CopyDisable

Sunday, 6 January 2013

WebPasswordSafe LDAP authentication problem

I faced a problem while configuring LDAP authentication in WebPasswordSafe. My configuration was as follows:

<bean id="authnContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="url" value="ldap://192.168.20.1:389" />
        <property name="userDn" value="CN=Websafe,OU=IT Infra,OU=L6 Users,DC=mkmumbai,DC=local" />
        <property name="password" value="xxxxxxxx" />
</bean>
    <bean id="authnLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
        <constructor-arg ref="authnContextSource" />
</bean>
<bean id="ldapAuthenticator" class="net.webpasswordsafe.server.plugin.authentication.LdapAuthenticator">
        <property name="ldapTemplate" ref="authnLdapTemplate" />
        <property name="filter" value="(&amp;(objectclass=person)(sAMAccountName=$1))" />
        <property name="base" value="DC=mkmumbai,DC=local" />
</bean>

But login was getting failed. I got the following

DEBUG [http-80-1]: ldap error authenticating: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mkmumbai,dc=local'
2013-01-02 12:21:15,106 DEBUG [http-80-1]: LdapAuthenticator: login success for websafe? false

 

Where as with the following configuration, LDAP authentication was successful.

<bean id="authnContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://192.168.20.1:389" />
<property name="userDn" value="CN=Websafe,OU=IT Infra,OU=L6 Users,DC=mkmumbai,DC=local" />
<property name="password" value="xxxxxxxx" />
</bean>
<bean id="authnLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="authnContextSource" />
</bean>
<bean id="ldapAuthenticator" class="net.webpasswordsafe.server.plugin.authentication.LdapAuthenticator">
<property name="ldapTemplate" ref="authnLdapTemplate" />
<property name="filter" value="(&amp;(objectclass=person)(sAMAccountName=$1))" />
<property name="base" value="OU=IT Infra,OU=L6 Users,DC=mkmumbai,DC=local" />
</bean>

 

In our active directory setup, users are placed in different OUs as per our policy. For LDAP search, the base has to be DC=mkmumbai,DC=local otherwise authentication LDAP search will not be successful. So to resolve this issue, I used the following LDAP configuration (I have added the line <property name="referral" value="follow"/> ) which worked for me:

 

<bean id="authnContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
       
<property name="referral" value="follow"/>
        <property name="url" value="ldap://192.168.20.1:389" />
        <property name="userDn" value="CN=Websafe,OU=IT Infra,OU=L6 Users,DC=mkmumbai,DC=local" />
        <property name="password" value="xxxxxxxx" />
    </bean>
    <bean id="authnLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
        <constructor-arg ref="authnContextSource" />
    </bean>
    <bean id="ldapAuthenticator" class="net.webpasswordsafe.server.plugin.authentication.LdapAuthenticator">
        <property name="ldapTemplate" ref="authnLdapTemplate" />
        <property name="filter" value="(&amp;(objectclass=person)(sAMAccountName=$1))" />
        <property name="base" value="DC=mkmumbai,DC=local" />
    </bean>