Error 2001 issue when authenticating against LDAP/AD

[karianna]

Hi all,

I have the following configuration:

Code:

<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://myldapserver:389" />
  <property name="base" value="dc=uk,dc=mydomain,dc=com"/>
  <property name="userDn" value="cn=Verburg Martijn,ou=People,ou=Logins,dc=uk,dc=mydomain,dc=com" />
  <property name="password" value="mypassword" />
</bean>

<bean id="secondLdapProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

  <s:custom-authentication-provider />

  <constructor-arg>
    <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
      <constructor-arg ref="contextSource" />
      <property name="userSearch">
        <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
          <constructor-arg index="0" value="ou=People,ou=Logins,dc=uk,dc=mydomain,dc=com" />
          <constructor-arg index="1" value="(sAMAccountName={0})" />
          <constructor-arg index="2" ref="contextSource" />
          <property name="searchSubtree" value="true" />
        </bean>
      </property>
    </bean>
  </constructor-arg>

  <constructor-arg>
    <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
      <constructor-arg ref="contextSource" />
      <constructor-arg value="" />
      <property name="searchSubtree" value="true" />
      <property name="convertToUpperCase" value="false" /> 
    </bean>
  </constructor-arg>
</bean>

But when I attempt to login I get the following error:

Code:

Authentication request failed: org.springframework.security.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=uk,DC=mydomain,DC=com'
^@]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=uk,DC=mydomain,DC=com'
^@]; remaining name 'ou=People,ou=Logins,dc=uk,dc=mydomain,dc=com'; nested exception is org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=uk,DC=mydomain,DC=com'
^@]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=uk,DC=mydomain,DC=com'
^@]; remaining name 'ou=People,ou=Logins,dc=uk,dc=mydomain,dc=com'

Not sure where to look next!

[karianna]

Heh, I solved it, you don't need to specify the full dn in further operations when you've already set the base.