Announcement Announcement Module
No announcement yet.
User DN with spaces causes Failed To Parse DN exception Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • User DN with spaces causes Failed To Parse DN exception

    I am having an issue with a DN that has a space in it. It is being used via a bean in spring-security for an LdapContextSource. Specifically:

    	<beans:bean id="adContextSource" class="">
    		<beans:property name="url" value="ldap://,dc=com"/>
    		<beans:property name="base" value="dc=company,dc=com"/>
    		<beans:property name="userDn">
    			<beans:value>cn=!vpnmigration,ou=Service Accounts,ou=West Chester,ou=Corporate,dc=cable,dc=company,dc=com</beans:value>
    		<beans:property name="password">

    When this bean tries to authenticate i get:

    [DEBUG,AbstractContextSource] Got Ldap context on server 'ldap://,dc=com/dc=comcast,dc=com'
    [DEBUG,DefaultListableBeanFactory] Returning cached instance of singleton bean ' RegistryImpl#0'
    [DEBUG,UsernamePasswordAuthenticationFilter] Authentication request failed: ticationServiceException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 21. Encountered: "=" (61), after : ""

    I have tried to backslash the spaces, but it does not seem to help - they end up being passed as the username and causing the authentication to fail:

    [DEBUG,UsernamePasswordAuthenticationFilter] Authentication request failed: ticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
    Last edited by wuntee; Apr 20th, 2010, 11:10 AM.

  • #2
    Sorry - the problem does seem to be an authentication failure with the DN with the spaces in it.
    Last edited by wuntee; Apr 20th, 2010, 11:51 AM.


    • #3
      Actually - and I just realized this cant be the case because I am using a similar bean somewhere else with the same username/password. It has to be some problem with the security framework...


      • #4
        sorry for the mass posts, but my problem ended up being that there were 2 ldap contexts that authenticated with the same username/dn - that user was only allowed to have 1 session open... frustrating!


        • #5
          You have "dc=company,dc=com" in both the url and the base attribute. You need to choose one or the other. I recommend that you remove it from url.