stackoom
  简体   繁体   中英

LDAP Authentication Error

 原文  2014-02-18 15:26:41       java/ spring/ grails/ active-directory/ ldap

Question

Im getting an error in grails when trying to use LDAP authentication to find a user using AD authentication. This is the code I have from the grails side: 

@Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
        ArrayList<String> roles=new ArrayList<String>(2);
        roles.add("ROLE_USER");
        try {
            GldapoSchemaClassForUser.findAll( directory: "user", filter: "(userPrincipalName=${username})" ).each{ user ->
            def userName = user.cn
            user.memberOf.each{ groupListing ->
            String groupName=groupListing.substring(3, groupListing.indexOf(','));
            if (groupName.equals("Admin")) {
                roles.add("ROLE_ADMIN");
            } else if (groupName.equals("User")) {
                // Do nothing
            }
        } catch (Throwable e) {
            System.err.println(e.getMessage())
        }
        return new User(username)
    }

It hits the catch block when it tries to access this line above:

GldapoSchemaClassForUser.findAll( directory: "user", filter: "(userPrincipalName=${username})" )

showing this error message:

org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

According to documentation this error suggests that a 525 error means an invalid user but I have tested using an LDAP explorer tool and it connects to the user fine with the same details.

In the app-config file I have the following ldap settings:

  • ldap.directories.user.url=ldap://sbs.testsbs.local
  • ldap.directories.user.base=OU=staff,DC=skills,DC=local
  • ldap.directories.user.userDn=OU=staff,DC=skills,DC=local
  • ldap.directories.user.password=Pa55w0rd

Does anyone have any ideas as to what I am doing wrong?

1 answers

solution1
 0  2014-03-03 09:32:58

Your error is in the app-config LDAP settings.

The ldap.directories.user.userDn setting has been populated with a container, the same as you specified in ldap.directories.user.base .

However this should be the DN of the user object that is performing the search, something along the lines of ldap.directories.user.userDn=CN=myAppUser,OU=staff,DC=skills,DC=local

The 525 error means user not found but in this case pertains to the user logging in, and not the user you are searching for.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question LDAP/AD authentication random error LDAP authentication for Tomcat - 403 error LDAP Authentication to AD error code Spring ldap authentication failed error codes MobileFirst 8.0 user authentication LDAP error LDAP authentication in java with apache LDAP Spring boot ldap Authentication Error [LDAP: error code 49 - Invalid Credentials] LDAP + Java Aplication Authentication error code 49 - 52e spring ldap template authentication LDAP bind Authentication Handler
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM