Hi, I am configuring acegi-security with LDAP authentication. I cannot login successful because of bad credentials . I have the user :
dn: cn=Member,ou=groups,dc=plk,dc=hk uniqueMember: cn=peter,ou=people,dc=plk,dc=hk What's going wrong on my applicationContext-acegi-security.xml setting ? [DEBUG,LdapAuthenticationProvider,http-8080-Processor25] Retrieving user peter [DEBUG,DefaultInitialDirContextFactory,http-8080-Processor25] Creating InitialDirContext with environment {java.naming.provider.url=ldap://plk.hk:389/dc=plk,dc=hk, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=peter,ou=people,dc=plk,dc=hk, java.naming.security.authentication=simple, java.naming.security.credentials=******} [DEBUG,BindAuthenticator,http-8080-Processor25] Failed to bind as cn=peter,ou=people,dc=plk,dc=hk: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, [EMAIL PROTECTED] Here is my applicationContext-acegi-security.xml : <!-- ======================== FILTER CHAIN ======================= --> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/> <!-- if you wish to use channel security, add "channelProcessingFilter," in front of "httpSessionContextIntegrationFilter" in the list below --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessin gFilter,exceptionTranslationFilter,filterInvocationInterceptor </value> </property> </bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> </list> </property> </bean> <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://plk.hk:389/dc=plk,dc=hk"/> <property name="managerDn"><value>cn=Manager,dc=plk,dc=hk</value></property> <property name="managerPassword"><value>secret</value></property> </bean> <bean id="ldapPopulator" class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopu lator"> <constructor-arg index="0" ref="initialDirContextFactory" /> <constructor-arg index="1" value="ou=groups,dc=plk,dc=hk" /> <property name="groupRoleAttribute" value="ou" /> <property name="rolePrefix" value="ROLE_" /> <property name="convertToUpperCase" value="true" /> <property name="searchSubtree" value="true" /> <!-- <property name="groupSearchFilter" value="(Member={0})" /> --> </bean> <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value>ou=people,dc=plk,dc=hk</value> </constructor-arg> <constructor-arg index="1"> <value>(cn={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="initialDirContextFactory"/> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="initialDirContextFactory"/> </constructor-arg> <property name="userSearch" ref="userSearch"/> </bean> <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <property name="userDnPatterns"> <list> <value>cn={0},ou=people</value> </list> </property> </bean> </constructor-arg> <constructor-arg> <ref local="ldapPopulator"/> </constructor-arg> </bean> <!-- An access decision manager used by the business objects --> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean> <!-- Automatically receives AuthenticationEvent messages --> <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> </bean> <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout --> <constructor-arg> <list> <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> </bean> <!-- ===================== HTTP REQUEST SECURITY ==================== --> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> </bean> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value> </property> <property name="defaultTargetUrl"><value>/</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint" > <property name="loginFormUrl"><value>/acegilogin.jsp</value></property> <property name="forceHttps"><value>false</value></property> </bean> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/secure/super.*\Z=ROLE_WE_DONT_HAVE \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER </value> </property> </bean> </beans> Thanks. PLKAlbert ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer