I have problems with ldap authentication, i can´t put it to work.
I captured the ldap message with wireshark and i saw that "bind request"
success but geoserver say that the user cannot authenticate.
where is the problem?
2013/11/26 Luis <freakonaluis@anonymised.com>
I have problems with ldap authentication, i can´t put it to work.
I captured the ldap message with wireshark and i saw that "bind request"
success but geoserver say that the user cannot authenticate.where is the problem?
Hi Luis, can you give me some more information on your environment:
- which version of Geoserver are you using?
- what kind of ldap server? (OpenLDAP, Windows ActiveDirectory, or other)
- how are you configuring the Geoserver LDAP AuthenticationProvider?
Regards,
Mauro Bartolomeoli
--
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
2013/11/26 Luis Taboada <freakonaluis@anonymised.com>
Hi again Mauro
you are correct with that but now the error is
- org.springframework.dao.IncorrectResultSizeDataAccessException:
Incorrect result size: expected 1, actual 0i have seen the problem, i going try to explain it to you
we need to login using the format "domain\user". using for this the field
"format used for the user login name" and it works for bind
but...Our AD uses only the "user" as sAMAccountName, without domain. when the
search is done the result is 0 and i think that would be the cause of the
error.
Then I think you should use sAMAccountName={1} as a filter, the {0}
placeholder looks for the formatted name (dttec\ltds) while the {1}
placehholder uses the unformatted one (ltds in your example).
Regards,
Mauro
--
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Hi Luis, I think you hit a bug in the LDAP admin interface.
The problem should be only related to the test connection functionality, you can try to save the configuration and use it in the authentication chains. It should work from there.
I will open a ticket to fix the test button.
Mauro
···
2013/11/26 Luis Taboada <freakonaluis@anonymised.com>
Hi Mauro
I tried your suggestions but still fails (different error this time)
I paste the last piece of the error trace:
26 nov 15:14:46 WARN [web.security] -
java.lang.NullPointerException
at org.geoserver.security.ldap.LDAPSecurityProvider.createAuthentication
Provider(LDAPSecurityProvider.java:106)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnect
ionPanel$1.doTest(LDAPAuthProviderPanel.java:176)
at org.geoserver.web.security.ldap.LDAPAuthProviderPanel$TestLDAPConnect
ionPanel$1.onSubmit(LDAPAuthProviderPanel.java:159)
at org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink$1.onSubmit(Aja
xSubmitLink.java:68)
at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSu
bmitBehavior.java:143)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.ja
va:177)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(Abstract
DefaultAjaxBehavior.java:300)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTa
rget.processEvents(BehaviorRequestTarget.java:119)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents
(AbstractRequestCycleProcessor.java:92)
at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.j
ava:1250)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1329)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1436)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:
484)and the config that i used
Thanks again Mauro
Regards
Luis
–
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
2013/11/26 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>
2013/11/26 Luis Taboada <freakonaluis@anonymised.com>
Hi again Mauro
you are correct with that but now the error is
- org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 0
i have seen the problem, i going try to explain it to you
we need to login using the format “domain\user”. using for this the field “format used for the user login name” and it works for bind
but…Our AD uses only the “user” as sAMAccountName, without domain. when the search is done the result is 0 and i think that would be the cause of the error.
Then I think you should use sAMAccountName={1} as a filter, the {0} placeholder looks for the formatted name (dttec\ltds) while the {1} placehholder uses the unformatted one (ltds in your example).
Regards,
Mauro
–
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
2013/11/26 Luis Taboada <freakonaluis@anonymised.com>
Hi Mauro
I use the authentication and fails too... but with another error:
Ok, I have looked at the code and I see that sAMAccountName={1} is accepted
as a filter only on master, and not supported on 2.4.2, I will see if I can
backport the fix to 2.4.x shortly and let you know. Would you mind using a
nightly (or I can send you directly the fixed jar to test)?
Regards,
Mauro Bartolomeoli
--
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------