|
|
Authenticating Jasper server with LDAP to AD
Hello,
I'm extremely new at this. Could anyone please instruct me what I'm doing wrong. I feel like I'm adding the correct information but my log makes me feel like it's not even using the ldap.
I've used other variances as well. Any help is greatly appreciated.
Here is my info:
lt;bean id=quot;authenticationManagerquot; class=quot;org..security.providers.Prov iderManagerquot;gt; lt;property name=quot;providersquot;gt;lt;listgt; lt;!-- not on by default --gt; lt;ref local=quot;ldapAuthenticationProviderquot;/gt; lt;ref bean=quot;${bean.daoAuthenticationProvider}quot;/gt; lt;ref bean=quot;anonymousAuthenticationProviderquot;/gt; lt;!--ref local=quot;jaasAuthenticationProviderquot;/--gt;lt;/listgt; lt;/propertygt; lt;/beangt;
lt;!-- For LDAP authentication --gt; lt;bean id=quot;ldapContextSourcequot; class=quot;org..security.ldap.DefaultSp ringSecurityContextSourcequot;gt; lt;constructor-arg value=quot;ldap--server.name.lan:389/dc=domain name,dc=lanquot;/gt; lt;!-- You may not need the next properties --gt; lt;property name=quot;userDnquot;gt;lt;valuegt;marco rankinlt;/valuegt;lt;/propertygt; lt;property name=quot;passwordquot;gt;lt;valuegt;$$2alafakelt;/valuegt;lt;/propertygt; lt;/beangt; lt;!-- For LDAP authentication This bean is not used by default --gt; lt;bean id=quot;userSearchquot;class=quot;org..security.ldap.search.Fi lterBasedLdapUserSearchquot;gt; lt;constructor-arg index=quot;0quot;gt; lt;valuegt;lt;/valuegt; lt;/constructor-arggt; lt;constructor-arg index=quot;1quot;gt; lt;valuegt;(uid={0})lt;/valuegt; lt;/constructor-arggt; lt;constructor-arg index=quot;2quot;gt; lt;ref local=quot;ldapContextSourcequot; /gt; lt;/constructor-arggt; lt;property name=quot;searchSubtreequot;gt; lt;valuegt;truelt;/valuegt; lt;/propertygt; lt;/beangt; lt;!-- For LDAP authentication --gt; lt;bean id=quot;ldapAuthenticationProviderquot; class=quot;org..security.providers.ldap .LdapAuthenticationProviderquot;gt; lt;constructor-arggt; lt;bean class=quot;org..security.providers.ldap .authenticator.BindAuthenticatorquot;gt; lt;constructor-arggt;lt;ref local=quot;ldapContextSourcequot;/gt;lt;/constructor-arggt; lt;!-- lt;property name=quot;userDnPatternsquot;gt;lt;listgt;lt;valuegt;uid={0}lt;/valuegt;lt;/listgt;lt;/propertygt; --gt; lt;property name=quot;userSearchquot; ref=quot;userSearchquot;/gt; lt;/beangt; lt;/constructor-arggt; lt;constructor-arggt; lt;bean class=quot;org..security.ldap.populator .DefaultLdapAuthoritiesPopulatorquot;gt; lt;constructor-arg index=quot;0quot;gt;lt;ref local=quot;ldapContextSourcequot;/gt;lt;/constructor-arggt; lt;constructor-arg index=quot;1quot;gt;lt;valuegt;lt;/valuegt;lt;/constructor-arggt; lt;property name=quot;groupRoleAttributequot;gt;lt;valuegt;cnlt;/valuegt;lt;/propertygt; lt;property name=quot;groupSearchFilterquot;gt;lt;valuegt;(amp;amp;(uniqueMembe r={0})(objectclass=groupofuniquenames))lt;/valuegt;lt;/propertygt; lt;property name=quot;searchSubtreequot;gt;lt;valuegt;truelt;/valuegt;lt;/propertygt; lt;/beangt; lt;/constructor-arggt; lt;/beangt;Log:
2011-02-15 14:33:22,892 WARN LoggerListener,from-8080-2:60 - Authentication event AuthenticationFailureBadCredentialsEvent: matt.test; details: org..security.ui.WebAuthenticationD etails@ffffa64e: RemoteIpAddress: 10.110.142.16; SessionId: CBC4B43A339A9D0017056377E02FB808; exception: Bad credentials
Originally Posted by mattdaCould anyone please instruct me what I'm doing wrong. I feel like I'm adding the correct information but my log makes me feel like it's not even using the ldap.
Please describe the issue you are having. It is very difficult to help if no one knows what the issue is.
Originally Posted by mattda2011-02-15 14:33:22,892 WARN LoggerListener,from-8080-2:60 - Authentication event AuthenticationFailureBadCredentialsEvent: matt.test; details: org..security.ui.WebAuthenticationD etails@ffffa64e: RemoteIpAddress: 10.110.142.16; SessionId: CBC4B43A339A9D0017056377E02FB808; exception: Bad credentials
The message logged is just indicating that you provided invalid username/password.
From the partial configuration you have posted it appears Spring Security will try to authenticate against ldap and then the dao. I would use the namespace configuration as it simplifies things. Another pointer is to turn on logging and see what the ldap queries are and then ensure that they return the user when running the query in an ldap tool.
Ok. I really appreciate the reply.
The issue is that my test user account in Active Directory isn't authenticating.
Can you give me an example or point me in the direction of the quot;namespace configurationquot;? Super appreciated.
Thank you
Matt
There is a sample LDAP application for Spring Security. However, I am not aware of a sample that is specific to AD. One option is the Spring Security book which covers AD in some detail.
Some of the Spr Sec unit tests are quite instructive in more advanced uses of LDAP. And, if you don't have background in LDAP concepts, I would highly recommend getting a good grounding in terminology and architecture first. The Zytrax LDAP book (free, online) is a great resource for beginners. Also be aware that under the covers, Spr Sec is using Spring LDAP, so you'll want to be aware of the functionality there if you are going to be doing anything advanced.
Thank you pmularien. I'll definitely check it out. Another one of our system admins was able to get it going.
I wasn't setting User DN with the correct LDAP path.
I also needed to change the userSearch value from quot;uidquot; to quot;sAMAccountNamequot; since it's Active Directory.
I wasn't too far off. This whole process was a great learning experience. Thank you for the book reference. I'll definitely check it out. |
|
Post at 2011-4-15 14:34
| This Author's Posts Only
