Results 1 to 3 of 3

Thread: Authenticate and retrieve list of groups for user in Active Directory

  1. Aug 20th, 2010, 10:45 AM #1
    mlynch147
    mlynch147 is offline Junior Member
    Join Date
    Aug 2010
    Posts
    2

    Post Authenticate and retrieve list of groups for user in Active Directory

    Hi

    I have been fighting Spring Security 3 for a few days. I can successfully authenticate a user, but when I try to retrieve back a list of groups im getting error messages... Ive tried quite a few different configs and each one is returning me a different error.

    At the minute, I am just instantiating all my objects using Java. When I eventually get a working version, I will move all the object creation out and spring inject the values...

    So here is what I have got working....

    Code:
            String url = "ldap://10.60.106.13:389/dc=external,dc=com";
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(url);
        contextSource.setCacheEnvironmentProperties(false);
        
        BindAuthenticator authenticator = new BindAuthenticator(contextSource); 

        authenticator.setUserDnPatterns(new String[] {"cn={0},cn=testou"});
        authenticator.setUserAttributes(new String[] {"cn"});

        LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
        Authentication authenticatonImp = new UsernamePasswordAuthenticationToken("bob", "Pass101!");       
                
        UsernamePasswordAuthenticationToken result = 
            (UsernamePasswordAuthenticationToken) provider.authenticate(authenticatonImp);
                
                UsernamePasswordAuthenticationToken result = 
                    (UsernamePasswordAuthenticationToken) provider.authenticate(authenticatonImp);

    That all works fine... From the reading I've done, I (think) that you have to use the 'Populator' class and possibly the 'UserSearch' class to return information about the user (please feel free to correct me where necessary). So this is my latest effort

    Code:
            String url = "ldap://10.60.106.13:389/dc=external,dc=com";
        
        AuthenticationSourceImpl authenticationSource = new AuthenticationSourceImpl();
        authenticationSource.setPrincipal("cn=bob,ou=testou,dc=external,dc=com");
        authenticationSource.setCredentials("Pass101!");
        
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(url);
        contextSource.setCacheEnvironmentProperties(false);
        contextSource.setAuthenticationSource(authenticationSource);
        
        BindAuthenticator authenticator = new BindAuthenticator(contextSource);        
        authenticator.setUserDnPatterns(new String[] {"cn={0},ou=testou"});

        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", "", contextSource);
     
        LdapUserDetailsService userDetailsService = new LdapUserDetailsService(userSearch);
        
        UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(userDetailsService);
        
        LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator, populator); 
        Authentication authenticatonImp = new UsernamePasswordAuthenticationToken("bob", "Pass101!");       
                     
