[Opencast] Active Directory Authentication LDAP Integration

VISIONAIRE-Reza Toghraee Sat, 07 Jan 2012 05:36:01 -0800

Hello


I'm still trying to integrate MatterHorn user authentication against AD. 

I modified the LdapUserProvider.java, and added multiple debugging info in
different locations.

Now I'm sure that when user logs in to the web interface, Matterhorn queries
the AD for the "authorities" and finds the ROLE of the user.

As per spiringframework security , the implementation is based on 2 phases:
1) Query the AD to find the user 2) bind OR compare the password of the
user.

The problem which is being faced now is that  Matterhorn is querying the AD
for the user and finds the role as well as organization.

BUT it never any other packet to AD (LDAP) for comparing password neither to
bind!

 

I enabled the full system debug by adding this  : log4j.logger.org=DEBUG
to  org.ops4j.pax.logging.properties

 

 

Here is the LOGS when user tries to login :

 

 

17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:194) - Request is to
process authentication

17:32:35 DEBUG (ProviderManager:117) - Authentication attempt using
org.springframework.security.authentication.dao.DaoAuthenticationProvider

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
derefLinkFlag: false ]

17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
'ldap://10.1.1.180'

17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from
context with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET

17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
AUTHORITY=!ROLE_USER! and i = !1! DONE

17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza!    ROLE
no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!

17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:319) - Authentication
request failed:
org.springframework.security.authentication.BadCredentialsException: Bad
credentials

17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:320) - Updated
SecurityContextHolder to contain null Authentication

17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:321) - Delegating to
authentication failure
handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticati
onFailureHandler@ad0e9f

17:32:35 DEBUG (AbstractRememberMeServices:210) - Interactive login attempt
was unsuccessful.

17:32:35 DEBUG (AbstractRememberMeServices:296) - Cancelling cookie

 

 

Finally it gives error : - Authentication request failed:
org.springframework.security.authentication.BadCredentialsException: Bad
credentials

But it never authenticate the user.

 

Any hopes?

 

Thanks

Reza

_______________________________________________
Community mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/community


To unsubscribe please email
[email protected]
_______________________________________________

[Opencast] Active Directory Authentication LDAP Integration

Reply via email to