Before simply telling me to look in the forums for similar posts, let me state that I have read over 100 posts, tried everything they suggest, and have spent 4-5 days on this with no success. I am new to Java, JasperReports Server, and Spring.
Some facts:
The latest JasperReports Server uses Spring Security 2.0 (I think), which is not the newest version.
I think we use AD 2003.
I have successfully used LDAP Browser, and the Drupal LDAP module using the same info.
I have added a couple of lines to Jasper's default log4j.properties file thus:
log4j.category.org.springframework.security=DEBUG, MISC, ERROR, INFO
log4j.category.org.springframework.security.ldap=D EBUG, MISC, ERROR, INFO
I don't know what else I can do to 'see' what is happening during the log in process. These don't seem to help much as you'll see below.
My Active Directory info is this:
root.myserver.org
-Facility1
--Users
---Admins
--Groups
-Facility2
--Users
---Admins
--Groups
etc.
A service account which can query the server and is used on other systems:
User: CN=ldapuser,OU=Users,OU=Facility1,DC=root,DC=myser ver,DC=org
Password: password
Error messages in jasperserver.log:
2012-05-09 14:49:17,982 INFO DefaultSpringSecurityContextSource,Thread-1:56 - URL 'ldap://root.myserver.org:389/dc=root,dc=myserver,dc=org', root DN is 'dc=root,dc=myserver,dc=org'
2012-05-09 14:49:31,443 DEBUG ProviderManager,http-8080-2:183 - Authentication attempt using org.springframework.security.providers.ldap.LdapAu thenticationProvider
2012-05-09 14:49:31,446 DEBUG FilterBasedLdapUserSearch,http-8080-2:109 - Searching for user 'constar1', with user search [ searchFilter: 'sAMAccountName={0}', searchBase: 'DC=root,DC=myserver,DC=org', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ]
2012-05-09 14:49:31,502 DEBUG ProviderManager,http-8080-2:183 - Authentication attempt using org.springframework.security.providers.dao.DaoAuth enticationProvider
2012-05-09 14:49:31,534 WARN LoggerListener,http-8080-2:60 - Authentication event AuthenticationFailureBadCredentialsEvent: constar1; details: org.springframework.security.ui.WebAuthenticationD etails@0: RemoteIpAddress: 10.145.156.100; SessionId: D07A60737C086D8FB4AD14BE703F87DC; exception: Bad credentials
I only put in those which seem related. You can see that LDAP is unsuccessful and so DAO is used next which, of course, fails to find the user.
My applicationContext-security.xml file contains the following LDAP settings:
Code:
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthenticationProvider"/>
<ref bean="${bean.daoAuthenticationProvider}"/>
<ref bean="anonymousAuthenticationProvider"/>
<!--ref local="jaasAuthenticationProvider"/-->
</list>
</property>
</bean>
Code:
<bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://root.myserver.org:389/dc=root,dc=myserver,dc=org"/>
<property name="userDn"><value>CN=ldapuser,OU=Users,OU=Facility1,DC=root,DC=myserver,DC=org</value></property>
<property name="password"><value>password</value></property>
</bean>
Code:
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0">
<value>DC=root,DC=myserver,DC=org</value>
</constructor-arg>
<constructor-arg index="1">
<value>sAMAccountName={0}</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
<property name="derefLinkFlag">
<value>true</value>
</property>
</bean>
Code:
<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<!-- <property name="userDnPatterns"><list><value>uid={0}</value></list></property> -->
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
<constructor-arg index="1"><value>OU=Groups,OU=Facility2,DC=root,DC=myserver,DC=org</value></constructor-arg>
<!--<property name="groupRoleAttribute"><value>cn</value></property>-->
<!--<property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property>-->
<!--<property name="groupSearchFilter"><value>(member={0})</value></property>-->
<property name="searchSubtree"><value>true</value></property>
</bean>
</constructor-arg>
</bean>
My questions are:
- What can I do to see better what is going on behind the scenes?
- Given my directory structure, what settings are wrong on my xml file? Should this be working as-is?
- Are there settings elsewhere I didn't address or are missing (here or on other files)?
- Why does this forum introduce spaces in some words?
Thanks in advance for any help.
LDAP, Active Directory, and Jasper Reports Server 4.5 CE
Reply With Quote
