Uncategorized exception for using correct credentials in LDAP authentication
So the issue is really what I expected. I have basically no explanation why you are getting a wrong credentials error back when you give a wrong password but the problem why you see this exception is easy. You need to configure a user that is allowed to read the LDAP server. In your AuthenticationConfiguration
you are just defining the URL of the LDAP server but no user which would be allowed to execute a search and read from there. LDAP authentication works in a two step approach:
- Your app will try to find a DN matching your criteria given in the
userSearchFilter
. For this it will need a manager connection which you can define usingmanagerDN()
andmanagerPassword()
methods of yourcontextSource()
definition. If this search is successful... - it will execute a second bind operation using the DN and the given password and if successful read out your node (as well as linked groups) to populate your
Principal
orUserDetails
object.
Look at the answer in the other post which is defining the manager connection like
.contextSource()
.url("ldaps://<ap-ldap-server>")
.port(639)
.managerDn("cn=binduser,ou=users,dc=ap,dc=domain,dc=com")
.managerPassword("some pass")
Nasreddin
Updated on June 05, 2022Comments
-
Nasreddin almost 2 years
I would like to implement LDAP authentication for a web application using Spring Boot. Here is my
WebSecurityConfig
class:@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin(); } @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("cn={0},ou=institution,ou=people") .contextSource() .url("ldap://ldap.mdanderson.edu:389/dc=mdanderson,dc=edu"); } } }
I tested it with my credentials. Here is the screenshot of my user information from LDAP server:
On login page, if I type in djiao as my username and a wrong password, it will say
Bad credentials
. However if I give the correct password, I would get 500:There was an unexpected error (type=Internal Server Error, status=500). Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name ''
It seems binding to ldap server is successful otherwise it would not distinguish correct password from bad password. But why am I getting this exception?
EDIT:
From the output of IDE console, I see a lot of messages like
Rejected bean
andUnable to locate LocaleResolver
, etc. They do not appear to be errors, but I don't know if they are causing the error. Below is the stack trace:210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'springBootLoggingSystem': no URL paths identified [2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'environment': no URL paths identified [2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'systemProperties': no URL paths identified [2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'systemEnvironment': no URL paths identified [2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importRegistry': no URL paths identified [2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'messageSource': no URL paths identified [2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'servletContext': no URL paths identified [2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'contextParameters': no URL paths identified [2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping [0;39m [2m:[0;39m Rejected bean name 'contextAttributes': no URL paths identified [2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] [2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] [2m2016-04-20 11:34:53.906[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36m.m.m.a.ExceptionHandlerExceptionResolver[0;39m [2m:[0;39m Looking for exception mappings: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@2dfbba12: startup date [Wed Apr 20 11:34:48 CDT 2016]; root of context hierarchy [2m2016-04-20 11:34:53.940[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] [2m2016-04-20 11:34:54.344[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.j.e.a.AnnotationMBeanExporter [0;39m [2m:[0;39m Registering beans for JMX exposure on startup [2m2016-04-20 11:34:54.370[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Looking for resource handler mappings [2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**/favicon.ico", locations=[class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/], class path resource []], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@3ba74ae5] [2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/webjars/**", locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@64261efb] [2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**", locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2bc241b] [2m2016-04-20 11:34:54.435[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36ms.b.c.e.t.TomcatEmbeddedServletContainer[0;39m [2m:[0;39m Tomcat started on port(s): 8080 (http) [2m2016-04-20 11:34:54.436[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.w.c.s.StandardServletEnvironment [0;39m [2m:[0;39m Adding [server.ports] PropertySource with highest search precedence [2m2016-04-20 11:34:54.442[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.m.r.ristore.ws.RistoreWebApplication [0;39m [2m:[0;39m Started RistoreWebApplication in 6.32 seconds (JVM running for 6.784) [2m2016-04-20 11:35:04.459[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Initializing servlet 'dispatcherServlet' [2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.a.c.c.C.[Tomcat].[localhost].[/] [0;39m [2m:[0;39m Initializing Spring FrameworkServlet 'dispatcherServlet' [2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization started [2m2016-04-20 11:35:04.460[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Using MultipartResolver [org.springframework.web.multipart.support.StandardServletMultipartResolver@3f7834e2] [2m2016-04-20 11:35:04.464[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate LocaleResolver with name 'localeResolver': using default [org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver@7488cec1] [2m2016-04-20 11:35:04.494[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate ThemeResolver with name 'themeResolver': using default [org.springframework.web.servlet.theme.FixedThemeResolver@63934d10] [2m2016-04-20 11:35:04.499[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate RequestToViewNameTranslator with name 'viewNameTranslator': using default [org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@47fce61b] [2m2016-04-20 11:35:04.504[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Unable to locate FlashMapManager with name 'flashMapManager': using default [org.springframework.web.servlet.support.SessionFlashMapManager@3cab6c9d] [2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Published WebApplicationContext of servlet 'dispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcherServlet] [2m2016-04-20 11:35:04.505[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization completed in 45 ms [2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Servlet 'dispatcherServlet' configured successfully [2m2016-04-20 11:35:09.671[0;39m [31mERROR[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.a.c.c.C.[.[.[/].[dispatcherServlet] [0;39m [2m:[0;39m Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name '' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:241) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:166) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:238) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:207) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:215) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:87) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) ~[tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32] at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80] Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127) ~[na:1.7.0_80] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) ~[na:1.7.0_80] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) ~[na:1.7.0_80] at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849) ~[na:1.7.0_80] at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) ~[na:1.7.0_80] at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) ~[na:1.7.0_80] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) ~[na:1.7.0_80] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) ~[na:1.7.0_80] at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) ~[na:1.7.0_80] at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE] ... 64 common frames omitted [2m2016-04-20 11:35:09.675[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m DispatcherServlet with name 'dispatcherServlet' processing POST request for [/error] [2m2016-04-20 11:35:09.676[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Looking up handler method for path /error [2m2016-04-20 11:35:09.679[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)] [2m2016-04-20 11:35:09.745[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Requested media types are [text/html, text/html;q=0.8] based on Accept header types and producible media types [text/html]) [2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Returning [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] based on requested media type 'text/html' [2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Rendering view [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] in DispatcherServlet with name 'dispatcherServlet' [2m2016-04-20 11:35:09.752[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Successfully completed request
EDIT #2: Here is the contextSource config from another project within the same institution.
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <beans:constructor-arg value="ldap://ldap.mdanderson.edu:389/DC=mdanderson,DC=edu" /> <beans:property name="userDn" value="ou=institution,ou=people" /> <beans:property name="password" value="password" /> </beans:bean>
-
Nasreddin about 8 yearsWhen I tried to add these two lines I got error
The method managerDn(String) is undefined for the type WebSecurityConfig
,managerPassword
is fine. Also is this manager user/password arbitrary? -
daniel.eichten about 8 yearsWhere did you added it? right after the
url("<url>")
part? -
Nasreddin about 8 yearsSorry I had a
;
afterurl
. Anyway, the two lines I added are.managerDn("cn=manager,ou=institution,ou=people,dc=mdanderson,dc=edu") .managerPassword("password");
and am gettingLDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error
error. Is the manager credential arbitrary? -
daniel.eichten about 8 yearsNo no, that has to be a valid person in your directory. So if you know your DN and pass you can put in yours. In our case we create usually service users for this purpose.
-
Nasreddin about 8 yearsYou mean using the same account (me) as a manager to authenticate another account which happens to be same credentials (me)? I don't quite get it. But after I put my dn and pass as manager I am getting
Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException
. -
daniel.eichten about 8 yearsOk, this is actually coming cause your DN is referring to another node in the Directory Tree (referral) or sometimes even another server. The straight forward option would be to tell the LDAP client to follow links. In essence this should be doable by passing in a valid
ContextSource
which has this enabled. Unfortunately the ContextBuilder does not allow you to set this directly. You'll have to create the ContextSource on you own and pass it in. See: docs.spring.io/spring-ldap/docs/current/reference/… for config options. -
Nasreddin about 8 yearsI added the configuration for contextSource from another project inside the institution. They use Spring xml config though. Do you know how to deal with the
userdn
andpassword
property in my Spring-boot config? -
daniel.eichten about 8 yearsLet us continue this discussion in chat.
-
Nasreddin about 8 yearsI force it to follow links by
contextSource.setReferral("follow");
and it works now. Thanks a lot -
Sylhare over 3 yearsWith a custom contextSource I added
contextSource.setUserDn("cn=user")
andcontextSource.setPassword("userpassword")
and it worked. The issue is that you need an initial user to make the bind as this answer specify.