Results 1 to 2 of 2

Thread: Ldap error 32 with AD, everything seems to be ok.

  1. May 17th, 2012, 12:31 PM #1
    rapi7894
    rapi7894 is offline Junior Member
    Join Date
    Nov 2011
    Posts
    2

    Default Ldap error 32 with AD, everything seems to be ok.

    Hello everybody, I am trying to fix this problem for hours now. I already read about this error in a couple of farums. But my settings seems to be right!, so I dont know what I am missing!.

    Well, I used to use ApacheDS (all the logic is working fine with ApacheDS), but I want to change to AD. So I created this AD structure:

    dc=mycompany,dc=com
    -->O=domain1
    ----->OU=people
    --------uid=juan.seon
    --------uid=peter.some

    And I have created a manager User in the configuration with all the right.

    Spring security configurations and values:

    <ldap-server id="ldapServer" url="^{ldap.server.url}"
    manager-dn="^{ldap.server.manager.dn}"
    manager-password="^{ldap.server.manager.password}"/>

    <bean id="TBindAuthenticator" class="com.mycompany.security.client.authenticatio n.TBindAuthenticator">
    <constructor-arg ref="ldapServer" />
    <property name="bindDnPatterns">
    <list><value>^{security.ldap.bind.pattern}</value></list>
    </property>
    </bean>

    ldap.server.manager.dn=CN=Administrator,CN=Roles,C N=Configuration,CN={B74FC0BD-AFE5-410C-B342-56E712FAC060}
    ldap.server.manager.password=secret
    security.ldap.bind.pattern=uid={0},OU=people,O={1}

    So, here is where is failing:

    DirContext ctx = null;
    try {
    ctx = getContextSource().getContext(fullDn.toString(), password);

    Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
    ...

    When I get the Context (getContextSource().getContext(fullDn.toString(), password) I need to autenticate agains the AD. If the credentials are fine, then I am authenticated, otherwise, this trhow an exeption (LDAP: error code 49). So, I am authenticating agains the AD and I believe all the conection is working fine.

    But, when I enter the correct credentials, then I want so get the attributes. So, I am specifing the userdn (uid=juan.seon,ou=people,o=domain1) not the full DN. (I hear in the forum that this could be the problem, If I use the FullDN then I should get ldap error:32, but this is not the case).

    I am very confused about this, I think could be something related to the configurations in AD (I am new to AD). Configurations about the users? or the adminUser perhaps?? Any idea?

    Thanks in advance.
    Reply With Quote Reply With Quote
  2. May 17th, 2012, 03:35 PM #2
    rapi7894
    rapi7894 is offline Junior Member
    Join Date
    Nov 2011
    Posts
    2

    Default

    a new admin user under the partition "dc=mycompany,dc=com". But this was not the problem. The problem was that each user need to have the "READERS" role. So In the role "READERS" I added the user to the member attribute, and this was the solution. Not sure if this is the best solution, and I am not sure to fully understand Why!.

    Does anybody know the answer?

    Thanks!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules