I'm pretty sure I've seen this brought up a few times already. You might want to do a search on the forum for the old answers.
Senior Member
I'm pretty sure I've seen this brought up a few times already. You might want to do a search on the forum for the old answers.
Junior Member
Hi,
I have a very similar problem as mentioned in some of the previous posts. I would like to know if there was any resolution found. The issue is that I have users in MS Active Directory scattered across multiple OUs. I m able to directly connect to each OU (For eg: OU=Users, DC=company, DC=com )and test the functionality. But if I try to connect to the base for eg: DC=company, DC=com it gives me this error:
org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s): nested exception is javax.naming.PartialResultException:
which I understand is because of the refernces that LDAP is sending back. In order to authenticate the users belonging to multiple OUs, is there a way to specify multiple OUs in Acegi? Any work around?
Any help/suggestions ?
Thanks
Sunj
Junior Member
Sample code/ JUnit Tests
Hi,
I am trying to develop an authentication solution using the spring, Acegi and Active Directory. I have got lot information from this thread and is very helpful for me. Does any of you have any sample code or JUnit tests that shows how to use these configurations and acegi APIs etc. This thread has much of the configuration details, but is there any sample or reference implementation that uses these configurations, I think that will be very helpful for the beginners on this, like me. Thanks in advance!
Senior Member
Acegi Security System TeamSpring Team
Why don't you take a look at the LDAP Junit tests in the Acegi code base? These are configured to run against an embedded Apache DS server.
Junior Member
Configuration for Lotus Domino 6.5.4 and AcegiSecurity 1.0 RC1 in detail
Hello,
Sorry to be so clueless and too green but, I've tried on setting "Configuration for Lotus Domino 6.5.4 and AcegiSecurity 1.0 RC1 " above like million times and it did not work. I need help. The setting I prepared is exactly the same as the above setting except for ldap server. And I think that at login it's already working and failing at getting ROLE. The thing I can not get correctly from above is the setting on Lotus Domino in detail. I know this is Spring forum and this question goes a bit far from it but, Could I ask the setting on Lotus Domino for Spring LDAP a little bit?
Here are several questions.
>>The groups have the form
>>APPNAME_ROLE/Groups
Does the "form" above mean Lotus Domino's "Internet Certifier" or "Organization" or literally "Form" or what?
I first thought "/Groups" above was Lotus Domino's "Organization" so, what I did was below.
1. ADD "Groups" as a "Organization" via Doimono Administrator's Registration of Tools.
2. Use "ADD Group" button to add a Group named "APPNAME_ADMIN/Groups" on "Groups" of "People & Groups".
(you replace APPNAME with your application's name)
3. Then Domino shows "APPNAME_ADMIN/Groups" as the name of the group
and categorize the group as "Groups".
4. Add users that you'd like to let have Administrator permission (in this case)to "Members" on the groups.
I think may be these are far from the correct setting.
Any help would be appreciated.
Thanks
Member
frod,
form does not refer to a Notes form. It rather refers to a pattern or format.
I generally think your configuration is correct, although I did not apply step 1.
Did you try to increase loglevel? Can you post the results? (Maybe even pm it to me)
CU
zorak
Junior Member
Same problem
Any solution found for this problem?
Thanks in advance
Originally Posted by Sunj
Junior Member
I found a solution
Well, I found a solution to the problem of matching users in different OUs. Not the solution I wanted but solution at the end.
