Announcement Announcement Module
Collapse
No announcement yet.
LDAP user-search filter trouble Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP user-search filter trouble

    I am working on an application that allows the user to log in and then verifies the user's information against an LDAP Server. I know something is wrong with my filter but i can't figure out what it is. What the user enters is their username which, is something like jsmith, and in the LDAP server jsmith's DN would be
    CN=SMITH\, JOHN,CN=Users,DC=WORK,DC=COM

    Also there is an attribute called sAMAccountName, which is the same as the username. I have also tried using this as a filter (sAMAccountName={0} )

    Any help would be greatly appreciated as i am getting further behind each day. thank you for any help
    Below is my a segment of my xml code and an the message

    XML
    <security:ldap-authentication-provider

    user-search-base="dc=WORK, dc=COM"
    user-search-filter="CN={0}"

    />

    ERROR MESSAGE
    2:08:19,882 DEBUG [AuthenticationProcessingFilter] Authentication request failed: org.springframework.security.AuthenticationService Exception: [LDAP:
    rror code 32 - 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, best match of:
    ''
    ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0,
    est match of:
    ''
    ]; remaining name ''; nested exception is org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A8, pro
    lem 2001 (NO_OBJECT), data 0, best match of:
    ''
    ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0,
    est match of:
    ''
    ]; remaining name ''
    THANKS
    -Mike

  • #2
    In a previous post you used the filter "DN=(mailNickname={0})". That seemed strange to me; mostly due to the "DN=" part. Now you're using a different filter and get a different error. That's promising. I don't think you can use "CN={0}", as the CN attribute usually (and in your example too) contains the full name of the user, eg "Smith\, John".

    When you tried samAccountName, did you get the same error?

    You're into Active Directory territory now, trying to identify which attribute to use for authentication in an AD server. It's not related to Spring LDAP. If you get any answers to AD-specific questions here, it's pure luck.

    Having said that, perhaps you could try the UID attribute?

    Comment

    Working...
    X