AD Authentification not working

0
I try to add an Authentification with Active Directory but users are not found.
User is found when i add cn={0} in "userDnPatterns" but i want to search with the sAMAccountName field.
Bean "userSearch" not match a user too.
 
My config :
 
<!-- ############ LDAP Authentication ############ --><bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">  <constructor-arg>    <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">     <constructor-arg><ref local="ldapContextSource"/></constructor-arg>      <property name="userSearch">        <ref local="userSearch" />      </property>      <property name="userDnPatterns">        <list>          <value>"cn={0},cn=Security"</value>                        <-- OK          <value>"sAMAccountName={0},ou=Users CompanyY,ou=Users,ou=admin</value>  <-- NOK            <value>"sAMAccountName={0},ou=Users CompanyY,ou=Users,ou=admin,dc=company,dc=lan</value>  <-- NOK        </list>      </property>    </bean>  </constructor-arg></bean>
<bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">  <constructor-arg value="ldap://addressserver:389/dc=company,dc=lan"/>  <property name="userDn"><value>"cn=monitoring,dc=Security,dc=company,dc=lan"</value></property>  <property name="password"><value>"password"</value></property>  <property name="referral" value="follow" /></bean>
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">  <constructor-arg index="0"><value></value></constructor-arg>  <constructor-arg index="1">     <value>(&amp;(sAMAccountName={0})(objectclass=user))</value>  </constructor-arg>  <constructor-arg index="2">    <ref local="ldapContextSource" />  </constructor-arg>  <property name="searchSubtree" value="true"/></bean>
Logs
Attempting to bind as cn=jgervais,ou=Security,dc=company,dc=lan2015-09-16 16:07:12,946 DEBUG DefaultSpringSecurityContextSource,http-bio-3001-exec-6:76 - Removing pooling flag for user cn=jgervais,ou=Security,dc=company,dc=lan2015-09-16 16:07:12,947 DEBUG BindAuthenticator,http-bio-3001-exec-6:152 - Failed to bind as "cn=jgervais,ou=Security": org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]2015-09-16 16:07:12,948 DEBUG BindAuthenticator,http-bio-3001-exec-6:108 - Attempting to bind as samaccountname=jgervais,cn=Users CompanyY,ou=Users,ou=admin,dc=company,dc=lan2015-09-16 16:07:12,949 DEBUG DefaultSpringSecurityContextSource,http-bio-3001-exec-6:76 - Removing pooling flag for user samaccountname=jgervais,cn=Users CompanyY,ou=Users,ou=admin,dc=company,dc=lan2015-09-16 16:07:12,950 DEBUG BindAuthenticator,http-bio-3001-exec-6:152 - Failed to bind as "sAMAccountName=jgervais,CN=Users CompanyY,ou=Users,ou=admin": org.springframework.ldap.AuthenticationException:
Jeremy.

jgervais's picture
Joined: Sep 16 2015 - 6:18am
Last seen: 5 years 1 month ago

2 Answers:

0

Have you looked here:

http://community.jaspersoft.com/documentation/tibco-jasperreports-server...

Where is the (objectclass=user)) coming from in your config, it doesn't seem like you should need that.

I see there is some inconsistency between the intro to this section and the code sample, one has userSearch, and the other has userDnPatterns.  Otherwise, you should be able to follow the sample.

elizam's picture
5191
Joined: Mar 5 2012 - 9:19am
Last seen: 2 months 4 weeks ago
0

I read this page but the configuration don't work for me.

 

<bean id="ldapAuthProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">   <constructor-arg>     <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">       <constructor-arg><ref local="ldapContextSource"/></constructor-arg>       <property name="userSearch"><ref local="userSearch" /></property>     </bean>   </constructor-arg> </bean> <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">  <constructor-arg value="ldap://ad01.company.lan:389/dc=company,dc=lan"/>  <property name="userDn"><value>"cn=monitoring,dc=Security,dc=company,dc=lan"</value></property>  <property name="password"><value>"password"</value></property>  <property name="referral" value="follow" /></bean><bean id="userSearch"  class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">  <constructor-arg index="0"><value></value></constructor-arg>  <constructor-arg index="1">  <!-- <value>(&amp;(sAMAccountName={0})(objectclass=user))</value> -->  <value>(&amp;(sAMAccountName={0}))</value>  </constructor-arg>  <constructor-arg index="2">    <ref local="ldapContextSource" />  </constructor-arg>  <property name="searchSubtree" value="true"/></bean>

My user is never found...

2015-10-01 16:31:35,745 DEBUG FilterChainProxy,http-bio-3001-exec-3:337 - /j_spring_security_check at position 8 of 19 in additional filter chain; firing Filter: 'UserPreferencesFilter' 2015-10-01 16:31:35,746 DEBUG FilterChainProxy,http-bio-3001-exec-3:337 - /j_spring_security_check at position 9 of 19 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy' 2015-10-01 16:31:35,746 DEBUG FilterChainProxy,http-bio-3001-exec-3:337 - /j_spring_security_check at position 10 of 19 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy' 2015-10-01 16:31:35,746 DEBUG EncryptionAuthenticationProcessingFilter,http-bio-3001-exec-3:205 - Request is to process authentication 2015-10-01 16:31:35,747 DEBUG ProviderManager,http-bio-3001-exec-3:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.internalAuth.InternalDaoAuthenticationProvider 2015-10-01 16:31:35,749 DEBUG InternalDaoAuthenticationProvider,http-bio-3001-exec-3:134 - User 'jgervais' not found 2015-10-01 16:31:35,750 DEBUG ProviderManager,http-bio-3001-exec-3:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider 2015-10-01 16:31:35,750 DEBUG JSLdapAuthenticationProvider,http-bio-3001-exec-3:65 - Processing authentication request for user: jgervais 2015-10-01 16:31:35,750 DEBUG FilterBasedLdapUserSearch,http-bio-3001-exec-3:107 - Searching for user 'jgervais', with user search [ searchFilter: '(&(sAMAccountName={0}))', searchBase: 'cn=Users', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] 2015-10-01 16:31:35,752 ERROR EncryptionAuthenticationProcessingFilter,http-bio-3001-exec-3:218 - An internal error occurred while trying to authenticate the user. org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:80)
jgervais's picture
Joined: Sep 16 2015 - 6:18am
Last seen: 5 years 1 month ago
Feedback
randomness