1.3.0 Authentication issue

[Vignesh.kc@gmail.com]

Hi, I am trying to use the authentication method from 1.3

I tried the same sample posted from the blog "http://blog.jayway.com/2008/10/27/whats-new-in-spring-ldap-13/"

Here is my code.

Code:

public boolean authenticate(String userName, String password)  {
		
		boolean result = false;		
		
		
		EqualsFilter filter = new EqualsFilter("uid", userName);
		
		// Actual filter will differ depending on LDAP Server and schema
		List<String> results = ldapTemplate.search("", filter.toString(),
		new DnContextMapper());
		
		if (results.size() != 1) {
			throw new IncorrectResultSizeDataAccessException(1, results.size());
		}

		DirContext ctx = null;
		try {				
			String uid = results.get(0);
			logger.debug("Getting context source with principal :"+uid);
			ctx = contextSource.getContext(uid, password);			
			result=  true;
			
		}catch (Exception e) {
			logger.error("Exception occured :"+e.getMessage());
			logger.trace(e);
		} finally {
			LdapUtils.closeContext(ctx);
		}
		
		return result;
	}

Here is the log output.

Code:

[11-11-08:15:51:25- (DEBUG)] com.edu.dao.SpringAuthenticationDAO  : Getting context source with principal :cn=maven_proxy_account,o=The XXX Companies
[11-11-08:15:51:25- (ERROR)] com.edu.dao.SpringAuthenticationDAO  : Exception occured :[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]

I have verified the credentials for the user [maven_proxy_account] externally and that seems to work fine.

I notice that DN formation happens properly hence when i supply uid to this function it gets resolved to [cn=maven_proxy_account,o=The XXX Companies]

Any help appreciated.

Thanks
Vignesh

[rasky]

Well, the code works for me. One possible error source would be the DnContextMapper. It should look like this:

Code:

private final static class DnContextMapper extends AbstractParameterizedContextMapper<String> {
	@Override
	protected String doMapFromContext(DirContextOperations ctx) {
		return ctx.getNameInNamespace();
	}
}

It's imperative that you use ctx.getNameInNamespace() here as we need to get the absolute DN of the entry - ctx.getDn() will return the relative DN (relative to the ContextSource base path that is).

[Vignesh.kc@gmail.com]

Hi,
I use it as intended. Here is the complete code.

" cn=maven_proxy_account,o=The XXX Companies" is the "ABSOLUTE DN" .


Here is the complete class i use for authentication.

Code:

import java.util.List;

import javax.naming.Name;
import javax.naming.directory.DirContext;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.simple.AbstractParameterizedContextMapper;
import org.springframework.ldap.core.simple.SimpleLdapTemplate;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.support.LdapUtils;

public class SpringAuthenticationDAO {
	
	private Log logger = LogFactory.getLog(this.getClass());
	
	private static final Name BASE = DistinguishedName.EMPTY_PATH;

	private SimpleLdapTemplate ldapTemplate;
	private ContextSource contextSource;

	public void setLdapTemplate(SimpleLdapTemplate ldapTemplate) {
		this.ldapTemplate = ldapTemplate;
	}

	public void setContextSource(ContextSource contextSource) {
		this.contextSource = contextSource;
	}

	public boolean authenticate(String userName, String password)  {
		
		boolean result = false;		
		
		
		EqualsFilter filter = new EqualsFilter("uid", userName);
		
		// Actual filter will differ depending on LDAP Server and schema
		List<String> results = ldapTemplate.search("", filter.toString(),
		new DnContextMapper());
		
		if (results.size() != 1) {
			throw new IncorrectResultSizeDataAccessException(1, results.size());
		}

		DirContext ctx = null;
		try {				
			String uid = results.get(0);
			logger.debug("Getting context source with principal :"+uid);
			ctx = contextSource.getContext(uid, password);			
			result=  true;
			
		}catch (Exception e) {
			logger.error("Exception occured :"+e.getMessage());
			logger.trace(e);
		} finally {
			LdapUtils.closeContext(ctx);
		}
		
		return result;
	}
	
	
	private final static class DnContextMapper extends AbstractParameterizedContextMapper<String> {
		@Override
		protected String doMapFromContext(DirContextOperations ctx) {
			return ctx.getNameInNamespace();
		}
	}
	
}

Here is the output.

[11-12-08:09:29:01- (DEBUG)] com.edu.dao.SpringAuthenticationDAO : Getting context source with principal :cn=maven_proxy_account,o=The XXX Companies
[11-12-08:09:29:01- (ERROR)] com.edu.dao.SpringAuthenticationDAO : Exception occured :[LDAP: error code 32 - No Such Object]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]

Any help is appreciated. I dont want to go towards "security" modules for this purpose.

Regards
Vignesh

[rasky]

Could this by any chance be related to this Jira issue?

[Vignesh.kc@gmail.com]

Sorry for all the confusion. I was supplying a wrong context source on the spring injection. A carefull reading on the xml file showed light on the defect.

Thanks for all the help.

Regards
Vignesh