[midPoint] Active Directory Authentication

Ivan Noris ivan.noris at evolveum.com
Wed Nov 9 14:01:09 CET 2016 

Hi,

I don't have experience with this, but for me this seems to be suspicious:

                                <property name="userDnPatterns">
                                        <list>
                                               
<value>sAMAccountName={0},cn=Users</value>
                                        </list>
                                </property>

Because if this is used for any filtering, such DNs probably don't
exist... (AD accounts DNs are cn=Firstname Lastname,...) And probably
also the container will be different from cn=Users.

I hope someone else can help.
Ivan

On 11/08/2016 03:33 PM, mceylan wrote:
> hi,
>
> the problem is I' m unable to connect with Active Directory using
> valid credentials.
>
> catalina.sh file add -Dauth.method.type=ldap
>
> this is my ctx-web-security-ldap.xml  file 
>
> <bean id="contextSource"
>                
> class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
>                 <constructor-arg
> value="ldap://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr
> <http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr>" />
>                 <property name="userDn"
> value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" />
>                 <property name="password" value="1234qQQ" />
>                 <property name="referral" value="follow" />
>         </bean>
>
>         <bean id="midPointAuthenticationProvider"
>                
> class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
>                 <constructor-arg>
>                         <bean
>                                
> class="org.springframework.security.ldap.authentication.BindAuthenticator">
>                                 <constructor-arg ref="contextSource" />
>                                 <property name="userDnPatterns">
>                                         <list>
>                                                
> <value>sAMAccountName={0},cn=Users</value>
>                                         </list>
>                                 </property>
>                                 <!--  OPTIONAL -->
>                                 <property name="userSearch"
> ref="userSearch" />
>                         </bean>
>                 </constructor-arg>
>                 <property name="userDetailsContextMapper"
> ref="userDetailsService" />
>         </bean>
>
>         <bean id="userSearch"
>                
> class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
>                 <constructor-arg index="0" value="" />
>                 <constructor-arg index="1" value="(sAMAccountName={0})" />
>                 <constructor-arg index="2" ref="contextSource" />
>                 <property name="searchSubtree" value="true" />
>
>         </bean>
>
> output:   *[Warning: Property for 'Bad credentials' not found]*
> *
> *
> *Thanks.
> *-- 
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161109/0b0da627/attachment.htm>

More information about the midPoint mailing list