I have to match users in 2 different OUs, so I defined two UserSearch beans:
<bean id="userSearch"
class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
<!-- searchBase: Context name to search in, relative to the root DN of the configured InitialDirContextFactory. -->
<constructor-arg index="0">
<value>ou=firstOU</value>
</constructor-arg>
<!-- searchFilter: The filter expression used in the user search -->
<constructor-arg index="1">
<value>${acegi.ldap.searchFilter}</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="initialDirContextFactory" />
</constructor-arg>
<!-- If true then searches the entire subtree as identified by context, if false (the default) then only
searches the level identified by the context -->
<property name="searchSubtree">
<value>${acegi.ldap.searchSubtree}</value>
</property>
</bean>
<bean id="userSearch_1"
class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
<!-- searchBase: Context name to search in, relative to the root DN of the configured InitialDirContextFactory. -->
<constructor-arg index="0">
<value>ou=secondOU</value>
</constructor-arg>
<!-- searchFilter: The filter expression used in the user search -->
<constructor-arg index="1">
<value>${acegi.ldap.searchFilter}</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="initialDirContextFactory" />
</constructor-arg>
<!-- If true then searches the entire subtree as identified by context, if false (the default) then only
searches the level identified by the context -->
<property name="searchSubtree">
<value>${acegi.ldap.searchSubtree}</value>
</property>
</bean>
then I defined two LdapAuthenticationProvider, each one using one of the userSearch defined above:
<bean id="ldapAuthProvider"
class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
<constructor-arg>
<bean
class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
<constructor-arg>
<ref local="initialDirContextFactory" />
</constructor-arg>
<property name="userSearch" ref="userSearch" />
</bean>
</constructor-arg>
<constructor-arg>
<ref local="populator"/>
</constructor-arg>
</bean>
<bean id="ldapAuthProvider_1"
class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
<constructor-arg>
<bean
class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
<constructor-arg>
<ref local="initialDirContextFactory" />
</constructor-arg>
<property name="userSearch" ref="userSearch_1" />
</bean>
</constructor-arg>
<constructor-arg>
<ref local="populator"/>
</constructor-arg>
</bean>
and finally, I put both providers in the providers list:
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
<property name="providers">
<list>
<!-- Si se utiliza LDAP descomentar lo siguiente y comentar daoAuthenticationProvider -->
<ref local="ldapAuthProvider"/>
<ref local="ldapAuthProvider_1"/>
</list>
</property>
</bean>
I don't like this solution, but I couldn't find any better. If someone does, please let me know.
Alejandro
Member
hi araiczyk,
did you try this http://documentation.wikia.com/wiki/AcegiMsad ?
Junior Member
Now I did
I tryed it, and I get this exception:
2007-11-30 18:09:00,482 DEBUG [org.acegisecurity.providers.ldap.LdapAuthenticatio nProvider] - Retrieving user araiczyk
2007-11-30 18:09:00,483 DEBUG [org.acegisecurity.ldap.DefaultInitialDirContextFac tory] - Creating InitialDirContext with environment {java.naming.provider.url=ldap://10.1.2.177:389/DC=prueba,DC=com, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=CN=araiczyk,CN=User s,DC=prueba,DC=com, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******, java.naming.referral=follow}
2007-11-30 18:09:00,608 DEBUG [org.acegisecurity.ldap.search.FilterBasedLdapUserS earch] - Searching for user 'araiczyk', in context javax.naming.directory.InitialDirContext@1d62a85, with user search [ searchFilter: '(sAMAccountName={0})', searchBase: '', scope: subtreesearchTimeLimit: 0derefLinkFlag: true ]
2007-11-30 18:09:00,642 DEBUG [org.acegisecurity.ldap.DefaultInitialDirContextFac tory] - Creating InitialDirContext with environment {java.naming.provider.url=ldap://10.1.2.177:389/DC=prueba,DC=com, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=CN=araiczyk,CN=User s,DC=prueba,DC=com, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******, java.naming.referral=follow}
2007-11-30 18:09:57,238 DEBUG [org.apache.catalina.session.ManagerBase] - Start expire sessions StandardManager at 1196446197238 sessioncount 1
2007-11-30 18:09:57,238 DEBUG [org.apache.catalina.session.ManagerBase] - End expire sessions StandardManager processingTime 0 expired sessions: 0
2007-11-30 18:10:04,468 DEBUG [org.springframework.web.context.support.XmlWebAppl icationContext] - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.Authenticat ionFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswor dAuthenticationToken@5f1b65e0: Username: araiczyk; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 926022EBD91CFF39B466A827C6DB711A; Not granted any authorities]
2007-11-30 18:10:04,468 WARN [org.acegisecurity.event.authentication.LoggerListe ner] - Authentication event AuthenticationFailureServiceExceptionEvent: araiczyk; details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 926022EBD91CFF39B466A827C6DB711A; exception: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: prueba.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: prueba.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
2007-11-30 18:10:04,469 DEBUG [net.technisys.acegi.filter.CustomAuthenticationPro cessingFilter] - Updated SecurityContextHolder to contain null Authentication
any sugestion?
Thanks in advance.
Posting Permissions
