Announcement Announcement Module
Collapse
No announcement yet.
User Authentication Error Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Authentication Error

    First time with LDAP and in short time:-). I used LDAP user authentication as explained in the spring documentation and I am getting the following error. Any help would be greatly appreciated.

    Code:
    2010-07-21 22:29:07,343 DEBUG [ProviderManager.java:117] : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
    2010-07-21 22:29:07,343 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
    2010-07-21 22:29:07,343 DEBUG [BindAuthenticator.java:108] : Attempting to bind as samaccountname=kitsp,ou=people,cn=Users,dc=vta,dc=mycompany,dc=com
    2010-07-21 22:29:07,343 DEBUG [DefaultSpringSecurityContextSource.java:73] : Removing pooling flag for user samaccountname=kitsp,ou=people,cn=Users,dc=vta,dc=mycompany,dc=com
    2010-07-21 22:29:07,390 DEBUG [BindAuthenticator.java:150] : Failed to bind as sAMAccountName=kitsp,ou=people: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
    my app context.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<security:http auto-config='true'>
    		<security:form-login login-page="/login.jsp"
    			default-target-url="/viewMessageList.action"
    			always-use-default-target="true" authentication-failure-url="/login.jsp?error=true" />
    		<security:intercept-url pattern="/login.jsp"
    			access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:intercept-url pattern="/includes/**"
    			access="IS_AUTHENTICATED_ANONYMOUSLY" />
    	<!-- 	<security:intercept-url pattern="/**" access="ROLE_SUI" />  -->
    		<security:logout logout-success-url="/login.jsp" />
    	</security:http>
    <security:ldap-server url="ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com" />
    	<security:authentication-manager>
    		<security:ldap-authentication-provider
                user-dn-pattern="sAMAccountName={0},ou=people"
            />        
            <security:authentication-provider ref='secondLdapProvider' />         
    	</security:authentication-manager>
    
        <!-- Traditional Bean version of the same configuration -->
    
        <!-- This bean points at the embedded directory server created by the ldap-server element above  -->
        <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
            <constructor-arg value="ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com"/>
        </bean>
    
        <bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
            <constructor-arg>
                <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                    <constructor-arg ref="contextSource"/>
          <property name="userDnPatterns">
            <list><value>sAMAccountName={0},ou=people</value></list>
          </property>
    
                </bean>
            </constructor-arg>
            <constructor-arg>
                <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                     <constructor-arg ref="contextSource"/>
          			<constructor-arg value="ou=groups"/>
          			<property name="groupRoleAttribute" value="ou"/>
                </bean>
            </constructor-arg>
        </bean>
    
    </beans>
    Last edited by kitsVA; Jul 22nd, 2010, 12:09 AM.

  • #2
    I also tried with the following config and still have the problems

    Code:
    .
    .
    .
    <security:authentication-manager>
    		<security:ldap-authentication-provider
                group-search-filter="member={0}"
                group-search-base="ou=groups"
                user-search-base="ou=people"
                user-search-filter="sAMAccountName={0}"
            />        
            <security:authentication-provider ref='secondLdapProvider' />         
    	</security:authentication-manager>
    .
    .
    <bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
            <constructor-arg>
                <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                    <constructor-arg ref="contextSource"/>
                    <property name="userSearch">
                        <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                          <constructor-arg index="0" value="ou=people"/>
                          <constructor-arg index="1" value="(sAMAccountName={0})"/>
                          <constructor-arg index="2" ref="contextSource" />
                        </bean>
                    </property>
                </bean>
            </constructor-arg>
            <constructor-arg>
                <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                     <constructor-arg ref="contextSource"/>
          			<constructor-arg value="ou=groups"/>
          			<property name="groupRoleAttribute" value="ou"/>
                </bean>
            </constructor-arg>
        </bean>
    
    .
    .
    .
    the error is:
    23:07:11,968 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
    2010-07-21 23:07:11,968 DEBUG [FilterBasedLdapUserSearch.java:107] : Searching for user 'kitsp', with user search [ searchFilter: 'sAMAccountName={0}', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
    2010-07-21 23:07:11,968 DEBUG [AbstractContextSource.java:259] : Got Ldap context on server 'ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com'
    2010-07-21 23:07:11,984 DEBUG [ProviderManager.java:117] : Authentication attempt using org.springframework.security.ldap.authentication.L dapAuthenticationProvider
    2010-07-21 23:07:11,984 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
    2010-07-21 23:07:11,984 DEBUG [FilterBasedLdapUserSearch.java:107] : Searching for user kitsp', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
    2010-07-21 23:07:11,984 DEBUG [AbstractContextSource.java:259] : Got Ldap context on server 'ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com'
    2010-07-21 23:07:11,984 DEBUG [AbstractAuthenticationProcessingFilter.java:319] : Authentication request failed: org.springframework.security.authentication.Authen ticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=Users,DC=vta,DC=mycompany,DC=com'
    I made the user-search-base to empty string and I now get a new error that says Bad Credentials
    2010-07-21 23:18:16,031 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
    2010-07-21 23:18:16,031 DEBUG [FilterBasedLdapUserSearch.java:107] : Searching for user 'kitsp', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
    2010-07-21 23:18:16,031 DEBUG [AbstractContextSource.java:259] : Got Ldap context on server 'ldap://myldapserver.vta.mycompany.com/dc=vta,dc=mycompany,dc=com'
    2010-07-21 23:18:16,031 DEBUG [SpringSecurityLdapTemplate.java:197] : Searching for entry in under DN 'dc=vta,dc=mycompany,dc=com', base = '', filter = '(sAMAccountName={0})'
    2010-07-21 23:18:16,031 INFO [SpringSecurityLdapTemplate.java:218] : Ignoring PartialResultException
    2010-07-21 23:18:16,031 DEBUG [AbstractAuthenticationProcessingFilter.java:319] : Authentication request failed: org.springframework.security.authentication.BadCre dentialsException: Bad credentials
    Last edited by kitsVA; Jul 22nd, 2010, 12:08 AM.

    Comment

    Working...
    X