JasperReports Server 5.2 Active Directory集成
[英]JasperReports Server 5.2 Active Directory Integration
问题描述
Apologies for yet another AD integration question :) 
为另一个广告集成问题表示歉意:)
I've got a fresh install of JasperReports Server 5.2 on Windows Server 2008 R2 and I'm trying to configure AD authentication but logins always fail. 我已经在Windows Server 2008 R2上全新安装了JasperReports Server 5.2,并且正在尝试配置AD身份验证,但是登录始终失败。
I've copied the sample applicationContext-externalAuth-LDAP.xml file into the WEB-INF folder and customised it: 我已将示例applicationContext-externalAuth-LDAP.xml文件复制到WEB-INF文件夹并对其进行了自定义:
<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
<constructor-arg index="1"><value></value></constructor-arg>
<property name="groupRoleAttribute" value="cn"/>
<property name="groupSearchFilter" value="((member={0})(objectClass=group))"/>
<property name="searchSubtree" value="true"/>
<!-- Can setup additional external default roles here <property name="defaultRole" value="LDAP"/> -->
</bean>
</constructor-arg>
</bean>
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0">
<value></value>
</constructor-arg>
<constructor-arg index="1">
<value>((sAMAccountName={0})(objectClass=user))</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://hostname:389/dc=domain,dc=local"/>
<!-- manager user name and password (may not be needed) -->
<property name="userDn" value="Administrator"/>
<property name="password" value="password"/>
</bean>
Actual Hostname, Domain name and Password have been removed in the above, our AD is set up a bit strangely in that users are spread across several OUs so I've left the branch DN properties empty and attempted to limit the search to entries with a certain objectClass (user or group). 上面已删除了实际的主机名,域名和密码,我们的AD设置有些奇怪,因为用户分散在多个OU中,因此我将分支DN属性留为空白,并尝试将搜索限制为带有某些objectClass(用户或组)。
I've enabled debug level logging for org.springframework.security and com.jaspersoft.jasperserver.api.security but I'm not getting anything particularly informative in the logs: 我已经为org.springframework.security和com.jaspersoft.jasperserver.api.security启用了调试级别日志记录,但是在日志中我没有得到任何特别有用的信息:
2013-09-03 10:12:32,882 DEBUG BaseAuthenticationProcessingFilter,http-bio-80-exec-6:252 - Request is to process authentication
2013-09-03 10:12:32,884 DEBUG ProviderManager,http-bio-80-exec-6:183 - Authentication attempt using org.springframework.security.providers.ldap.LdapAuthenticationProvider
2013-09-03 10:12:32,888 DEBUG FilterBasedLdapUserSearch,http-bio-80-exec-6:109 - Searching for user 'username', with user search [ searchFilter: '((sAMAccountName={0})(objectClass=user))', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-09-03 10:12:32,905 DEBUG SpringSecurityLdapTemplate,http-bio-80-exec-6:197 - Searching for entry in under DN 'dc=domain,dc=local', base = '', filter = '((sAMAccountName={0})(objectClass=user))'
2013-09-03 10:12:32,933 DEBUG ProviderManager,http-bio-80-exec-6:183 - Authentication attempt using com.jaspersoft.jasperserver.api.security.internalAuth.InternalDaoAuthenticationProvider
2013-09-03 10:12:32,940 WARN LoggerListener,http-bio-80-exec-6:60 - Authentication event AuthenticationFailureBadCredentialsEvent: username; details: org.springframework.security.ui.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F8EA36A4CF952E3DE41E7211B4EB529D; exception: Bad credentials
2013-09-03 10:12:32,941 DEBUG BaseAuthenticationProcessingFilter,http-bio-80-exec-6:406 - Updated SecurityContextHolder to contain null Authentication
2013-09-03 10:12:32,941 DEBUG BaseAuthenticationProcessingFilter,http-bio-80-exec-6:412 - Authentication request failed: org.springframework.security.BadCredentialsException: Bad credentials
2013-09-03 10:12:32,943 DEBUG HttpSessionContextIntegrationFilter,http-bio-80-exec-6:255 - SecurityContextHolder now cleared, as request processing completed Any suggestions gratefully received, I've played around with the settings in the externalAuth XML file but nothing seems to make a difference to the log or the login failures. 非常感谢收到的任何建议,我已经试用了externalAuth XML文件中的设置,但似乎对日志或登录失败没有任何影响。
Cheers, Matt 干杯,马特
1 个解决方案
解决方案1
1 已采纳 2013-09-17 02:38:22
Generally speaking when doing ldap searches on AD the only time a baseless search will work is when talking to the GC. 一般而言,在AD上执行ldap搜索时,只有在与GC交谈时才能进行无基础的搜索。
Try putting in the base of DC=domain,DC=local this should still search over your entire domain . 尝试在DC = domain,DC = local的基础上输入,这仍应在整个域中进行搜索。
Also in your user and group searches it appears you are missing the & needed after the first (. 同样,在用户和组搜索中,您似乎会在第一个(。
eg 例如
<property name="groupSearchFilter" value="(&(member={0})(objectClass=group))"/>
and 和
<constructor-arg index="1">
<value>(&(sAMAccountName={0})(objectClass=user))</value>
</constructor-arg>
One last thing that I have seen that helps with the Spring LDAP is to use the DN for the bind account. 我所看到的对Spring LDAP有所帮助的最后一件事是将DN用于绑定帐户。
eg 例如
HTH HTH
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.