I am seeing an LDAP issue in JRS 5.5.
LDAP (Active Directory) authentication is configured and working as expected.
However, users are in multiple branches, ie:
CN=exampleuser1,OU=Users,DC=mycompany,DC=com
CN=exampleuser2,OU=Staff,DC=mycompany,DC=com
2 Answers:
Try userDnPatterns in ldapAuthenticationProvider's BindAuthenticator. This might help http://community.jaspersoft.com/documentation/jasperreports-server-authe...
<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <property name="userDnPatterns"> <list> <value>CN={0},OU=Users,DC=mycompany,DC=com</value> <value>CN={0},OU=Staff,DC=mycompany,DC=com</value> </list> </property> </bean> </constructor-arg> ....... </bean>
If that is not enough, configure several ldapAuthenticationProvider's pointing to different branches.
<bean id="ldapAuthenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider1"/> <ref local="ldapAuthenticationProvider2"/> .... <ref local="ldapAuthenticationProviderN"/> <ref bean="${bean.daoAuthenticationProvider}"/> </list> </property> </bean>
Each ldapAuthenticationProvider can point to the its own userSearch1...N
userDnPatterns is not viable because the search needs (and multi-branching of user records) are actually a bit more complex than the example I posted here.
Howver, I did implement your 2nd suggestion prior to your posting it, and that seems to work fine.
I guess I still wonder why not specifying the branch at all (and simply searching the entire base path) takes such a long time.
If I perform an indentical search (of the entire base path) on the CLI using ldapsearch, the result is returned immediately.
