<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Are you sure that you are using correct username/password? AFAIK, the error <b class="gmail-box-title" style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;">Bad credentials  </b>is thrown when username/password doesn't match (or user doesn't exist in AD). </div><div><br></div><div>Look also into midPoint log if there is no error.</div><div><br></div><div><span name="x"></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br>evolveum.com<span name="x"></span><br></div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"mceylan" <mrveceylan@gmail.com><br><b>To: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>Sent: </b>Wednesday, November 9, 2016 2:31:31 PM<br><b>Subject: </b>Re: [midPoint] Active Directory Authentication<br><div><br></div><div dir="ltr">hi,<div><br></div><div>not working. my configuration file,</div><div><br></div><div><div><?xml version="1.0" encoding="UTF-8"?></div><div><!-- ~ Copyright (c) 2010-2016 Evolveum ~ ~ Licensed under the Apache License,</div><div>        Version 2.0 (the "License"); ~ you may not use this file except in compliance</div><div>        with the License. ~ You may obtain a copy of the License at ~ ~ <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0</a></div><div>        ~ ~ Unless required by applicable law or agreed to in writing, software ~</div><div>        distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT</div><div>        WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the</div><div>        License for the specific language governing permissions and ~ limitations</div><div>        under the License. --></div><div><br></div><div><beans xmlns="<a href="http://www.springframework.org/schema/beans" target="_blank">http://www.springframework.org/schema/beans</a>"</div><div>        xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>"</div><div>        xsi:schemaLocation="<a href="http://www.springframework.org/schema/beans" target="_blank">http://www.springframework.org/schema/beans</a></div><div>                <a href="http://www.springframework.org/schema/beans/spring-beans-4.1.xsd" target="_blank">http://www.springframework.org/schema/beans/spring-beans-4.1.xsd</a>"></div><div><br></div><div>        <bean id="contextSource"</div><div>                class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div><div>                <constructor-arg value="ldap://<a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>" /></div><div>                <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" /></div><div>                <property name="password" value="1234qQQ" /></div><div>        </bean></div><div><br></div><div>        <bean id="midPointAuthenticationProvider"</div><div>                class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div><div>                <constructor-arg></div><div>                        <bean</div><div>                                class="org.springframework.security.ldap.authentication.BindAuthenticator"></div><div>                                <constructor-arg ref="contextSource" /></div><div>                                <property name="userSearch" ref="userSearch" /></div><div>                        </bean></div><div>                </constructor-arg></div><div>                <property name="userDetailsContextMapper" ref="userDetailsService" /></div><div>        </bean></div><div><br></div><div>        <bean id="userSearch"</div><div>                class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div><div>                <constructor-arg index="0" value="" /></div><div>                <constructor-arg index="1" value="(sAMAccountName={0})" /></div><div>                <constructor-arg index="2" ref="contextSource" /></div><div>                <property name="searchSubtree" value="true" /></div><div><br></div><div>        </bean></div><div><br></div><div></beans></div></div><div><br></div><div>output:  <b class="gmail-box-title">[Warning: Property for 'Bad credentials' not found]  :S</b></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-11-09 15:10 GMT+02:00 Katka Valalikova <span dir="ltr"><<a href="mailto:katka.valalikova@evolveum.com" target="_blank">katka.valalikova@evolveum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>Hi,<br></div><div><br></div><div>remove this part :<span class=""><br><div style="font-family:Helvetica,Arial,sans-serif">                              <property name="userDnPatterns"></div><div style="font-family:Helvetica,Arial,sans-serif">                                        <list></div><div style="font-family:Helvetica,Arial,sans-serif">                                                <value>sAMAccountName={0},cn=Users</value></div><div style="font-family:Helvetica,Arial,sans-serif">                                        </list></div><div style="font-family:Helvetica,Arial,sans-serif">                                </property></div><br></span></div><div><br></div><div>from your configuration. In your case, it is sufficient to leave just search filter enabled (using this property):</div><span class=""><div><span style="font-family:Helvetica,Arial,sans-serif"><br></span></div><div><span style="font-family:Helvetica,Arial,sans-serif">    <property name="userSearch" ref="userSearch" /></span></div><div><br></div></span><div>Configuration for userSearch seems OK to me. </div><div><br></div><div>This is the resulting configuration which should work for you:</div><div><br></div><div><span class=""><div style="font-family:Helvetica,Arial,sans-serif"><bean id="contextSource"</div><div style="font-family:Helvetica,Arial,sans-serif">                class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div><div style="font-family:Helvetica,Arial,sans-serif">                <constructor-arg value="<a class="m_1207575036554626090moz-txt-link-freetext">ldap://</a><a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>" /></div><div style="font-family:Helvetica,Arial,sans-serif">                <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" /></div><div style="font-family:Helvetica,Arial,sans-serif">                <property name="password" value="1234qQQ" /></div><div style="font-family:Helvetica,Arial,sans-serif">                <property name="referral" value="follow" /></div><div style="font-family:Helvetica,Arial,sans-serif">        </bean></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif">        <bean id="midPointAuthenticationProvider"</div><div style="font-family:Helvetica,Arial,sans-serif">                class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div><div style="font-family:Helvetica,Arial,sans-serif">                <constructor-arg></div><div style="font-family:Helvetica,Arial,sans-serif">                        <bean</div><div style="font-family:Helvetica,Arial,sans-serif">                                class="org.springframework.security.ldap.authentication.BindAuthenticator"></div><div style="font-family:Helvetica,Arial,sans-serif">                                <constructor-arg ref="contextSource" /></div></span><span class=""><div style="font-family:Helvetica,Arial,sans-serif">                                <property name="userSearch" ref="userSearch" /></div><div style="font-family:Helvetica,Arial,sans-serif">                        </bean></div><div style="font-family:Helvetica,Arial,sans-serif">                </constructor-arg></div><div style="font-family:Helvetica,Arial,sans-serif">                <property name="userDetailsContextMapper" ref="userDetailsService" /></div><div style="font-family:Helvetica,Arial,sans-serif">        </bean></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif">        <bean id="userSearch"</div><div style="font-family:Helvetica,Arial,sans-serif">                class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div><div style="font-family:Helvetica,Arial,sans-serif">                <constructor-arg index="0" value="" /></div><div style="font-family:Helvetica,Arial,sans-serif">                <constructor-arg index="1" value="(sAMAccountName={0})" /></div><div style="font-family:Helvetica,Arial,sans-serif">                <constructor-arg index="2" ref="contextSource" /></div><div style="font-family:Helvetica,Arial,sans-serif">                <property name="searchSubtree" value="true" /></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif">        </bean></div></span></div><div><div style="font-family:Helvetica,Arial,sans-serif"><div><br></div></div><br></div><div><br></div><div><span></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br><a href="http://evolveum.com" target="_blank">evolveum.com</a><span></span><br></div><div><br></div><hr id="m_1207575036554626090zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"Ivan Noris" <<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>><br><b>To: </b><a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br><b>Sent: </b>Wednesday, November 9, 2016 2:01:09 PM<br><b>Subject: </b>Re: [midPoint] Active Directory Authentication<div><div class="h5"><br><div><br></div>
  
    
  
  
    <p>Hi,</p>
    <p>I don't have experience with this, but for me this seems to be
      suspicious:</p>
    <div>                                <property
      name="userDnPatterns"></div>
    <div>                                        <list></div>
    <div>                                               
      <value>sAMAccountName={0},cn=Users</value></div>
    <div>                                        </list></div>
    <div>                                </property></div>
    <br>
    Because if this is used for any filtering, such DNs probably don't
    exist... (AD accounts DNs are cn=Firstname Lastname,...) And
    probably also the container will be different from cn=Users.<br>
    <br>
    I hope someone else can help.<br>
    Ivan<br>
    <br>
    <div class="m_1207575036554626090moz-cite-prefix">On 11/08/2016 03:33 PM, mceylan wrote:<br>
    </div>
    <blockquote>
      <div dir="ltr">hi,
        <div><br>
        </div>
        <div>the problem is I' m unable to connect with Active Directory
          using valid credentials.<br clear="all">
          <div><br>
          </div>
          <div>catalina.sh file add -Dauth.method.type=ldap</div>
          <div><br>
          </div>
          <div>this is my ctx-web-security-ldap.xml  file <br>
          </div>
          <div><br>
          </div>
          <div>
            <div><bean id="contextSource"</div>
            <div>               
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div>
            <div>                <constructor-arg value="<a class="m_1207575036554626090moz-txt-link-freetext">ldap://</a><a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>"
              /></div>
            <div>                <property name="userDn"
              value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr"
              /></div>
            <div>                <property name="password"
              value="1234qQQ" /></div>
            <div>                <property name="referral"
              value="follow" /></div>
            <div>        </bean></div>
            <div><br>
            </div>
            <div>        <bean id="midPointAuthenticationProvider"</div>
            <div>               
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div>
            <div>                <constructor-arg></div>
            <div>                        <bean</div>
            <div>                               
class="org.springframework.security.ldap.authentication.BindAuthenticator"></div>
            <div>                                <constructor-arg
              ref="contextSource" /></div>
            <div>                                <property
              name="userDnPatterns"></div>
            <div>                                        <list></div>
            <div>                                               
              <value>sAMAccountName={0},cn=Users</value></div>
            <div>                                        </list></div>
            <div>                                </property></div>
            <div>                                <!--  OPTIONAL
              --></div>
            <div>                                <property
              name="userSearch" ref="userSearch" /></div>
            <div>                        </bean></div>
            <div>                </constructor-arg></div>
            <div>                <property
              name="userDetailsContextMapper" ref="userDetailsService"
              /></div>
            <div>        </bean></div>
            <div><br>
            </div>
            <div>        <bean id="userSearch"</div>
            <div>               
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div>
            <div>                <constructor-arg index="0" value=""
              /></div>
            <div>                <constructor-arg index="1"
              value="(sAMAccountName={0})" /></div>
            <div>                <constructor-arg index="2"
              ref="contextSource" /></div>
            <div>                <property name="searchSubtree"
              value="true" /></div>
            <div><br>
            </div>
            <div>        </bean></div>
          </div>
          <div><br>
          </div>
          <div>output:   <b class="m_1207575036554626090gmail-box-title">[Warning: Property
              for 'Bad credentials' not found]</b></div>
          <div><b class="m_1207575036554626090gmail-box-title"><br>
            </b></div>
          <div><b class="m_1207575036554626090gmail-box-title">Thanks.<br>
            </b>-- </div>
          <div class="m_1207575036554626090gmail_signature">
            <div dir="ltr">Merve CEYLAN</div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="m_1207575036554626090mimeAttachmentHeader"></fieldset>
      <br>
      <pre>_______________________________________________
midPoint mailing list
<a class="m_1207575036554626090moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_1207575036554626090moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <pre class="m_1207575036554626090moz-signature">-- 
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
  

<br>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div></div><div><br></div></div></div><br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Merve CEYLAN</div></div>
</div>
<br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>http://lists.evolveum.com/mailman/listinfo/midpoint<br></div><div><br></div></div></body></html>