AD Authentification not working

Posted on September 16, 2015 at 6:48am
I try to add an Authentification with Active Directory but users are not found.
User is found when i add cn={0} in "userDnPatterns" but i want to search with the sAMAccountName field.
Bean "userSearch" not match a user too.
 
My config :
 
<!-- ############ LDAP Authentication ############ --><bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">  <constructor-arg>    <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">     <constructor-arg><ref local="ldapContextSource"/></constructor-arg>      <property name="userSearch">        <ref local="userSearch" />      </property>      <property name="userDnPatterns">        <list>          <value>"cn={0},cn=Security"</value>                        <-- OK          <value>"sAMAccountName={0},ou=Users CompanyY,ou=Users,ou=admin</value>  <-- NOK            <value>"sAMAccountName={0},ou=Users CompanyY,ou=Users,ou=admin,dc=company,dc=lan</value>  <-- NOK        </list>      </property>    </bean>  </constructor-arg></bean>
<bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">  <constructor-arg value="ldap://addressserver:389/dc=company,dc=lan"/>  <property name="userDn"><value>"cn=monitoring,dc=Security,dc=company,dc=lan"</value></property>  <property name="password"><value>"password"</value></property>  <property name="referral" value="follow" /></bean>
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">  <constructor-arg index="0"><value></value></constructor-arg>  <constructor-arg index="1">     <value>(&amp;(sAMAccountName={0})(objectclass=user))</value>  </constructor-arg>  <constructor-arg index="2">    <ref local="ldapContextSource" />  </constructor-arg>  <property name="searchSubtree" value="true"/></bean>
Logs 
Attempting to bind as cn=jgervais,ou=Security,dc=company,dc=lan2015-09-16 16:07:12,946 DEBUG DefaultSpringSecurityContextSource,http-bio-3001-exec-6:76 - Removing pooling flag for user cn=jgervais,ou=Security,dc=company,dc=lan2015-09-16 16:07:12,947 DEBUG BindAuthenticator,http-bio-3001-exec-6:152 - Failed to bind as "cn=jgervais,ou=Security": org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]2015-09-16 16:07:12,948 DEBUG BindAuthenticator,http-bio-3001-exec-6:108 - Attempting to bind as samaccountname=jgervais,cn=Users CompanyY,ou=Users,ou=admin,dc=company,dc=lan2015-09-16 16:07:12,949 DEBUG DefaultSpringSecurityContextSource,http-bio-3001-exec-6:76 - Removing pooling flag for user samaccountname=jgervais,cn=Users CompanyY,ou=Users,ou=admin,dc=company,dc=lan2015-09-16 16:07:12,950 DEBUG BindAuthenticator,http-bio-3001-exec-6:152 - Failed to bind as "sAMAccountName=jgervais,CN=Users CompanyY,ou=Users,ou=admin": org.springframework.ldap.AuthenticationException:
Jeremy.

JasperReports® Server
jgervais's picture
jgervais
17
Joined: Sep 16 2015 - 6:18am
Last seen: 7 years 12 months ago

2 Answers:

Posted on September 17, 2015 at 11:48am

Have you looked here:

http://community.jaspersoft.com/documentation/tibco-jasperreports-server...

Where is the (objectclass=user)) coming from in your config, it doesn't seem like you should need that.

I see there is some inconsistency between the intro to this section and the code sample, one has userSearch, and the other has userDnPatterns.  Otherwise, you should be able to follow the sample.

elizam's picture
elizam
15504
Joined: Mar 5 2012 - 9:19am
Last seen: 3 years 1 month ago
Posted on October 1, 2015 at 7:35am

I read this page but the configuration don't work for me.

 

<bean id="ldapAuthProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">   <constructor-arg>     <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">       <constructor-arg><ref local="ldapContextSource"/></constructor-arg>       <property name="userSearch"><ref local="userSearch" /></property>     </bean>   </constructor-arg> </bean> <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">  <constructor-arg value="ldap://ad01.company.lan:389/dc=company,dc=lan"/>  <property name="userDn"><value>"cn=monitoring,dc=Security,dc=company,dc=lan"</value></property>  <property name="password"><value>"password"</value></property>  <property name="referral" value="follow" /></bean><bean id="userSearch"  class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">  <constructor-arg index="0"><value></value></constructor-arg>  <constructor-arg index="1">  <!-- <value>(&amp;(sAMAccountName={0})(objectclass=user))</value> -->  <value>(&amp;(sAMAccountName={0}))</value>  </constructor-arg>  <constructor-arg index="2">    <ref local="ldapContextSource" />  </constructor-arg>  <property name="searchSubtree" value="true"/></bean>

My user is never found...

2015-10-01 16:31:35,745 DEBUG FilterChainProxy,http-bio-3001-exec-3:337 - /j_spring_security_check at position 8 of 19 in additional filter chain; firing Filter: 'UserPreferencesFilter' 2015-10-01 16:31:35,746 DEBUG FilterChainProxy,http-bio-3001-exec-3:337 - /j_spring_security_check at position 9 of 19 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy' 2015-10-01 16:31:35,746 DEBUG FilterChainProxy,http-bio-3001-exec-3:337 - /j_spring_security_check at position 10 of 19 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy' 2015-10-01 16:31:35,746 DEBUG EncryptionAuthenticationProcessingFilter,http-bio-3001-exec-3:205 - Request is to process authentication 2015-10-01 16:31:35,747 DEBUG ProviderManager,http-bio-3001-exec-3:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.internalAuth.InternalDaoAuthenticationProvider 2015-10-01 16:31:35,749 DEBUG InternalDaoAuthenticationProvider,http-bio-3001-exec-3:134 - User 'jgervais' not found 2015-10-01 16:31:35,750 DEBUG ProviderManager,http-bio-3001-exec-3:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider 2015-10-01 16:31:35,750 DEBUG JSLdapAuthenticationProvider,http-bio-3001-exec-3:65 - Processing authentication request for user: jgervais 2015-10-01 16:31:35,750 DEBUG FilterBasedLdapUserSearch,http-bio-3001-exec-3:107 - Searching for user 'jgervais', with user search [ searchFilter: '(&(sAMAccountName={0}))', searchBase: 'cn=Users', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] 2015-10-01 16:31:35,752 ERROR EncryptionAuthenticationProcessingFilter,http-bio-3001-exec-3:218 - An internal error occurred while trying to authenticate the user. org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:80)
jgervais's picture
jgervais
17
Joined: Sep 16 2015 - 6:18am
Last seen: 7 years 12 months ago
Feedback
randomness