Spring security ldap authentication with different ldap for authorities
Posted
by wuntee
on Stack Overflow
See other posts from Stack Overflow
or by wuntee
Published on 2010-04-19T23:16:14Z
Indexed on
2010/04/19
23:23 UTC
Read the original article
Hit count: 574
spring-security
|authentication
I am trying to set up an ldap authentication context where the authorities is a separate ldap instance (with the same principal name). I am having trouble setting up the authentication part, the logs dont show any search results for the following context. Can anyone see what I am doing wrong?
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="adContextSource" />
<beans:property name="userSearch">
<beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value=""/>
<beans:constructor-arg index="1" value="(samaccountname={0})"/>
<beans:constructor-arg index="2" ref="adContextSource" />
<beans:property name="searchSubtree" value="true" />
<beans:property name="returningAttributes">
<beans:list>
<beans:value>DN</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="cadaContextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="cn" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
The logs simply show this when trying to authenticate:
[DEBUG,UsernamePasswordAuthenticationFilter] Request is to process authentication
[DEBUG,ProviderManager] Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
[DEBUG,LdapAuthenticationProvider] Processing authentication request for user: wuntee
[DEBUG,FilterBasedLdapUserSearch] Searching for user 'wuntee', with user search [ searchFilter: '(samaccountname={0})', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
[DEBUG,AbstractContextSource] Got Ldap context on server 'ldap://adapps.cable.comcast.com:3268/dc=comcast,dc=com/dc=comcast,dc=com'
[DEBUG,XmlWebApplicationContext] Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b777617d: Principal: wuntee; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 191F70ED4E8351F8638868C34C6A076A; Not granted any authorities]
[DEBUG,DefaultListableBeanFactory] Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'
[DEBUG,UsernamePasswordAuthenticationFilter] Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 21. Encountered: "=" (61), after : ""
[DEBUG,UsernamePasswordAuthenticationFilter] Updated SecurityContextHolder to contain null Authentication
[DEBUG,UsernamePasswordAuthenticationFilter] Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@28651c
© Stack Overflow or respective owner