2010-08-05 15:48:44,898 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] - <Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT)
Looking deeper in the logs I saw a TRACE (not even an INFO level message):
Not granted any authorities
But I was member of several groups! I added group-search-base with same content as user-search-base (same root) to ldap-authentication-provider and then I got authenticated and got my roles (Spring authorities or in this case Active Directory groups) back from the server.
Below is my final *tainted* settings:
<ldap-server url="ldap://domain.com:port" manager-dn="***"
manager-password="***" root="OU=***,dc=***,dc=***" />
<authentication-manager>
<ldap-authentication-provider
user-search-filter="mail={0}" user-search-base="OU=***,dc=***,dc=***"
user-context-mapper-ref="customUserDetailsContextMapper" group-search-base="OU=***,dc=***,dc=***" group-search-filter="***" />
</authentication-manager>
No comments:
Post a Comment