security - Spring Windows Authentication Sample fails to bind to LDAP -


we trying make spring windows authentication module working on sles 11 sp3 system.

the user authentication seems work fine:

2015-07-08 08:32:02.596 debug 16861 --- [io-18080-exec-3] o.s.s.authentication.providermanager     : authentication attempt using org.springframework.security.kerberos.authentication.kerberosserviceauthenticationprovider  2015-07-08 08:32:02.596 debug 16861 --- [io-18080-exec-3] .a.kerberosserviceauthenticationprovider : try validate kerberos token 2015-07-08 08:32:02.966 debug 16861 --- [io-18080-exec-3] .a.kerberosserviceauthenticationprovider : succesfully validated dummy@example.com  2015-07-08 08:32:02.967 debug 16861 --- [io-18080-exec-3] o.s.s.l.s.filterbasedldapusersearch      : searching user 'dummy@example.com', user search [ searchfilter: '(| (userprincipalname={0}) (samaccountname={0}))', searchbase: 'ou=users,ou=custom,dc=example.com,dc=com', scope: subtree, searchtimelimit: 0, dereflinkflag: false ] debug  true storekey true useticketcache false usekeytab true donotprompt true ticketcache null isinitiator true keytab /usr/share/tomcat/conf/myapplication.keytab refreshkrb5config false principal http/myapplication.example.com@example.com tryfirstpass false usefirstpass false storepass false clearpass false principal http/myapplication.example.com@example.com use keytab commit succeeded

then attempt search user in our ldap/activedirectory fails:

2015-07-08 08:17:02.999 debug 16584 --- [io-18080-exec-3] o.s.l.c.support.abstractcontextsource    : got ldap context on server 'ldaps://windc1.example.com:636/' 2015-07-08 08:17:03.050 debug 16584 --- [io-18080-exec-3] w.c.httpsessionsecuritycontextrepository : securitycontext empty or contents anonymous - context not stored in httpsession. 2015-07-08 08:17:03.050 debug 16584 --- [io-18080-exec-3] s.s.w.c.securitycontextpersistencefilter : securitycontextholder cleared, request processing completed 2015-07-08 08:17:03.056 error 16584 --- [io-18080-exec-3] o.a.c.c.c.[.[.[/].[dispatcherservlet]    : servlet.service() servlet [dispatcherservlet] in context path [] threw exception org.springframework.ldap.uncategorizedldapexception: uncategorized exception occured during ldap processing; nested exception javax.naming.namingexception: [ldap: error code 1 - 000004dc: ldaperr: dsid-0c0907     2b, comment: in order perform operation successful bind must completed on connection., data 0, v2580]; remaining name 'ou=users,ou=custom,dc=example.com,dc=com'

my application.yml file looks this:

server:     port: 18080 app:     ad-domain: example.com     ad-server: ldaps://windc1.example.com:636/     service-principal: http/myapplication.example.com@example.com     keytab-location: /usr/share/tomcat/conf/myapplication.keytab     ldap-search-base: ou=users,ou=custom,dc=example.com,dc=com     ldap-search-filter: "(| (userprincipalname={0}) (samaccountname={0}))"

i checked verified service-principal , keytab produce valid tokens seems have no influence ldap module should understanding try bind directory.

as may allready noticed new stuff , appreciate every suggestion.

thx lot

regards

dominik


Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more

How to provide Authorization & Authentication using Asp.net, C#? -

Image
i have asp.net application in c#. i have provide page authorization specific user/usergroup. i have created 2 tables in database: 1) pagename 2)permissions[insert, update, view, delete] but i'm unable match tables , permissions assigning... can 1 please me, how created tables in database , how coding. please me. you can below explanation. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, type or paste following code. this code grants users access default1.aspx page , subdir1 folder . <configuration> <system.web> <authentication mode="forms" > <forms loginurl="login.aspx" name=".aspnetauth" protection="none" path="/" timeout="20" > </forms> </authentication> <!-- section denies access files in...
Read more