Does that user have access to that branch of your LDAP tree? ( can you log in with another tool and do the same query?)
On Tue, Jan 28, 2014 at 6:42 AM, GLoureiro <[email protected]> wrote: > Hello all, > > I'm triyng to connect into an AD , authenticate a user and get attribute > values. > > With code bellow I succeed in user authentication, but when I try to make > the search I get the "perform this operation a successful bind must be > completed on the connection" error (see bellow). I've googled a lot, but no > solution found.... anyone can help? > > Kr, > NRC > > > ----------------------------------------------------------------------------------------- > > final JndiLdapContextFactory contextFactory = new > JndiLdapContextFactory(); > > > contextFactory.setUrl("ldap://localhost:389/DC=doc,DC=com";); > contextFactory.setSystemUsername("[email protected]"); > contextFactory.setSystemUsername("a1b2c3d4!"); > > ActiveDirectoryRealm ldapRealm = new > ActiveDirectoryRealm(); > ldapRealm.setLdapContextFactory(contextFactory); > > ldapRealm.setSearchBase("DC=doclog,DC=com"); > ldapRealm.setSystemUsername("[email protected]"); > ldapRealm.setSystemUsername("a1b2c3d4!"); > > Hashtable rolesvsGroups = new Hashtable<>(); > rolesvsGroups.put( "admins","ADMIN"); > rolesvsGroups.put( "powerusers","PWUSER"); > ldapRealm.setGroupRolesMap(rolesvsGroups ); > > ldapRealm.init(); > > LdapContext ldapContext = > contextFactory.getSystemLdapContext(); > SecurityManager securityManager = new > DefaultSecurityManager(ldapRealm); > SecurityUtils.setSecurityManager(securityManager); > Subject currentUser = SecurityUtils.getSubject(); > > if (!currentUser.isAuthenticated()) { > AuthenticationToken authenticationToken = new > UsernamePasswordToken("[email protected]", "a1b2c3d4!"); > currentUser.login(authenticationToken); > } > > SearchControls constraints = new SearchControls(); > constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); > String[] attrIDs = { "internationaliSDNNumber", > "sn"}; > constraints.setReturningAttributes(attrIDs); > NamingEnumeration answer = ldapContext.search("DC=doclog,DC=com", > "uid="+ "geanes", constraints); > if (answer.hasMore()) { > Attributes attrs = ((SearchResult) > answer.next()).getAttributes(); > logger.info(attrs.get("internationaliSDNNumber")); > logger.info(attrs.get("sn")); > logger.info(currentUser.hasRole("PWUSER")); > > > }else{ > throw new Exception("Error getting user properties"); > } > logger.info("User [" + currentUser.getPrincipal() +"] > logged > succesfully"); > > -------------------------------------------------------------------------------------------------- > > Exception in thread "main" javax.naming.NamingException: [LDAP: error code > 1 > - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this > operation a successful bind must be completed on the connection., data 0, > v1db1 > > > > -------------------------------------------------------------------------------------------------- > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Bind-error-while-searching-Active-Directory-tp7579587.html > Sent from the Shiro User mailing list archive at Nabble.com. >
