<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Hi,<br></div><div><br></div><div>remove this part :<br><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="userDnPatterns"></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <list></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <value>sAMAccountName={0},cn=Users</value></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </list></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </property></div><br></div><div><br></div><div>from your configuration. In your case, it is sufficient to leave just search filter enabled (using this property):</div><div><span style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"><br></span></div><div><span style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="userSearch" ref="userSearch" /></span></div><div><br></div><div>Configuration for userSearch seems OK to me. </div><div><br></div><div>This is the resulting configuration which should work for you:</div><div><br></div><div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"><bean id="contextSource"</div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <constructor-arg value="<a class="moz-txt-link-freetext" href="ldap://" target="_blank" data-mce-href="ldap://">ldap://</a><a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank" data-mce-href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="password" value="1234qQQ" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="referral" value="follow" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </bean></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"><br></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <bean id="midPointAuthenticationProvider"</div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <constructor-arg></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <bean</div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> class="org.springframework.security.ldap.authentication.BindAuthenticator"></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <constructor-arg ref="contextSource" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="userSearch" ref="userSearch" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </bean></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </constructor-arg></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="userDetailsContextMapper" ref="userDetailsService" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </bean></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"><br></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <bean id="userSearch"</div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <constructor-arg index="0" value="" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <constructor-arg index="1" value="(sAMAccountName={0})" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <constructor-arg index="2" ref="contextSource" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> <property name="searchSubtree" value="true" /></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"><br></div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"> </bean></div></div><div><div style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;"><div><br></div></div><br></div><div><br></div><div><span name="x"></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br>evolveum.com<span name="x"></span><br></div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Ivan Noris" <ivan.noris@evolveum.com><br><b>To: </b>midpoint@lists.evolveum.com<br><b>Sent: </b>Wednesday, November 9, 2016 2:01:09 PM<br><b>Subject: </b>Re: [midPoint] Active Directory Authentication<br><div><br></div>
<p>Hi,</p>
<p>I don't have experience with this, but for me this seems to be
suspicious:</p>
<div> <property
name="userDnPatterns"></div>
<div> <list></div>
<div>
<value>sAMAccountName={0},cn=Users</value></div>
<div> </list></div>
<div> </property></div>
<br>
Because if this is used for any filtering, such DNs probably don't
exist... (AD accounts DNs are cn=Firstname Lastname,...) And
probably also the container will be different from cn=Users.<br>
<br>
I hope someone else can help.<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 11/08/2016 03:33 PM, mceylan wrote:<br>
</div>
<blockquote cite="mid:CADu1p_hmKNJjU3Hz3QJgOX_ypvX-BfczVZ8QBPFpHw=c6zQ_+w@mail.gmail.com">
<div dir="ltr">hi,
<div><br>
</div>
<div>the problem is I' m unable to connect with Active Directory
using valid credentials.<br clear="all">
<div><br>
</div>
<div>catalina.sh file add -Dauth.method.type=ldap</div>
<div><br>
</div>
<div>this is my ctx-web-security-ldap.xml file <br>
</div>
<div><br>
</div>
<div>
<div><bean id="contextSource"</div>
<div>
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div>
<div> <constructor-arg value="<a class="moz-txt-link-freetext" href="ldap://" target="_blank">ldap://</a><a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>"
/></div>
<div> <property name="userDn"
value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr"
/></div>
<div> <property name="password"
value="1234qQQ" /></div>
<div> <property name="referral"
value="follow" /></div>
<div> </bean></div>
<div><br>
</div>
<div> <bean id="midPointAuthenticationProvider"</div>
<div>
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div>
<div> <constructor-arg></div>
<div> <bean</div>
<div>
class="org.springframework.security.ldap.authentication.BindAuthenticator"></div>
<div> <constructor-arg
ref="contextSource" /></div>
<div> <property
name="userDnPatterns"></div>
<div> <list></div>
<div>
<value>sAMAccountName={0},cn=Users</value></div>
<div> </list></div>
<div> </property></div>
<div> <!-- OPTIONAL
--></div>
<div> <property
name="userSearch" ref="userSearch" /></div>
<div> </bean></div>
<div> </constructor-arg></div>
<div> <property
name="userDetailsContextMapper" ref="userDetailsService"
/></div>
<div> </bean></div>
<div><br>
</div>
<div> <bean id="userSearch"</div>
<div>
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div>
<div> <constructor-arg index="0" value=""
/></div>
<div> <constructor-arg index="1"
value="(sAMAccountName={0})" /></div>
<div> <constructor-arg index="2"
ref="contextSource" /></div>
<div> <property name="searchSubtree"
value="true" /></div>
<div><br>
</div>
<div> </bean></div>
</div>
<div><br>
</div>
<div>output: <b class="gmail-box-title">[Warning: Property
for 'Bad credentials' not found]</b></div>
<div><b class="gmail-box-title"><br>
</b></div>
<div><b class="gmail-box-title">Thanks.<br>
</b>-- </div>
<div class="gmail_signature">
<div dir="ltr">Merve CEYLAN</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
<br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>http://lists.evolveum.com/mailman/listinfo/midpoint<br></div><div><br></div></div></body></html>