        UsernamePasswordAuthenticationToken result = 
            (UsernamePasswordAuthenticationToken) provider.authenticate(authenticatonImp);
    This latest effort is coming back with the error....
    20-Aug-2010 16:40:27 org.springframework.security.ldap.search.FilterBas edLdapUserSearch <init>
    INFO: SearchBase not set. Searches will be performed from the root: dc=external,dc=com
    AuthenticationSourceImpl.getPrincipal()
    AuthenticationSourceImpl.getCredentials()
    org.springframework.security.authentication.Authen ticationServiceException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterExceptio n: Empty filter; remaining name ''
    at org.springframework.security.ldap.authentication.L dapAuthenticationProvider.authenticate(LdapAuthent icationProvider.java:271)
    at springSecurity.SpringSecurity.notWorkingConfigurat ion(SpringSecurity.java:146)
    at springSecurity.SpringSecurity.main(SpringSecurity. java:106)
    Caused by: org.springframework.ldap.InvalidSearchFilterExcept ion: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterExceptio n: Empty filter; remaining name ''
    at org.springframework.ldap.support.LdapUtils.convert LdapException(LdapUtils.java:133)
    at org.springframework.ldap.core.LdapTemplate.execute WithContext(LdapTemplate.java:810)
    at org.springframework.ldap.core.LdapTemplate.execute ReadOnly(LdapTemplate.java:793)
    at org.springframework.security.ldap.SpringSecurityLd apTemplate.searchForSingleEntry(SpringSecurityLdap Template.java:192)
    at org.springframework.security.ldap.search.FilterBas edLdapUserSearch.searchForUser(FilterBasedLdapUser Search.java:116)
    at org.springframework.security.ldap.userdetails.Ldap UserDetailsService.loadUserByUsername(LdapUserDeta ilsService.java:35)
    at org.springframework.security.ldap.authentication.U serDetailsServiceLdapAuthoritiesPopulator.getGrant edAuthorities(UserDetailsServiceLdapAuthoritiesPop ulator.java:28)
    at org.springframework.security.ldap.authentication.L dapAuthenticationProvider.loadUserAuthorities(Ldap AuthenticationProvider.java:276)
    at org.springframework.security.ldap.authentication.L dapAuthenticationProvider.authenticate(LdapAuthent icationProvider.java:254)
    ... 2 more
    Caused by: javax.naming.directory.InvalidSearchFilterExceptio n: Empty filter; remaining name ''
    at com.sun.jndi.ldap.Filter.encodeFilterString(Filter .java:38)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.jav a:520)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:19 62)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1 824)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:17 49)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:17 66)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_sea rch(ComponentDirContext.java:394)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(PartialCompositeDirContext.java:376)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(PartialCompositeDirContext.java:358)
    at javax.naming.directory.InitialDirContext.search(In itialDirContext.java:267)
    at org.springframework.security.ldap.SpringSecurityLd apTemplate$3.executeWithContext(SpringSecurityLdap Template.java:195)
    at org.springframework.ldap.core.LdapTemplate.execute WithContext(LdapTemplate.java:807)
    ... 9 more
    Any help would be greatly appreciated...

    Regards
    Martin
    Reply With Quote Reply With Quote
  2. Aug 22nd, 2010, 05:06 AM #2
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,695

    Default

    Why are you trying to reinvent the wheel? Spring already provides support and configuration for ldap (namespace configuration).

    Your filter for retrieving the groups is empty and you should supply a filter, else it doesn't know what to retrieve from where in ldap.
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
    Reply With Quote Reply With Quote
  3. Aug 23rd, 2010, 03:17 AM #3
    mlynch147
    mlynch147 is offline Junior Member
    Join Date
    Aug 2010
    Posts
    2

    Default

    Hi

    I'm not trying to re-invent the wheel, I am simply trying to get it working (unsuccessfully).
    All I want is to authenticate the user and return the list of groups he/she belongs to.

    I submitted the post to see if someone would help and guide me with my problem...

    I have tried set a filter as you suggested and have tried this:

    Code:
    FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", "memberOf=", contextSource);
    but I am now getting the following error:
    Code:
    23-Aug-2010 09:13:00 org.springframework.security.ldap.DefaultSpringSecurityContextSource <init>
INFO:  URL 'ldap://10.60.106.13:389/dc=external,dc=com', root DN is 'dc=external,dc=com'
23-Aug-2010 09:13:00 org.springframework.security.ldap.search.FilterBasedLdapUserSearch <init>
INFO: SearchBase not set. Searches will be performed from the root: dc=external,dc=com
AuthenticationSourceImpl.getPrincipal()
AuthenticationSourceImpl.getCredentials()
23-Aug-2010 09:13:00 org.springframework.security.ldap.SpringSecurityLdapTemplate$3 executeWithContext
INFO: Ignoring PartialResultException
org.springframework.security.authentication.BadCredentialsException: Bad credentials
	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.authenticate(LdapAuthenticationProvider.java:265)
	at springSecurity.SpringSecurity.notWorkingConfiguration(SpringSecurity.java:145)
	at springSecurity.SpringSecurity.main(SpringSecurity.java:106)
    Can someone please offer me a bit of guidance.

    Thanks
    Martin
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules