LaVOZs

The World’s Largest Online Community for Developers

'; jasperserver - JasperReports Server 5.2 Active Directory Integration - LavOzs.Com

Apologies for yet another AD integration question :)

I've got a fresh install of JasperReports Server 5.2 on Windows Server 2008 R2 and I'm trying to configure AD authentication but logins always fail.

I've copied the sample applicationContext-externalAuth-LDAP.xml file into the WEB-INF folder and customised it:

    <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
        <constructor-arg>
            <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                <constructor-arg><ref local="ldapContextSource"/></constructor-arg>
                <property name="userSearch" ref="userSearch"/>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
                <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
                <constructor-arg index="1"><value></value></constructor-arg>
                <property name="groupRoleAttribute" value="cn"/>
                <property name="groupSearchFilter" value="((member={0})(objectClass=group))"/>
                <property name="searchSubtree" value="true"/>
                <!-- Can setup additional external default roles here  <property name="defaultRole" value="LDAP"/> -->
            </bean>
        </constructor-arg>
    </bean>

    <bean id="userSearch"
          class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <constructor-arg index="0">
            <value></value>
        </constructor-arg>
        <constructor-arg index="1">
            <value>((sAMAccountName={0})(objectClass=user))</value>
        </constructor-arg>
        <constructor-arg index="2">
            <ref local="ldapContextSource" />
        </constructor-arg>
        <property name="searchSubtree">
            <value>true</value>
        </property>
    </bean>

    <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
        <constructor-arg value="ldap://hostname:389/dc=domain,dc=local"/>
        <!-- manager user name and password (may not be needed)  -->
        <property name="userDn" value="Administrator"/>
        <property name="password" value="password"/>
    </bean>

Actual Hostname, Domain name and Password have been removed in the above, our AD is set up a bit strangely in that users are spread across several OUs so I've left the branch DN properties empty and attempted to limit the search to entries with a certain objectClass (user or group).

I've enabled debug level logging for org.springframework.security and com.jaspersoft.jasperserver.api.security but I'm not getting anything particularly informative in the logs:

    2013-09-03 10:12:32,882 DEBUG BaseAuthenticationProcessingFilter,http-bio-80-exec-6:252 - Request is to process authentication
    2013-09-03 10:12:32,884 DEBUG ProviderManager,http-bio-80-exec-6:183 - Authentication attempt using org.springframework.security.providers.ldap.LdapAuthenticationProvider
    2013-09-03 10:12:32,888 DEBUG FilterBasedLdapUserSearch,http-bio-80-exec-6:109 - Searching for user 'username', with user search [ searchFilter: '((sAMAccountName={0})(objectClass=user))', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
    2013-09-03 10:12:32,905 DEBUG SpringSecurityLdapTemplate,http-bio-80-exec-6:197 - Searching for entry in under DN 'dc=domain,dc=local', base = '', filter = '((sAMAccountName={0})(objectClass=user))'
    2013-09-03 10:12:32,933 DEBUG ProviderManager,http-bio-80-exec-6:183 - Authentication attempt using com.jaspersoft.jasperserver.api.security.internalAuth.InternalDaoAuthenticationProvider
    2013-09-03 10:12:32,940  WARN LoggerListener,http-bio-80-exec-6:60 - Authentication event AuthenticationFailureBadCredentialsEvent: username; details: org.springframework.security.ui.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F8EA36A4CF952E3DE41E7211B4EB529D; exception: Bad credentials
    2013-09-03 10:12:32,941 DEBUG BaseAuthenticationProcessingFilter,http-bio-80-exec-6:406 - Updated SecurityContextHolder to contain null Authentication
    2013-09-03 10:12:32,941 DEBUG BaseAuthenticationProcessingFilter,http-bio-80-exec-6:412 - Authentication request failed: org.springframework.security.BadCredentialsException: Bad credentials
    2013-09-03 10:12:32,943 DEBUG HttpSessionContextIntegrationFilter,http-bio-80-exec-6:255 - SecurityContextHolder now cleared, as request processing completed

Any suggestions gratefully received, I've played around with the settings in the externalAuth XML file but nothing seems to make a difference to the log or the login failures.

Cheers, Matt

Generally speaking when doing ldap searches on AD the only time a baseless search will work is when talking to the GC.

Try putting in the base of DC=domain,DC=local this should still search over your entire domain .

Also in your user and group searches it appears you are missing the & needed after the first (.

e.g.

<property name="groupSearchFilter" value="(&amp;(member={0})(objectClass=group))"/>

and

<constructor-arg index="1">
    <value>(&amp;(sAMAccountName={0})(objectClass=user))</value>
</constructor-arg>

One last thing that I have seen that helps with the Spring LDAP is to use the DN for the bind account.

e.g.

HTH

Related
Validate a username and password against Active Directory?
What are the differences between LDAP and Active Directory?
How to integrate JasperReports Server and Cassandra
Active Directory LDAP authentication Git Windows Server 2008
OpenSSO and JasperReports Server Integration
Rocketchat LDAP configuration for Jumpcloud
Error when connecting to MS LDAP using Apache LDAP AIP