11 months ago

1 Answer:

0

IIRC, we don't actually support LDAP groups, just attributes.  This is definitely a limitation.  I don't know if other users have figured out how to support groups.

elizam's picture
5171
Joined: Mar 5 2012 - 9:19am
Last seen: 2 months 2 weeks ago
Feedback