Announcement Announcement Module
Collapse
No announcement yet.
Active Directory LDAP Authentication - LDAP Error: 32 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory LDAP Authentication - LDAP Error: 32

    I'm having some trouble using spring to authenticate to AD over LDAP for uPortal 3.1 . I have the following bean configuration:

    <bean id="defaultLdapContext" class="org.springframework.ldap.core.support.LdapC ontextSource">
    <property name="url" value="ldap://campus.ads.uwe.ac.uk:389"/>
    <property name="base" value="DC=campus,DC=ads,DC=uwe,DC=ac,DC=uk"/>
    <property name="userDn" value="CN=svc-uportal,OU=Services,DC=campus,DC=ads,DC=uwe,DC=ac, DC=uk"/>
    <property name="password" value="*******"/>
    <property name="baseEnvironmentProperties">
    <map>
    <entry>
    <key>
    <value>java.naming.security.authentication</value>
    </key>
    <value>simple</value>
    </entry>
    </map>
    </property>
    <property name="pooled" value="false"/>
    </bean>

    This works, in as much as, the initial bind to create the authenticated context with the userDn and password (I know it works because when I put the wrong password in I get: LDAP error 49 (52e) - which means incorrect password). However, when attempting to authenticate a user who is attempting to log into the portal, I'm getting an LDAP error 32 (No Object). It's almost as if the search base is not right, or maybe the username needs to be passed along with the domain name (user@domain or domain\user). I've tried everything I can think of including various convoloutions of the base, changing the uid from cn to uid ... But that just seemed to make things worse.

    The error I'm getting:

    ERROR [TP-Processor1] provider.UnionSecurityContext.[] Apr/30 10:20:36 - Exception authenticating subcontext org.jasig.portal.security.provider.SimpleLdapSecur ityContext@44fd2549
    org.jasig.portal.security.PortalSecurityException: SimpleLdapSecurityContext: LDAP Errorjavax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
    'OU=Users,OU=Student,DC=campus,DC=ads,DC=uwe,DC=ac ,DC=uk'
    ]; remaining name 'DC=campus,DC=ads,DC=uwe,DC=ac,DC=uk' with user: tstd71



    Does anyone have any ideas?

    Thanks,
    Nick

    University of the West of England, Bristol
    Last edited by Nick[UWE]; Apr 30th, 2009, 08:19 AM.

  • #2
    I have now managed to get this working by completely blanking out the 'base' property like so:

    Code:
    <bean id="defaultLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="url" value="ldap://campus.ads.uwe.ac.uk:389"/>
        <property name="base" value=""/>
        <property name="userDn" value="CN=svc-uportal,OU=Services,DC=campus,DC=ads,DC=uwe,DC=ac,DC=uk"/>
        <property name="password" value="******"/>
        <property name="baseEnvironmentProperties">
          <map>
            <entry>
              <key>
                <value>java.naming.security.authentication</value>
              </key>
              <value>simple</value>
            </entry>
          </map>
        </property>
        <property name="pooled" value="false"/>
    </bean>
    Why this works is beyond me, maybe someone could shed some light?

    Comment


    • #3
      Active Directory LDAP Authentication

      In AbstractContextSource (parent of LdapContextSource), the Javadoc for the setBase() method says the following:
      "Set the base suffix from which all operations should origin. If a base suffix is set, you will not have to (and, indeed, must not) specify the full distinguished names in any operations performed.".
      Since you specify the full DN for the userDN, hence you must not specify the base.

      Comment

      Working...
      X