Re: [Acegisecurity-developer] Always get LDAP: error code 49

[Arturo San Feliciano Martín]

Title: RE: [Acegisecurity-developer] Always get LDAP: error code 49

 
I have progressed but… this is my log:

<Searching for roles for user 'arturo', DN = 'CN=arturo,cn=Users,dc=id,dc=int', with filter (member={0}) in search base 'ou=groups'>

<Creating InitialDirContext with environment {java.naming.provider.url="" java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=pruebasid, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******}>

<Publishing event in context [Root WebApplicationContext]: [EMAIL PROTECTED]: Username: arturo; Password: [PROTECTED]; Authenticated: false; Details: [EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1; SessionId: nQXjFmLQpFgLXnGnbWL21p9bhQvpZLYnmvQtZJVQG00HRh90pD5J!437797426!1160137616445; Not granted any authorities]>

<Updated SecurityContextHolder to contain null Authentication>
<Authentication request failed: org.acegisecurity.AuthenticationServiceException: LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of:

It seems that try to get "Roles" and no one is found. This make that the authentication fails. ¿Is there anyway to avoid DefaultLdapAuthoritiesPopulator search the "roles"? In my case I need to obtain them from BBDD not from LDAP.

Thanks

Arturo San Feliciano Martín

 

-----Mensaje original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] En nombre de Arturo San Feliciano Martín

Enviado el: viernes, 06 de octubre de 2006 12:06
Para: acegisecurity-developer@lists.sourceforge.net
Asunto: [Acegisecurity-developer] Always get LDAP: error code 49

Hi,
 
    I´m trying to authenticate user througth Ldap (Active directory) but i´m always getting the same result:
<Authentication request failed: org.acegisecurity.BadCredentialsException: Bad credentials; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

    I´ve create an user in the active directory but my acegi conf does not access to it. 
        (ldap://192.168.0.68:389/CN=arturo,CN=Users,DC=id,DC=int)

    this is my xml:

        <bean id="ldapAuthProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
          <constructor-arg>
                <bean class="org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticator">
                        <constructor-arg>
                                <ref local="initialDirContextFactory" />
                        </constructor-arg>
                        <property name="userDnPatterns">
                                <list>
                                        <value>sAMAccountName={0}</value>
                                </list>
                        </property>
                </bean>
          </constructor-arg>
          <constructor-arg>
                <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
                        <constructor-arg>
                                <ref local="initialDirContextFactory" />
                        </constructor-arg>
                        <constructor-arg>
                                <value>ou=groups</value>
                        </constructor-arg>
                        <property name="groupRoleAttribute">
                                <value>ou</value>
                        </property>
                </bean>
          </constructor-arg>
        </bean>

        <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
                <constructor-arg value="ldap://192.168.0.68:389/dc=id,dc=int" />
                <property name="managerDn">
                        <value>cn=Users,dc=id,dc=int</value>
                </property>
                <property name="managerPassword">
                        <value>password</value>
                </property>
        </bean>

        <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
                <constructor-arg index="0">
                        <value></value>
                </constructor-arg>
                <constructor-arg index="1">
                        <value>(sAMAccountName={0})</value>
                </constructor-arg>
                <constructor-arg index="2">
                        <ref local="initialDirContextFactory" />
                </constructor-arg>
                <property name="searchSubtree">
                        <value>true</value>
                </property>
        </bean>
 

    ¿Any idea?

Thanks.

Arturo San Feliciano Martín
Java Technology Group
GPM Factoría Internet
923 100 300
http://www.gpm.es

 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer