<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Are you sure that you are using correct username/password? AFAIK, the error <b class="gmail-box-title" style="font-family: Helvetica, Arial, sans-serif;" data-mce-style="font-family: Helvetica, Arial, sans-serif;">Bad credentials </b>is thrown when username/password doesn't match (or user doesn't exist in AD). </div><div><br></div><div>Look also into midPoint log if there is no error.</div><div><br></div><div><span name="x"></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br>evolveum.com<span name="x"></span><br></div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"mceylan" <mrveceylan@gmail.com><br><b>To: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>Sent: </b>Wednesday, November 9, 2016 2:31:31 PM<br><b>Subject: </b>Re: [midPoint] Active Directory Authentication<br><div><br></div><div dir="ltr">hi,<div><br></div><div>not working. my configuration file,</div><div><br></div><div><div><?xml version="1.0" encoding="UTF-8"?></div><div><!-- ~ Copyright (c) 2010-2016 Evolveum ~ ~ Licensed under the Apache License,</div><div> Version 2.0 (the "License"); ~ you may not use this file except in compliance</div><div> with the License. ~ You may obtain a copy of the License at ~ ~ <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0</a></div><div> ~ ~ Unless required by applicable law or agreed to in writing, software ~</div><div> distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT</div><div> WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the</div><div> License for the specific language governing permissions and ~ limitations</div><div> under the License. --></div><div><br></div><div><beans xmlns="<a href="http://www.springframework.org/schema/beans" target="_blank">http://www.springframework.org/schema/beans</a>"</div><div> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>"</div><div> xsi:schemaLocation="<a href="http://www.springframework.org/schema/beans" target="_blank">http://www.springframework.org/schema/beans</a></div><div> <a href="http://www.springframework.org/schema/beans/spring-beans-4.1.xsd" target="_blank">http://www.springframework.org/schema/beans/spring-beans-4.1.xsd</a>"></div><div><br></div><div> <bean id="contextSource"</div><div> class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div><div> <constructor-arg value="ldap://<a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>" /></div><div> <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" /></div><div> <property name="password" value="1234qQQ" /></div><div> </bean></div><div><br></div><div> <bean id="midPointAuthenticationProvider"</div><div> class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div><div> <constructor-arg></div><div> <bean</div><div> class="org.springframework.security.ldap.authentication.BindAuthenticator"></div><div> <constructor-arg ref="contextSource" /></div><div> <property name="userSearch" ref="userSearch" /></div><div> </bean></div><div> </constructor-arg></div><div> <property name="userDetailsContextMapper" ref="userDetailsService" /></div><div> </bean></div><div><br></div><div> <bean id="userSearch"</div><div> class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div><div> <constructor-arg index="0" value="" /></div><div> <constructor-arg index="1" value="(sAMAccountName={0})" /></div><div> <constructor-arg index="2" ref="contextSource" /></div><div> <property name="searchSubtree" value="true" /></div><div><br></div><div> </bean></div><div><br></div><div></beans></div></div><div><br></div><div>output: <b class="gmail-box-title">[Warning: Property for 'Bad credentials' not found] :S</b></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-11-09 15:10 GMT+02:00 Katka Valalikova <span dir="ltr"><<a href="mailto:katka.valalikova@evolveum.com" target="_blank">katka.valalikova@evolveum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>Hi,<br></div><div><br></div><div>remove this part :<span class=""><br><div style="font-family:Helvetica,Arial,sans-serif"> <property name="userDnPatterns"></div><div style="font-family:Helvetica,Arial,sans-serif"> <list></div><div style="font-family:Helvetica,Arial,sans-serif"> <value>sAMAccountName={0},cn=Users</value></div><div style="font-family:Helvetica,Arial,sans-serif"> </list></div><div style="font-family:Helvetica,Arial,sans-serif"> </property></div><br></span></div><div><br></div><div>from your configuration. In your case, it is sufficient to leave just search filter enabled (using this property):</div><span class=""><div><span style="font-family:Helvetica,Arial,sans-serif"><br></span></div><div><span style="font-family:Helvetica,Arial,sans-serif"> <property name="userSearch" ref="userSearch" /></span></div><div><br></div></span><div>Configuration for userSearch seems OK to me. </div><div><br></div><div>This is the resulting configuration which should work for you:</div><div><br></div><div><span class=""><div style="font-family:Helvetica,Arial,sans-serif"><bean id="contextSource"</div><div style="font-family:Helvetica,Arial,sans-serif"> class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div><div style="font-family:Helvetica,Arial,sans-serif"> <constructor-arg value="<a class="m_1207575036554626090moz-txt-link-freetext">ldap://</a><a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>" /></div><div style="font-family:Helvetica,Arial,sans-serif"> <property name="userDn" value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr" /></div><div style="font-family:Helvetica,Arial,sans-serif"> <property name="password" value="1234qQQ" /></div><div style="font-family:Helvetica,Arial,sans-serif"> <property name="referral" value="follow" /></div><div style="font-family:Helvetica,Arial,sans-serif"> </bean></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif"> <bean id="midPointAuthenticationProvider"</div><div style="font-family:Helvetica,Arial,sans-serif"> class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div><div style="font-family:Helvetica,Arial,sans-serif"> <constructor-arg></div><div style="font-family:Helvetica,Arial,sans-serif"> <bean</div><div style="font-family:Helvetica,Arial,sans-serif"> class="org.springframework.security.ldap.authentication.BindAuthenticator"></div><div style="font-family:Helvetica,Arial,sans-serif"> <constructor-arg ref="contextSource" /></div></span><span class=""><div style="font-family:Helvetica,Arial,sans-serif"> <property name="userSearch" ref="userSearch" /></div><div style="font-family:Helvetica,Arial,sans-serif"> </bean></div><div style="font-family:Helvetica,Arial,sans-serif"> </constructor-arg></div><div style="font-family:Helvetica,Arial,sans-serif"> <property name="userDetailsContextMapper" ref="userDetailsService" /></div><div style="font-family:Helvetica,Arial,sans-serif"> </bean></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif"> <bean id="userSearch"</div><div style="font-family:Helvetica,Arial,sans-serif"> class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div><div style="font-family:Helvetica,Arial,sans-serif"> <constructor-arg index="0" value="" /></div><div style="font-family:Helvetica,Arial,sans-serif"> <constructor-arg index="1" value="(sAMAccountName={0})" /></div><div style="font-family:Helvetica,Arial,sans-serif"> <constructor-arg index="2" ref="contextSource" /></div><div style="font-family:Helvetica,Arial,sans-serif"> <property name="searchSubtree" value="true" /></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif"> </bean></div></span></div><div><div style="font-family:Helvetica,Arial,sans-serif"><div><br></div></div><br></div><div><br></div><div><span></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br><a href="http://evolveum.com" target="_blank">evolveum.com</a><span></span><br></div><div><br></div><hr id="m_1207575036554626090zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"Ivan Noris" <<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>><br><b>To: </b><a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br><b>Sent: </b>Wednesday, November 9, 2016 2:01:09 PM<br><b>Subject: </b>Re: [midPoint] Active Directory Authentication<div><div class="h5"><br><div><br></div>
<p>Hi,</p>
<p>I don't have experience with this, but for me this seems to be
suspicious:</p>
<div> <property
name="userDnPatterns"></div>
<div> <list></div>
<div>
<value>sAMAccountName={0},cn=Users</value></div>
<div> </list></div>
<div> </property></div>
<br>
Because if this is used for any filtering, such DNs probably don't
exist... (AD accounts DNs are cn=Firstname Lastname,...) And
probably also the container will be different from cn=Users.<br>
<br>
I hope someone else can help.<br>
Ivan<br>
<br>
<div class="m_1207575036554626090moz-cite-prefix">On 11/08/2016 03:33 PM, mceylan wrote:<br>
</div>
<blockquote>
<div dir="ltr">hi,
<div><br>
</div>
<div>the problem is I' m unable to connect with Active Directory
using valid credentials.<br clear="all">
<div><br>
</div>
<div>catalina.sh file add -Dauth.method.type=ldap</div>
<div><br>
</div>
<div>this is my ctx-web-security-ldap.xml file <br>
</div>
<div><br>
</div>
<div>
<div><bean id="contextSource"</div>
<div>
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"></div>
<div> <constructor-arg value="<a class="m_1207575036554626090moz-txt-link-freetext">ldap://</a><a href="http://enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr" target="_blank">enad.trm.gov.tr:389/dc=trm,dc=gov,dc=tr</a>"
/></div>
<div> <property name="userDn"
value="cn=administrator,cn=Users,dc=trm,dc=gov,dc=tr"
/></div>
<div> <property name="password"
value="1234qQQ" /></div>
<div> <property name="referral"
value="follow" /></div>
<div> </bean></div>
<div><br>
</div>
<div> <bean id="midPointAuthenticationProvider"</div>
<div>
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"></div>
<div> <constructor-arg></div>
<div> <bean</div>
<div>
class="org.springframework.security.ldap.authentication.BindAuthenticator"></div>
<div> <constructor-arg
ref="contextSource" /></div>
<div> <property
name="userDnPatterns"></div>
<div> <list></div>
<div>
<value>sAMAccountName={0},cn=Users</value></div>
<div> </list></div>
<div> </property></div>
<div> <!-- OPTIONAL
--></div>
<div> <property
name="userSearch" ref="userSearch" /></div>
<div> </bean></div>
<div> </constructor-arg></div>
<div> <property
name="userDetailsContextMapper" ref="userDetailsService"
/></div>
<div> </bean></div>
<div><br>
</div>
<div> <bean id="userSearch"</div>
<div>
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"></div>
<div> <constructor-arg index="0" value=""
/></div>
<div> <constructor-arg index="1"
value="(sAMAccountName={0})" /></div>
<div> <constructor-arg index="2"
ref="contextSource" /></div>
<div> <property name="searchSubtree"
value="true" /></div>
<div><br>
</div>
<div> </bean></div>
</div>
<div><br>
</div>
<div>output: <b class="m_1207575036554626090gmail-box-title">[Warning: Property
for 'Bad credentials' not found]</b></div>
<div><b class="m_1207575036554626090gmail-box-title"><br>
</b></div>
<div><b class="m_1207575036554626090gmail-box-title">Thanks.<br>
</b>-- </div>
<div class="m_1207575036554626090gmail_signature">
<div dir="ltr">Merve CEYLAN</div>
</div>
</div>
</div>
<br>
<fieldset class="m_1207575036554626090mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a class="m_1207575036554626090moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_1207575036554626090moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="m_1207575036554626090moz-signature">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
<br>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div></div><div><br></div></div></div><br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Merve CEYLAN</div></div>
</div>
<br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>http://lists.evolveum.com/mailman/listinfo/midpoint<br></div><div><br></div></div></body></html>