Trying to figure what the LDAP problem is:
Leonard Kroll
Leonard.Kroll at umb.edu
Mon Sep 26 16:01:10 BST 2011
Hi, I got the DN to work when Binding a user to perform the LDAP lookup.
I am using MS LDAP if that makes any difference.
But I get the email and DN error that follows. Any Ideas?
I would like to authenticate against either the email address or the
sAMAddressName in the ldap.
<resolver:AttributeDefinition xsi:type="ad:Simple" id="email"
sourceAttributeID="mail">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String"
name="urn:mace:dir:attribute-def:mail" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
</resolver:AttributeDefinition>
10:47:22.385 - INFO [edu.vt.middleware.ldap.auth.SearchDnResolver:161] -
Search for user: Aaaaaaa.bbbbbbb at umb.edu fail
ed using filter: email={0}
10:47:22.386 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:136] -
Authentication failed javax.naming.AuthenticationException: Cannot
authenticate dn, invalid dn
10:47:22.375 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:83] -
Created authenticator:
edu.vt.middleware.ldap.auth.AuthenticatorConfig at 26192386::env={java.nami
ng.provider.url=ldap://xxx.xxx.xxx.xxx3 ldap://xxx.xxx.xxx.xxx4,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}
10:47:22.375 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:412] -
Begin getCredentials
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:413] -
useFistPass = false
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:414] -
tryFistPass = false
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:415] -
useCallback = false
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:416] -
callbackhandler class =
javax.security.auth.login.LoginContext$SecureCallbackHandler
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:419] -
name callback class = javax.security.auth.callback.NameCallback
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:421] -
password callback class = javax.security.auth.callback.PasswordCallback
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:102]
- Looking up DN using userFilter
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:193]
- Search with the following parameters:
:
10:47:22.372 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:188] -
principalGroupName = null
10:47:22.372 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:189] -
roleGroupName = null
10:47:22.372 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:77] -
userRoleAttribute = []
10:47:22.373 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
searchScope: ONELEVEL
10:47:22.374 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:427] - setting
subtreeSearch: true
10:47:22.374 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
searchScope: SUBTREE
10:47:22.374 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1370] - setting baseDn:
OU=sssss,DC=dddddd,DC=net
10:47:22.374 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1168] - setting
ldapUrl: ldap://xxx.xxx.xxx.xxx3 ldap://xxx.xxx.xxx.xxx4
10:47:22.375 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1276] - setting bindDn:
CN=aaaaaaa bbbbbb,OU=sssss,DC=dddddd,DC=net
10:47:22.375 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:290] - setting
userFilter: email={0}
10:47:22.375 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1309] - setting
bindCredential: <suppressed>
10:47:22.375 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:83] -
Created authenticator:
edu.vt.middleware.ldap.auth.AuthenticatorConfig at 26192386::env={java.nami
ng.provider.url=ldap://xxx.xxx.xxx.xxx3 ldap://xxx.xxx.xxx.xxx4,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}
10:47:22.375 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:412] -
Begin getCredentials
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:413] -
useFistPass = false
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:414] -
tryFistPass = false
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:415] -
useCallback = false
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:416] -
callbackhandler class =
javax.security.auth.login.LoginContext$SecureCallbackHandler
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:419] -
name callback class = javax.security.auth.callback.NameCallback
10:47:22.376 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:421] -
password callback class = javax.security.auth.callback.PasswordCallback
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:102]
- Looking up DN using userFilter
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:193]
- Search with the following parameters:
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:194]
- dn = OU=sssss,DC=dddddd,DC=net
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:195]
- filter = email={0}
10:47:22.377 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:196]
- filterArgs = [Aaaaaaa.bbbbbbb at umb.edu]
10:47:22.378 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:197]
- searchControls = javax.naming.directory.
SearchControls at e26d2e
10:47:22.378 - DEBUG [edu.vt.middleware.ldap.auth.SearchDnResolver:198]
- handler = [edu.vt.middleware.ldap.handle
r.FqdnSearchResultHandler at 16e1ccd]
10:47:22.378 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200]
- config = {java.naming.provider.url=ldap:
//xxx.xxx.xxx.xxx3 ldap://xxx.xxx.xxx.xxx4,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}
10:47:22.378 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: DEFA
ULT
10:47:22.378 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] - setting
connectionRetryExceptio
ns: [class javax.naming.NamingException]
10:47:22.378 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {0}
Attempting connection to ldap://xxx.xxx.xxx.xxx3 ldap://xxx.xxx.xxx.xxx4
for strategy DEFAULT
10:47:22.379 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind with
the following paramete
rs:
10:47:22.379 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
10:47:22.379 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
CN=Aaaaaaa bbbbb,OU=sssss
,DC=umassb,DC=net
10:47:22.379 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
10:47:22.379 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://xxx.xxx.xxx.xxx3
ldap://xxx.xxx.xxx.xxx4}
10:47:22.385 - INFO [edu.vt.middleware.ldap.auth.SearchDnResolver:161] -
Search for user: Aaaaaaa.bbbbbbb at umb.edu fail
ed using filter: email={0}
10:47:22.386 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:136] -
Authentication failed
javax.naming.AuthenticationException: Cannot authenticate dn, invalid dn
at
edu.vt.middleware.ldap.auth.AbstractAuthenticator.authenticateAndAuthori
ze(AbstractAuthenticator.java:160
) ~[vt-ldap-3.3.4.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthentic
ator.java:74) ~[vt-ldap-3.3.4.jar
:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.jav
a:320) ~[vt-ldap-3.3.4.jar:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.jav
a:277) ~[vt-ldap-3.3.4.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthentic
ator.java:60) ~[vt-ldap-3.3.4.jar
:na]
Leonard Kroll
UNIX / GIS Administrator
Univ. Massachusetts Boston
Leonard(dot)Kroll(at)umb.edu <mailto:at at umb.edu>
Phone: 617-287-5048
fax: 617-287-5224
________________________________
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Daniel Fisher
Sent: Friday, September 23, 2011 4:39 PM
To: Shib Users
Subject: Re: Trying to figure where the problem is:
On Fri, Sep 23, 2011 at 4:09 PM, Leonard Kroll <Leonard.Kroll at umb.edu>
wrote:
I am new to the LDAP world.
Ok, I am now using the full DN in the bindDN field, I get an
error 32, which means no data found.
Ldapsearch reads the LDAP fine using the same DN.
CN=aaaa bbbb, OU=sssssss,dc=umassb, dc=net.
Any Ideas how to get around this problem.
16:00:24.348 - TRACE
[edu.vt.middleware.ldap.auth.SearchDnResolver:200] - config =
{java.naming.provider.url=ldap://xxx.xxx.xxx.xxx ldap://xxx.xxx.xxx.xxx,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
baseDN=dc=umassb,dc=net}
Looks like you're setting 'baseDN', that should be 'baseDn'. Not sure if
that's your only problem, but fix that and report back.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110926/87acf5ff/attachment-0001.html
More information about the users
mailing list