User Authentication Error

[kitsVA]

First time with LDAP and in short time:-). I used LDAP user authentication as explained in the spring documentation and I am getting the following error. Any help would be greatly appreciated.

Code:

2010-07-21 22:29:07,343 DEBUG [ProviderManager.java:117] : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2010-07-21 22:29:07,343 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
2010-07-21 22:29:07,343 DEBUG [BindAuthenticator.java:108] : Attempting to bind as samaccountname=kitsp,ou=people,cn=Users,dc=vta,dc=mycompany,dc=com
2010-07-21 22:29:07,343 DEBUG [DefaultSpringSecurityContextSource.java:73] : Removing pooling flag for user samaccountname=kitsp,ou=people,cn=Users,dc=vta,dc=mycompany,dc=com
2010-07-21 22:29:07,390 DEBUG [BindAuthenticator.java:150] : Failed to bind as sAMAccountName=kitsp,ou=people: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

my app context.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<security:http auto-config='true'>
		<security:form-login login-page="/login.jsp"
			default-target-url="/viewMessageList.action"
			always-use-default-target="true" authentication-failure-url="/login.jsp?error=true" />
		<security:intercept-url pattern="/login.jsp"
			access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/includes/**"
			access="IS_AUTHENTICATED_ANONYMOUSLY" />
	<!-- 	<security:intercept-url pattern="/**" access="ROLE_SUI" />  -->
		<security:logout logout-success-url="/login.jsp" />
	</security:http>
<security:ldap-server url="ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com" />
	<security:authentication-manager>
		<security:ldap-authentication-provider
            user-dn-pattern="sAMAccountName={0},ou=people"
        />        
        <security:authentication-provider ref='secondLdapProvider' />         
	</security:authentication-manager>

    <!-- Traditional Bean version of the same configuration -->

    <!-- This bean points at the embedded directory server created by the ldap-server element above  -->
    <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <constructor-arg value="ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com"/>
    </bean>

    <bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <constructor-arg>
            <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <constructor-arg ref="contextSource"/>
      <property name="userDnPatterns">
        <list><value>sAMAccountName={0},ou=people</value></list>
      </property>

            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                 <constructor-arg ref="contextSource"/>
      			<constructor-arg value="ou=groups"/>
      			<property name="groupRoleAttribute" value="ou"/>
            </bean>
        </constructor-arg>
    </bean>

</beans>

[kitsVA]

I also tried with the following config and still have the problems

Code:

.
.
.
<security:authentication-manager>
		<security:ldap-authentication-provider
            group-search-filter="member={0}"
            group-search-base="ou=groups"
            user-search-base="ou=people"
            user-search-filter="sAMAccountName={0}"
        />        
        <security:authentication-provider ref='secondLdapProvider' />         
	</security:authentication-manager>
.
.
<bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <constructor-arg>
            <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <constructor-arg ref="contextSource"/>
                <property name="userSearch">
                    <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                      <constructor-arg index="0" value="ou=people"/>
                      <constructor-arg index="1" value="(sAMAccountName={0})"/>
                      <constructor-arg index="2" ref="contextSource" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                 <constructor-arg ref="contextSource"/>
      			<constructor-arg value="ou=groups"/>
      			<property name="groupRoleAttribute" value="ou"/>
            </bean>
        </constructor-arg>
    </bean>

.
.
.

the error is:

23:07:11,968 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
2010-07-21 23:07:11,968 DEBUG [FilterBasedLdapUserSearch.java:107] : Searching for user 'kitsp', with user search [ searchFilter: 'sAMAccountName={0}', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2010-07-21 23:07:11,968 DEBUG [AbstractContextSource.java:259] : Got Ldap context on server 'ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com'
2010-07-21 23:07:11,984 DEBUG [ProviderManager.java:117] : Authentication attempt using org.springframework.security.ldap.authentication.L dapAuthenticationProvider
2010-07-21 23:07:11,984 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
2010-07-21 23:07:11,984 DEBUG [FilterBasedLdapUserSearch.java:107] : Searching for user kitsp', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'ou=people', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2010-07-21 23:07:11,984 DEBUG [AbstractContextSource.java:259] : Got Ldap context on server 'ldap://myldapserver.vta.mycompany.com/cn=Users,dc=vta,dc=mycompany,dc=com'
2010-07-21 23:07:11,984 DEBUG [AbstractAuthenticationProcessingFilter.java:319] : Authentication request failed: org.springframework.security.authentication.Authen ticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=vta,DC=mycompany,DC=com'

I made the user-search-base to empty string and I now get a new error that says Bad Credentials

2010-07-21 23:18:16,031 DEBUG [LdapAuthenticationProvider.java:241] : Processing authentication request for user: kitsp
2010-07-21 23:18:16,031 DEBUG [FilterBasedLdapUserSearch.java:107] : Searching for user 'kitsp', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2010-07-21 23:18:16,031 DEBUG [AbstractContextSource.java:259] : Got Ldap context on server 'ldap://myldapserver.vta.mycompany.com/dc=vta,dc=mycompany,dc=com'
2010-07-21 23:18:16,031 DEBUG [SpringSecurityLdapTemplate.java:197] : Searching for entry in under DN 'dc=vta,dc=mycompany,dc=com', base = '', filter = '(sAMAccountName={0})'
2010-07-21 23:18:16,031 INFO [SpringSecurityLdapTemplate.java:218] : Ignoring PartialResultException
2010-07-21 23:18:16,031 DEBUG [AbstractAuthenticationProcessingFilter.java:319] : Authentication request failed: org.springframework.security.authentication.BadCre dentialsException: Bad credentials