Announcement Announcement Module
Collapse
No announcement yet.
Spring | Acegi | Ldap integration Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring | Acegi | Ldap integration

    We have a ldap server from sunone.

    Currently we are trying to authenticate user using Spring framework with Acegi plugin and running into problems.

    The spring configuration is as below:
    <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.authentica tor.PasswordComparisonAuthenticator">
    <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
    <property name="userSearch" ref="userSearch" />
    <property name="passwordEncoder" ref="ldapShaPasswordEncoder"/>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopulator">
    <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
    <constructor-arg><value>ou=groups</value></constructor-arg>
    <property name="groupRoleAttribute"><value>ou</value></property>
    </bean>
    </constructor-arg>
    </bean>

    <bean id="ldapShaPasswordEncoder" class="org.acegisecurity.providers.ldap.authentica tor.LdapShaPasswordEncoder"/>

    <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
    <constructor-arg index="0" value="dc=com,dc=ni" />
    <constructor-arg index="1" value="(cn={0}),ou=Users,ou=digitalPubs" />
    <constructor-arg index="2" ref="initialDirContextFactory" />
    <property name="searchSubtree" value="true" />
    </bean>

    While running the authenticator from the front end, we are getting the following exception.

    [DEBUG] 18:02:23 LdapAuthenticationProvider - Retrieving user tolpub_admin
    [DEBUG] 18:02:23 DefaultInitialDirContextFactory - Creating InitialDirContext with environment {java.naming.provider.url=ldap://10.210.7.213:389/dc=ni,dc=com, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=cn=Directory Manager,dc=ni,dc=com, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******}
    [ERROR] 18:02:23 TestUser - *** Authentication failed => org.acegisecurity.BadCredentialsException: Bad credentials; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
    org.acegisecurity.BadCredentialsException: Bad credentials; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
    Caused by: javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:289)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:265 7)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:190)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:208)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:151)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:81)
    at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:675)
    at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:257)
    at javax.naming.InitialContext.init(InitialContext.ja va:233)
    at javax.naming.InitialContext.<init>(InitialContext. java:209)


    The logs do indicate that the connection to the LDAP server is being established properly, but its not able to locate the user in the tree. I have validated this user from LDAP brower and it is present.

    Any suggestion would be helpful.

  • #2
    First of all, you should post your question in the Acegi Security forum. They have their own LDAP framework, which is different from the Spring LDAP framework.

    However, I do find your search filter a little weird:

    Code:
    (cn={0}),ou=Users,ou=digitalPubs
    The parts after the closing bracket might be ignored, or worse, your filter might be considered incorrect. If you want to start the search in "ou=users,ou=digitalpubs", you should add it to your searchBase property:

    Code:
    <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
      <constructor-arg index="0" value="ou=Users,ou=digitalPubs,dc=com,dc=ni" />
      <constructor-arg index="1" value="(cn={0})" />
      <constructor-arg index="2" ref="initialDirContextFactory" />
      <property name="searchSubtree" value="true" />
    </bean>
    And of you already have the "dc=com,dc=ni" in your java.naming.provider.url, which I thought I saw in your environment properties, you should not have it in your searchBase:

    Code:
    <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
      <constructor-arg index="0" value="ou=Users,ou=digitalPubs" />
      <constructor-arg index="1" value="(cn={0})" />
      <constructor-arg index="2" ref="initialDirContextFactory" />
      <property name="searchSubtree" value="true" />
    </bean>

    Comment


    • #3
      thanks, I will keep in mind to post such request to the right group.

      We were able to solve the problem , by making some configuration changes.

      <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
      <constructor-arg value="ldap://10.210.7.213:389/dc=ni,dc=com"/>
      <property name="managerDn"><value>cn=Directory Manager</value></property>
      <property name="managerPassword"><value>password</value></property>
      </bean>

      <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
      <constructor-arg>
      <bean class="org.acegisecurity.providers.ldap.authentica tor.PasswordComparisonAuthenticator">
      <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
      <property name="userDnPatterns"><list><value>cn={0},ou=Users ,ou=digitalPubs</value></list></property>
      <!-- property name="userSearch" ref="userSearch" /-->
      <!-- property name="passwordEncoder" ref="ldapShaPasswordEncoder"/-->
      </bean>

      Things to note in the above configuration are highlighted above.

      Thanks for all the help.

      Regards
      Om

      Comment

      Working...
      X