Announcement Announcement Module
Collapse
No announcement yet.
LDAP Authentication Problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP Authentication Problem

    Hi all,

    Please excuse me for posting this here as AFAIK this is not an Acegi problem as such but it's really puzzling me.

    I am trying to configure LdapAuthenticationProvider using the BindAuthenticator. I have managed to get it working using a DN that includes the CN of the user being authenticated:

    Code:
    	<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
    		<constructor-arg value="ldap://my.ldap.server:389/o=psygrid,c=uk"/>
    	</bean>
    
    	<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
    		<constructor-arg>
    			<bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
    				<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
    				<property name="userDnPatterns">
    					<list>
    						<value>cn={0},ou=users</value>
    					</list>
    				</property>
    			</bean>
    		</constructor-arg>
    		<constructor-arg>
    			<bean class="org.psygrid.ldap.PsygridLdapAuthoritiesPopulator" />
    		</constructor-arg>
    	</bean>
    However, what I really want to do is authenticate against the UID of the user, not the CN (so in the config above I just change cn={0} to uid={0}). But whenever I try this I get an AuthenticationException:

    Code:
    2007-01-08 12:12:11,325 [http-8080-Processor25] DEBUG org.acegisecurity.providers.ldap.authenticator.BindAuthenticator - Failed to bind as uid=myuser,ou=users,o=psygrid,c=uk: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    Anybody got any ideas? I've not got much experience with LDAP so am a bit stumped.

  • #2
    In your case the DN uses the CN attribute, not the UID, so a user might be

    cn=joe,ou=users,etc

    but there is no user with DN

    uid=joe,ou=users,etc

    If you're using the bind authenticator, you are attempting to authenticate as the user with this DN, which obviously won't work, since they don't exist. Check your LDAP server log and debug through the Acegi code to verify what happens.

    You'll probably need to configure a search bean to locate the user first, then do the bind.

    Comment


    • #3
      Hi Luke,

      Thanks for you reply. I now have it working as intended using FilterBasedLdapUserSearch:

      Code:
      	<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
      		<constructor-arg value="ldap://my.ldap.server:389/"/>
      	</bean>
      
              <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
      		<constructor-arg index="0">
      			<value>ou=users,o=psygrid,c=uk</value>
      		</constructor-arg>
      		<constructor-arg index="1">
      			<value>(uid={0})</value>
      		</constructor-arg>
      		<constructor-arg index="2">
      			<ref local="initialDirContextFactory" />
      		</constructor-arg>            
      		<property name="searchSubtree">
      		  	<value>true</value>
      		</property>            
              </bean>            
      
      	<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
      		<constructor-arg>
      			<bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
      				<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
      				<property name="userSearch">
      					<ref local="userSearch" />
      				</property>
      			</bean>
      		</constructor-arg>
      		<constructor-arg>
      			<bean class="org.psygrid.web.ldap.PsygridLdapAuthoritiesPopulator" />
      		</constructor-arg>
      	</bean>
      Your help was much appreciated.

      cheers, Rob

      Comment

      Working...
      X