Announcement Announcement Module
Collapse
No announcement yet.
Ldap error 32 with AD, everything seems to be ok. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ldap error 32 with AD, everything seems to be ok.

    Hello everybody, I am trying to fix this problem for hours now. I already read about this error in a couple of farums. But my settings seems to be right!, so I dont know what I am missing!.

    Well, I used to use ApacheDS (all the logic is working fine with ApacheDS), but I want to change to AD. So I created this AD structure:

    dc=mycompany,dc=com
    -->O=domain1
    ----->OU=people
    --------uid=juan.seon
    --------uid=peter.some

    And I have created a manager User in the configuration with all the right.

    Spring security configurations and values:

    <ldap-server id="ldapServer" url="^{ldap.server.url}"
    manager-dn="^{ldap.server.manager.dn}"
    manager-password="^{ldap.server.manager.password}"/>

    <bean id="TBindAuthenticator" class="com.mycompany.security.client.authenticatio n.TBindAuthenticator">
    <constructor-arg ref="ldapServer" />
    <property name="bindDnPatterns">
    <list><value>^{security.ldap.bind.pattern}</value></list>
    </property>
    </bean>

    ldap.server.manager.dn=CN=Administrator,CN=Roles,C N=Configuration,CN={B74FC0BD-AFE5-410C-B342-56E712FAC060}
    ldap.server.manager.password=secret
    security.ldap.bind.pattern=uid={0},OU=people,O={1}

    So, here is where is failing:

    DirContext ctx = null;
    try {
    ctx = getContextSource().getContext(fullDn.toString(), password);

    Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
    ...

    When I get the Context (getContextSource().getContext(fullDn.toString(), password) I need to autenticate agains the AD. If the credentials are fine, then I am authenticated, otherwise, this trhow an exeption (LDAP: error code 49). So, I am authenticating agains the AD and I believe all the conection is working fine.

    But, when I enter the correct credentials, then I want so get the attributes. So, I am specifing the userdn (uid=juan.seon,ou=people,o=domain1) not the full DN. (I hear in the forum that this could be the problem, If I use the FullDN then I should get ldap error:32, but this is not the case).

    I am very confused about this, I think could be something related to the configurations in AD (I am new to AD). Configurations about the users? or the adminUser perhaps?? Any idea?

    Thanks in advance.

  • #2
    a new admin user under the partition "dc=mycompany,dc=com". But this was not the problem. The problem was that each user need to have the "READERS" role. So In the role "READERS" I added the user to the member attribute, and this was the solution. Not sure if this is the best solution, and I am not sure to fully understand Why!.

    Does anybody know the answer?

    Thanks!

    Comment

    Working...
    X