[midPoint] Active Directory Authentication
mceylan
mrveceylan at gmail.com
Wed Nov 9 14:31:31 CET 2016
hi,
not working. my configuration file,
<?xml version="1.0" encoding="UTF-8"?>
<!-- ~ Copyright (c) 2010-2016 Evolveum ~ ~ Licensed under the Apache
License,
Version 2.0 (the "License"); ~ you may not use this file except in
compliance
with the License. ~ You may obtain a copy of the License at ~ ~
http://www.apache.org/licenses/LICENSE-2.0
~ ~ Unless required by applicable law or agreed to in writing,
software ~
distributed under the License is distributed on an "AS IS" BASIS, ~
WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~
See the
License for the specific language governing permissions and ~
limitations
under the License. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://
enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" />
<property name="userDn"
value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" />
<property name="password" value="1234qQQ" />
</bean>
<bean id="midPointAuthenticationProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch"
ref="userSearch" />
</bean>
</constructor-arg>
<property name="userDetailsContextMapper"
ref="userDetailsService" />
</bean>
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="" />
<constructor-arg index="1" value="(sAMAccountName={0})" />
<constructor-arg index="2" ref="contextSource" />
<property name="searchSubtree" value="true" />
</bean>
</beans>
output: *[Warning: Property for 'Bad credentials' not found] :S*
2016-11-09 15:10 GMT+02:00 Katka Valalikova <katka.valalikova at evolveum.com>:
> Hi,
>
> remove this part :
> <property name="userDnPatterns">
> <list>
>
> <value>sAMAccountName={0},cn=Users</value>
> </list>
> </property>
>
>
> from your configuration. In your case, it is sufficient to leave just
> search filter enabled (using this property):
>
> <property name="userSearch" ref="userSearch" />
>
> Configuration for userSearch seems OK to me.
>
> This is the resulting configuration which should work for you:
>
> <bean id="contextSource"
> class="org.springframework.security.ldap.
> DefaultSpringSecurityContextSource">
> <constructor-arg value="ldap://enad.trm.gov.tr:
> 389/dc=trm,dc=gov,dc=tr" />
> <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr"
> />
> <property name="password" value="1234qQQ" />
> <property name="referral" value="follow" />
> </bean>
>
> <bean id="midPointAuthenticationProvider"
> class="org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider">
> <constructor-arg>
> <bean
> class="org.springframework.
> security.ldap.authentication.BindAuthenticator">
> <constructor-arg ref="contextSource" />
> <property name="userSearch"
> ref="userSearch" />
> </bean>
> </constructor-arg>
> <property name="userDetailsContextMapper"
> ref="userDetailsService" />
> </bean>
>
> <bean id="userSearch"
> class="org.springframework.security.ldap.search.
> FilterBasedLdapUserSearch">
> <constructor-arg index="0" value="" />
> <constructor-arg index="1" value="(sAMAccountName={0})" />
> <constructor-arg index="2" ref="contextSource" />
> <property name="searchSubtree" value="true" />
>
> </bean>
>
>
>
> Best regards,
>
> Katarina Valalikova
> Java Developer
> evolveum.com
>
> ------------------------------
> *From: *"Ivan Noris" <ivan.noris at evolveum.com>
> *To: *midpoint at lists.evolveum.com
> *Sent: *Wednesday, November 9, 2016 2:01:09 PM
> *Subject: *Re: [midPoint] Active Directory Authentication
>
>
> Hi,
>
> I don't have experience with this, but for me this seems to be suspicious:
> <property name="userDnPatterns">
> <list>
>
> <value>sAMAccountName={0},cn=Users</value>
> </list>
> </property>
>
> Because if this is used for any filtering, such DNs probably don't
> exist... (AD accounts DNs are cn=Firstname Lastname,...) And probably also
> the container will be different from cn=Users.
>
> I hope someone else can help.
> Ivan
>
> On 11/08/2016 03:33 PM, mceylan wrote:
>
> hi,
>
> the problem is I' m unable to connect with Active Directory using valid
> credentials.
>
> catalina.sh file add -Dauth.method.type=ldap
>
> this is my ctx-web-security-ldap.xml file
>
> <bean id="contextSource"
> class="org.springframework.security.ldap.
> DefaultSpringSecurityContextSource">
> <constructor-arg value="ldap://enad.trm.gov.tr:
> 389/dc=trm,dc=gov,dc=tr" />
> <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr"
> />
> <property name="password" value="1234qQQ" />
> <property name="referral" value="follow" />
> </bean>
>
> <bean id="midPointAuthenticationProvider"
> class="org.springframework.security.ldap.authentication.
> LdapAuthenticationProvider">
> <constructor-arg>
> <bean
> class="org.springframework.
> security.ldap.authentication.BindAuthenticator">
> <constructor-arg ref="contextSource" />
> <property name="userDnPatterns">
> <list>
>
> <value>sAMAccountName={0},cn=Users</value>
> </list>
> </property>
> <!-- OPTIONAL -->
> <property name="userSearch"
> ref="userSearch" />
> </bean>
> </constructor-arg>
> <property name="userDetailsContextMapper"
> ref="userDetailsService" />
> </bean>
>
> <bean id="userSearch"
> class="org.springframework.security.ldap.search.
> FilterBasedLdapUserSearch">
> <constructor-arg index="0" value="" />
> <constructor-arg index="1" value="(sAMAccountName={0})" />
> <constructor-arg index="2" ref="contextSource" />
> <property name="searchSubtree" value="true" />
>
> </bean>
>
> output: *[Warning: Property for 'Bad credentials' not found]*
>
>
> *Thanks. *--
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161109/eb10c5d4/attachment.htm>
More information about the midPoint
mailing list