Spring Security 2.0.0 LDAP Authentication problems - "Bad Credentials"
I am having problems getting a SpringMVC application with a Schema based configuration of a "ldap-authentication-provider" to work. The credentials given in the login screen fails.
I have manually verified the password with a md5 tool and it matches the object in the LDAP catalog(OpenLDAP).
I am aiming for a password compare, the user should not BIND with the LDAP(unless I am wrong about the BIND concept). All queries to the LDAP catalog are anonymous.
Additional question:
1. Is it possible to limit the search to oneLevel? I cannot find any documentation on how to do this with the schema based configuration
Here is my xml config:
This is the LDAP entry(anonymized):Code:<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> <security:http auto-config="false"> <security:intercept-url pattern="/**" access="ROLE_KOEADMIN" /> <security:form-login /> <security:anonymous /> <security:logout /> </security:http> <security:ldap-server id="ok_ldap" url="ldap://ldap.mydomain.no:389/"/> <security:ldap-authentication-provider server-ref="ok_ldap" group-search-filter="cn={0}" group-search-base="(ou=Auth, dc=mydomain, dc=no)" user-search-filter="(employeeNumber={0})" user-search-base="ou=People, dc=mydomain, dc=no" > <security:password-compare hash="md5"/> </security:ldap-authentication-provider>
This is the resulting log:
Any help on this is greatly apprectiated.Code:2008-04-22 19:19:13,110 DEBUG [org.springframework.security.ui.webapp.AuthenticationProcessingFilter] - <Request is to process authentication> 2008-04-22 19:19:13,111 DEBUG [org.springframework.security.providers.ProviderManager] - <Authentication attempt using org.springframework.security.providers.ldap.LdapAuthenticationProvider> 2008-04-22 19:19:13,112 DEBUG [org.springframework.security.ldap.search.FilterBasedLdapUserSearch] - <Searching for user '79927', with user search [ searchFilter: '(employeeNumber={0})', searchBase: 'ou=People, dc=mydomain, dc=no', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]> 2008-04-22 19:19:13,114 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - <Principal: ''> 2008-04-22 19:19:13,157 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - <Got Ldap context on server 'ldap://ldap.mydomain.no:389/'> 2008-04-22 19:19:13,592 DEBUG [org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator] - <Performing LDAP compare of password attribute 'userPassword' for user 'uid=espen.tjonneland 79927@uke, ou=People, dc=mydomain, dc=no'> 2008-04-22 19:19:13,596 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - <Principal: ''> 2008-04-22 19:19:13,596 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - <Got Ldap context on server 'ldap://ldap.mydomain.no:389/'> 2008-04-22 19:19:13,606 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@16be7ee]: org.springframework.security.event.authentication.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.providers.UsernamePasswordAuthenticationToken@faecefe: Principal: 79927; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 5E135069B0C2C3455D186723AE1E7DD6; Not granted any authorities]> 2008-04-22 19:19:13,606 DEBUG [org.springframework.security.ui.webapp.AuthenticationProcessingFilter] - <Updated SecurityContextHolder to contain null Authentication> 2008-04-22 19:19:13,606 DEBUG [org.springframework.security.ui.webapp.AuthenticationProcessingFilter] - <Authentication request failed: org.springframework.security.BadCredentialsException: Bad credentials>
Regards, Espen.
