CMDBuild Forum

AD/LDAP Authentication

Old Versions
#1

Good day,

 

We have installed openmaint as per instructions provided and have the application working apart from one function, LDAP Aunthentication. We are running an Active Directory server from Microsoft, have configured the bind account using similar setups we have for AD authentication on other systems.

I do not know what else to check, I have switched on debug option to have a more in-depth look at what might be wrong but nothing is popping up. We have verified that the bind/service account is not locked and have the rights required.

Here is our auth.conf file

## Authentication method chain (the first match stops the auth chain)
#auth.methods=HeaderAuthenticator,CasAuthenticator,LdapAuthenticator,DBAuthenticator
auth.methods=LdapAuthenticator,DBAuthenticator

#force.ws.password.digest=true

##
## HEADER
##

#header.attribute.name=username

##
## CAS
##

#cas.server.url=https://casserver/cas
#cas.login.page=/login
#cas.service.param=service
#cas.ticket.param=ticket

##
## LDAP
##

ldap.server.address=hostname.intranet.domain.na
ldap.server.port=389
ldap.use.ssl=false
ldap.basedn=OU=Company,DC=intranet,DC=domain,DC=na
ldap.bind.attribute=sAMAccountName

#ldap.search.filter=(&(objectClass=myclass1)(objectClass=myclass2))
##Accept only none (anonymous bind) and simple (simple bind)
#ldap.search.auth.method=none
##This section is only for simple bind
ldap.search.filter=(objectCategory=person)
ldap.search.auth.method=simple
ldap.search.auth.principal=CN=user,OU=service,OU=Domain Management,DC=intranet,DC=domain,DC=na
#ldap.search.auth.principal=user@domain.na
ldap.search.auth.password=Password

 

Your assistance is highly appreciated.

 

Regards,

#2

Here are some of the logs:

INFO  2016-04-04 09:22:11 [jsonrpc ] Calling url /login/login

INFO  2016-04-04 09:22:11 [cmdbuild] trying to login user userb with group nul                                                                                                                                                             l

DEBUG 2016-04-04 09:22:11 [auth    ] restoring defaults

DEBUG 2016-04-04 09:22:11 [auth    ] LDAP generated search query: (&(objectCategory=person)(sAMAccountName=userb))

WARN  2016-04-04 09:22:11 [auth    ] cannot authenticate user 'userb' on LDAP

ERROR 2016-04-04 09:22:11 [cmdbuild] Login failed

ERROR 2016-04-04 09:22:11 [jsonrpc ] A org.cmdbuild.exception.AuthException occurred calling method class org.cmdbuild.servlets.json.Login.login: AUTH_LOGIN_WRONG

 

 

Call: services/json/login/login

--------------------------------

Error: org.cmdbuild.exception.AuthException: AUTH_LOGIN_WRONG

    at org.cmdbuild.exception.AuthException$AuthExceptionType.createException(AuthException.java:24)

    at org.cmdbuild.logic.auth.DefaultAuthenticationLogic.login(DefaultAuthenticationLogic.java:147)

    at org.cmdbuild.servlets.json.Login.login(Login.java:37)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:497)

    at org.cmdbuild.servlets.JSONDispatcher.dispatch(JSONDispatcher.java:101)

    at org.cmdbuild.servlets.JSONDispatcher.doPost(JSONDispatcher.java:61)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.cmdbuild.filters.AuthFilter.doFilter(AuthFilter.java:158)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.cmdbuild.filters.PatchManagerFilter.doFilter(PatchManagerFilter.java:48)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.cmdbuild.filters.ConfCheckFilter.doFilter(ConfCheckFilter.java:31)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.cmdbuild.filters.TranslationFilter.doFilter(TranslationFilter.java:52)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.cmdbuild.filters.LocalizationFilter.doFilter(LocalizationFilter.java:148)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

    at java.lang.Thread.run(Thread.java:745)