Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationException: [LDAP: errorcode 49 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationException: [LDAP: errorcode 49

    Hi,

    I am configuring acegi-security with LDAP authentication.
    I cannot login successful because of bad credentials . I have the user :

    dn: cn=Member,ou=groups,dc=plk,dc=hk
    uniqueMember: cn=peter,ou=people,dc=plk,dc=hk

    What's going wrong on my applicationContext-acegi-security.xml setting ?

    [DEBUG,LdapAuthenticationProvider,http-8080-Processor25] Retrieving user
    peter
    [DEBUG,DefaultInitialDirContextFactory,http-8080-Processor25] Creating
    InitialDirContext with environment
    {java.naming.provider.url=ldap://plk.hk:389/dc=plk,dc=hk,
    java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory,
    java.naming.security.principal=cn=peter,ou=people, dc=plk,dc=hk,
    java.naming.security.authentication=simple,
    java.naming.security.credentials=******}
    [DEBUG,BindAuthenticator,http-8080-Processor25] Failed to bind as
    cn=peter,ou=people,dc=plk,dc=hk: javax.naming.AuthenticationException:
    [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment:
    AcceptSecurityContext error, data 525, v893^@]


    Here is my applicationContext-acegi-security.xml :


    <!-- ======================== FILTER CHAIN ======================= -->

    <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>

    <!-- if you wish to use channel security, add "channelProcessingFilter,"
    in front
    of "httpSessionContextIntegrationFilter" in the list below -->
    <bean id="filterChainProxy"
    class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT

    /**=httpSessionContextIntegrationFilter,logoutFilte r,authenticationProcessin
    gFilter,exceptionTranslationFilter,filterInvocatio nInterceptor
    </value>
    </property>
    </bean>



    <!-- ======================== AUTHENTICATION ======================= -->

    <bean id="authenticationManager"
    class="org.acegisecurity.providers.ProviderManager ">
    <property name="providers">
    <list>
    <ref local="ldapAuthenticationProvider"/>
    </list>
    </property>
    </bean>

    <bean id="initialDirContextFactory"
    class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
    <constructor-arg value="ldap://plk.hk:389/dc=plk,dc=hk"/>
    <property
    name="managerDn"><value>cn=Manager,dc=plk,dc=hk</value></property>
    <property name="managerPassword"><value>secret</value></property>
    </bean>

    <bean id="ldapPopulator"

    class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopu
    lator">
    <constructor-arg index="0" ref="initialDirContextFactory" />
    <constructor-arg index="1" value="ou=groups,dc=plk,dc=hk" />
    <property name="groupRoleAttribute" value="ou" />
    <property name="rolePrefix" value="ROLE_" />
    <property name="convertToUpperCase" value="true" />
    <property name="searchSubtree" value="true" />
    <!-- <property name="groupSearchFilter" value="(Member={0})" /> -->
    </bean>


    <bean id="userSearch"
    class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
    <constructor-arg index="0">
    <value>ou=people,dc=plk,dc=hk</value>
    </constructor-arg>
    <constructor-arg index="1">
    <value>(cn={0})</value>
    </constructor-arg>
    <constructor-arg index="2">
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    </bean>

    <bean
    class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
    <constructor-arg>
    <ref local="initialDirContextFactory"/>
    </constructor-arg>
    <property name="userSearch" ref="userSearch"/>
    </bean>


    <bean id="ldapAuthenticationProvider"
    class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
    <constructor-arg>
    <bean
    class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
    <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
    <property name="userDnPatterns">
    <list>
    <value>cn={0},ou=people</value>
    </list>
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <ref local="ldapPopulator"/>
    </constructor-arg>
    </bean>

    <!-- An access decision manager used by the business objects -->
    <bean id="httpRequestAccessDecisionManager"
    class="org.acegisecurity.vote.AffirmativeBased">
    <property
    name="allowIfAllAbstainDecisions"><value>false</value></property>
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter"/>
    </list>
    </property>
    </bean>

    <!-- Automatically receives AuthenticationEvent messages -->
    <bean id="loggerListener"
    class="org.acegisecurity.event.authentication.Logg erListener"/>

    <bean id="httpSessionContextIntegrationFilter"
    class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter">
    </bean>

    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    <constructor-arg value="/index.jsp"/> <!-- URL redirected to after
    logout -->
    <constructor-arg>
    <list>
    <bean
    class="org.acegisecurity.ui.logout.SecurityContext LogoutHandler"/>
    </list>
    </constructor-arg>
    </bean>

    <!-- ===================== HTTP REQUEST SECURITY ==================== -->

    <bean id="exceptionTranslationFilter"
    class="org.acegisecurity.ui.ExceptionTranslationFi lter">
    <property name="authenticationEntryPoint"><ref
    local="authenticationProcessingFilterEntryPoint"/></property>
    </bean>

    <bean id="authenticationProcessingFilter"
    class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
    <property name="authenticationManager"><ref
    bean="authenticationManager"/></property>
    <property
    name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value>
    </property>
    <property name="defaultTargetUrl"><value>/</value></property>
    <property
    name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    </bean>

    <bean id="authenticationProcessingFilterEntryPoint"
    class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint"
    >
    <property
    name="loginFormUrl"><value>/acegilogin.jsp</value></property>
    <property name="forceHttps"><value>false</value></property>
    </bean>


    <!-- Note the order that entries are placed against the
    objectDefinitionSource is critical.
    The FilterSecurityInterceptor will work from the top of the list down
    to the FIRST pattern that matches the request URL.
    Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions
    first, with LEAST SPECIFIC (ie a/.*) expressions last -->
    <bean id="filterInvocationInterceptor"
    class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
    <property name="authenticationManager"><ref
    local="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref
    local="httpRequestAccessDecisionManager"/></property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    \A/secure/super.*\Z=ROLE_WE_DONT_HAVE
    \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
    </value>
    </property>
    </bean>

    </beans>


    Thanks.
    PLKAlbert

  • #2
    First of all, it will be a lot easier to read your code and configuration if you use the [code]your code here[/code] tag.

    Second, you're more likely to get an answer if you post your question to the Acegi Security forum. Acegi Security is not using Spring LDAP for its LDAP integration.

    Comment

    Working...
    X