Hi Reza,
I unfortunately can't be of help finding a solution to the problem you are
describing below. However, I can tell you that you most probably won't get an
answer on this list, as it is intended for general issues, questions and
announcements around anything video.
To get answers to your problem, you may want to post them to the
matterhorn-users list.
Tobias
On 07.01.2012, at 14:34, VISIONAIRE-Reza Toghraee wrote:
> Hello
>
> I’m still trying to integrate MatterHorn user authentication against AD.
> I modified the LdapUserProvider.java, and added multiple debugging info in
> different locations.
> Now I’m sure that when user logs in to the web interface, Matterhorn queries
> the AD for the “authorities” and finds the ROLE of the user.
> As per spiringframework security , the implementation is based on 2 phases:
> 1) Query the AD to find the user 2) bind OR compare the password of the user.
> The problem which is being faced now is that Matterhorn is querying the AD
> for the user and finds the role as well as organization.
> BUT it never any other packet to AD (LDAP) for comparing password neither to
> bind!
>
> I enabled the full system debug by adding this : log4j.logger.org=DEBUG
> to org.ops4j.pax.logging.properties
>
>
> Here is the LOGS when user tries to login :
>
>
> 17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:194) - Request is to
> process authentication
> 17:32:35 DEBUG (ProviderManager:117) - Authentication attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (FilterBasedLdapUserSearch:107) - Searching for user 'reza',
> with user search [ searchFilter: '(sAMAccountName={0})', searchBase:
> 'OU=Citrix,DC=VISIONAIRE,DC=NET', scope: subtree, searchTimeLimit: 0,
> derefLinkFlag: false ]
> 17:32:35 DEBUG (AbstractContextSource:259) - Got Ldap context on server
> 'ldap://10.1.1.180'
> 17:32:35 DEBUG (LdapUserDetailsMapper:51) - Mapping user details from context
> with DN: cn=Reza Toghraee,ou=Citrix,dc=VISIONAIRE,dc=NET
> 17:32:35 DEBUG (LdapUserProvider:245) - REZA:-----Grant Authority DEBUGE
> AUTHORITY=!ROLE_USER! and i = !1! DONE
> 17:32:35 DEBUG (LdapUserProvider:252) - REZA:-----USERNAME: !reza! ROLE
> no:1!is :!ROLE_USER! ORGANIZATION: !mh_default_org!
> 17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:319) - Authentication
> request failed:
> org.springframework.security.authentication.BadCredentialsException: Bad
> credentials
> 17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:320) - Updated
> SecurityContextHolder to contain null Authentication
> 17:32:35 DEBUG (AbstractAuthenticationProcessingFilter:321) - Delegating to
> authentication failure
> handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@ad0e9f
> 17:32:35 DEBUG (AbstractRememberMeServices:210) - Interactive login attempt
> was unsuccessful.
> 17:32:35 DEBUG (AbstractRememberMeServices:296) - Cancelling cookie
>
>
> Finally it gives error : - Authentication request failed:
> org.springframework.security.authentication.BadCredentialsException: Bad
> credentials
> But it never authenticate the user.
>
> Any hopes?
>
> Thanks
> Reza
>
>
>
>
> _______________________________________________
> Community mailing list
> [email protected]
> http://lists.opencastproject.org/mailman/listinfo/community
>
>
> To unsubscribe please email
> [email protected]
> _______________________________________________
_______________________________________________
Community mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/community
To unsubscribe please email
[email protected]
_______________________________________________
