views:

360

answers:

0

I am trying to set up an ldap authentication context where the authorities is a separate ldap instance (with the same principal name). I am having trouble setting up the authentication part, the logs dont show any search results for the following context. Can anyone see what I am doing wrong?

<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <beans:constructor-arg>
        <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <beans:constructor-arg ref="adContextSource" />
            <beans:property name="userSearch">
                <beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                    <beans:constructor-arg index="0" value=""/>
                    <beans:constructor-arg index="1" value="(samaccountname={0})"/>
                    <beans:constructor-arg index="2" ref="adContextSource" />
                    <beans:property name="searchSubtree" value="true" />
                    <beans:property name="returningAttributes">
                        <beans:list>
                            <beans:value>DN</beans:value>
                        </beans:list>
                    </beans:property>
                </beans:bean>
            </beans:property>
        </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg>
        <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <beans:constructor-arg ref="cadaContextSource" />
            <beans:constructor-arg value="ou=groups" />
            <beans:property name="groupRoleAttribute" value="cn" />
        </beans:bean>
    </beans:constructor-arg>
</beans:bean>

The logs simply show this when trying to authenticate:

[DEBUG,UsernamePasswordAuthenticationFilter] Request is to process authentication
[DEBUG,ProviderManager] Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
[DEBUG,LdapAuthenticationProvider] Processing authentication request for user: wuntee
[DEBUG,FilterBasedLdapUserSearch] Searching for user 'wuntee', with user search [ searchFilter: '(samaccountname={0})', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
[DEBUG,AbstractContextSource] Got Ldap context on server 'ldap://adapps.cable.comcast.com:3268/dc=comcast,dc=com/dc=comcast,dc=com'
[DEBUG,XmlWebApplicationContext] Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b777617d: Principal: wuntee; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 191F70ED4E8351F8638868C34C6A076A; Not granted any authorities]
[DEBUG,DefaultListableBeanFactory] Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'
[DEBUG,UsernamePasswordAuthenticationFilter] Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 21.  Encountered: "=" (61), after : ""
[DEBUG,UsernamePasswordAuthenticationFilter] Updated SecurityContextHolder to contain null Authentication
[DEBUG,UsernamePasswordAuthenticationFilter] Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@28651c