I've configured grails ldap plugin as follows in application.yml and added dependencies of spring security core and ldap in build.gradle.
grails:
plugin:
springsecurity:
providerNames: ['ldapAuthProvider', 'anonymousAuthenticationProvider']
ldap:
context:
managerDn: "CN=ldapreader_website,CN=Users,DC=corp,DC=domain,DC=com"
managerPassword: '[secret]'
server: 'ldap://mydomain.com:389/'
authorities:
groupSearchBase: '[CN=Users,DC=corp,DC=domain,DC=com]'
groupSearchFilter: 'member={0}'
search:
base: '[CN=Users,DC=corp,DC=domain,DC=com]'
filter: '(&(objectCategory=user)(sAMAccountName={0}))'
But when I try to login getting error message as:
Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 52e, v1d
eption is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 52e, v1db1 ]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191)
Can anyone help me in this issue.
Error code 49/52e seems to indicate invalid credentials, reference here
Indicates an Active Directory (AD) AcceptSecurityContext error, which is returned when the username is valid but the combination of password and user credential is invalid. This is the AD equivalent of LDAP error code 49.
Related
I am unable to read secrets with vault when I upgrade spring version from 2.0.3.RELEASE to 2.3.5.RELEASE
It works fine with 2.0.3.RELEASE (with secret path, secret/data/{app-name}), but with 2.3.5.RELEASE, path is changed to secret/data/data/{app-name} which is causing 403.
LeaseAwareVaultPropertySource : Vault location [secret/data/{app-name}]
not resolvable: Status 403 Forbidden [secret/data/data/{app-name}]: 1 error occurred: * permission denied
HttpClientErrorException$Forbidden: 403 Forbidden: [{"errors":["1 error occurred:\n\t* permission denied\n\n"]}
]
org.springframework.vault.VaultException: Status 403 Forbidden [secret/data/data/{app-name}]: 1 error occurred:
* permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden:
[{"errors":["1 error occurred:\n\t* permission denied\n\n"]}
]
I am using Apacheknox version 1.0.0. I have tried to authenticate knox uiusing Ldap user. I have tried with following changes in knox
In ambari --> knox-->config-->Advanced topology
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>cn=admin</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://x.x.x.x:10390</value>
</param>
First Iam trying for single user only.I have tried different user search But no luck I am always getting same error like below.
2021-01-29 10:22:07,266 ERROR knox.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(206)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error
code 49 - INVALID_CREDENTIALS: Bind failed: Invalid authentication]
LDAP: error code 49 - INVALID_CREDENTIALS Means, three things, Username/password is incorrect or the account is locked. You are having this error for Bind user.
You need to verify you systemUsername and systemPassword in configured topology.
A tool ldapsearch can be useful to verify credentials for Bind user.
main.ldapRealm.userDnTemplate should be like following
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>cn={0},ou=hadoop,ou=personal,ou=accounts,dc=example,dc=com</value>
</param>
I'm trying to apply workflow on websphere portal but I'm getting below ldap exception: http://192.168.128.38/wps/wcm/myconnect/?MOD=workflowenablement&library=TE&workflow=te.eg_templates/TE-Workflow&fix=true
hhhhcom.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4520E The 'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1^#]; resolved object com.sun.jndi.ldap.LdapCtx#9c2ca1db' naming exception occurred during processing.
[6/10/18 9:14:54:754 EET] 00001145 exception E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext
com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1\u0000]; resolved object com.sun.jndi.ldap.LdapCtx#9c2ca1db' naming exception occurred during processing.
Im getting this error when I open oozie link.can someone help ?
HTTP Status 403 - GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Im able to generate kerberos ticket in my local windows machine
I am using Spring Security and Active Directly for authentication. Below my configuration
registry
.ldapAuthentication()
.ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator)
.userDnPatterns("cn={0},cn=Users")
.contextSource() .managerDn("cn=Administrator,cn=Users,cn=COMPANY,cn=COM,cn=TN")
.managerPassword("xxxxxxx")
.url("ldap://xxx.xxx.xxx.xxxx:389/cn=COMPANY,cn=COM,cn=TN") ;
When I am trying to connect with a valid user I've got this log:
23:30:49.321 [http-bio-8080-exec-8] DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
23:30:49.322 [http-bio-8080-exec-8] DEBUG o.s.s.l.a.LdapAuthenticationProvider - Processing authentication request for user: ben
23:30:49.344 [http-bio-8080-exec-8] DEBUG o.s.s.l.a.BindAuthenticator - Attempting to bind as cn=ben,cn=Users,cn=COMPANY,cn=COM,cn=TN
23:30:49.345 [http-bio-8080-exec-8] DEBUG o.s.s.l.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=ben,cn=Users,cn=COMPANY,cn=COM,cn=TN
23:30:52.371 [http-bio-8080-exec-8] DEBUG o.s.s.l.a.BindAuthenticator - Failed to bind as cn=ben,cn=Users: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580
Sorry, it was a stupid mistake: I used CN instead of DC.