Announcement Announcement Module
Collapse
No announcement yet.
"different bases - and bind-users"-problems...[LDAP: error code 49 - Failed,...] Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • "different bases - and bind-users"-problems...[LDAP: error code 49 - Failed,...]

    Hi!

    I've a really weird problem with a Spring-LDAP-Integration. I'm using Spring-ldap-1.2-RC1.jar. (Same happens with newest version Spring-ldap-1.2.1.jar).

    My setup:

    I've a domino-LDAP-server, that has got two branches and a bunch of users:

    ************
    -top
    --- o=company1
    ------ cn=user1
    ------ cn=user2
    ------ cn=ldapbind1

    --- o=company2
    ------ cn=user3
    ------ cn=user4
    ------ cn=ldapbind2
    ************

    I want to write a program, that searches in either the branch company1 or in the branch company2 for the users contained in this branch.
    The branch to search in and the bind-user shall be configured in the application-context.xml.

    Here's how I use Spring:

    I'm using a org.springframework.ldap.core.LdapTemplate to access this LDAP-server.
    This is a possible example-code to search in the LDAP: List result = ldapTemplate.list("");
    (the actual LDAP-call doesn't really matter, others like ldapTemplate.search(...); provide the same phenomenon)

    Here is how the LdapTemplate is configured:

    ***************************

    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapC ontextSource">
    <property name="url" value="ldap://myLdapServer:389" />
    <property name="base" value="o=company1" />
    <property name="userDn" value="cn=ldapbind1,o=company1" />
    <property name="password" value="ldapbind" />
    </bean>

    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate" >
    <constructor-arg ref="contextSource" />
    </bean>

    ***************************

    The above configuration works, If I execute my LdapTemplate-code, I get a result with the users of the branch company1, i.e. user1, user2 and ldapbind1.

    The following configuration does not work, If I execute my LdapTemplate-code, I always get a "LDAP: error code 49":
    org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Failed, invalid credentials for cn=ldapbind2,o=company2]; Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Failed, invalid credentials for cn=ldapbind2,o=company2]

    ***************************

    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapC ontextSource">
    <property name="url" value="ldap://myLdapServer:389" />
    <property name="base" value="o=company2" />
    <property name="userDn" value="cn=ldapbind2,o=company2" />
    <property name="password" value="ldapbind" />
    </bean>

    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate" >
    <constructor-arg ref="contextSource" />
    </bean>

    ***************************

    I tried this many, many, many times and I am sure, that the credentials are the right ones, also:

    If I use a LDAP-Browser I can see the users of the LDAP-branch company1 using the bind-user "ldapbind1" and the base "o=company1". I am also able to see the users of the LDAP-branch company2 using the bind-user "ldapbind2" and the base "o=company2".

    And also, I coded these two lookups directly with JNDI without Spring and everything works like a charm. So, I assume I'm using Spring-Template the wrong way or I've encountered a bug here.


    Any idea, how I can track down this problem?

    Best Regards, Mickey

  • #2
    I can't interpret this in any other way than that the credentials supplied for ldapbind2 is incorrect. After all, that's what the exception says, and Spring LDAP doesn't do anything particular with the credentials, it'll just pass 'ldapbind' as the credentials, just as specified in the configuration file.

    Now, you mention that you have JNDI code working, so that might be a good place to start. I would advise you to debug and inspect the hashtable contents just before the Context creation in both cases (in the Spring LDAP case that would be in AbstractContextSource.createContext()).

    It would also be interesting to see the corresponding JNDI code, just to compare.

    Comment


    • #3
      btw, please use code tags; it makes the post so much easier to read.

      Comment


      • #4
        It works!

        Hejsan Rasky!

        Thank you very much for your answer and your hint to inspect the hashtable during creating the contexts.

        I did so and found, that the not working spring-code looked up the wrong
        LDAP-Server...*arrrglll*

        I only say property-override-configurer...

        Merry Christmas!

        Mickey

        Comment

        Working...
        X