You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Helge Weissig <he...@grajagan.org> on 2006/04/13 01:08:14 UTC
Turbine, LDAP and Active Directory
Hi,
I am trying to use Turbine with LDAP authentication against an
Active Directory server. The following code snippet fails with a
PasswordMismatchException even though the password is correct. The
problem is that the distinguishedName contains a comma, which is
escaped when passed to TurbineSecurity.getAuthenticatedUser but comes
back as not escaped in the exception (see bottom of post. Names and
places have been changed to protect the innocent: the AD has a
different organization). Has anyone been successful in using AD with
Turbine? This may be an AD configuration problem, since I cannot use
TurbineSecurity.getAuthenticatedUser(username, password) for example,
when setting services.SecurityService.ldap.user.username to
samaccountname.
thanks for any input you may have!
h.
Turbine turbine;
TurbineConfig tc = new TurbineConfig(
"//home/helgew/work/webapps/test",
"/WEB-INF/conf/TurbineResources.properties");
try {
turbine = getTurbine();
turbine.init(tc);
} catch (Exception e) {
log.error("TurbineConfig: Initialization failed", e);
}
String username = "helgew";
String password = "password";
User user = null;
NamingEnumeration ne = null;
try {
DirContext context = LDAPUserManager.bindAsAdmin();
Attributes ats = new BasicAttributes("samaccountname", username);
ne = context.search("ou=Activx Users,dc=activx,dc=com", ats);
while (ne.hasMore()) {
SearchResult result = (SearchResult) ne.next();
Attributes userAttributes = result.getAttributes();
Attribute dn = userAttributes.get("distinguishedName");
distinguishedName = ((String)dn.get(0));
}
} catch (NamingException e1) {
e1.printStackTrace();
}
distinguishedName = distinguishedName.replaceFirst(",[oO][uU].*","");
distinguishedName = distinguishedName.replaceFirst("[cC][nN]=","");
System.out.println(distinguishedName); # prints 'Weissig\, Helge',
note the escaped comma!
try {
user = TurbineSecurity.getAuthenticatedUser(distinguishedName,
password);
} catch (DataBackendException e) {
e.printStackTrace();
} catch (UnknownEntityException e) {
e.printStackTrace();
} catch (PasswordMismatchException e) {
e.printStackTrace();
}
stack trace generated, note the absence of the slash to escape the
comma.
org.apache.turbine.util.security.PasswordMismatchException: The given
password for: cn=Weissig, Helge,ou=Users,dc=grajagan,dc=org is invalid
at
org.apache.turbine.services.security.ldap.LDAPUserManager.authenticate
(LDAPUserManager.java:416)
at
org.apache.turbine.services.security.ldap.LDAPUserManager.retrieve
(LDAPUserManager.java:328)
at
org.apache.turbine.services.security.BaseSecurityService.getAuthenticate
dUser(BaseSecurityService.java:691)
at
org.apache.turbine.services.security.TurbineSecurity.getAuthenticatedUse
r(TurbineSecurity.java:263)
at org.grajagan.test.playground.TestTurbineInit.main
(TestTurbineInit.java:123)
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: Turbine, LDAP and Active Directory
Posted by Thomas Vandahl <tv...@apache.org>.
Helge Weissig wrote:
> organization). Has anyone been successful in using AD with Turbine? This
> may be an AD configuration problem, since I cannot use
> TurbineSecurity.getAuthenticatedUser(username, password) for example,
> when setting services.SecurityService.ldap.user.username to samaccountname.
Which version of Turbine do you use? The latest 2.3.2 needs only a
little bit of configuration and one change in LDAPUser (just derive and
override one method) to work with Active Directory.
When I'm at work tomorrow, I will try to find my configuration and post
it here.
Bye, Thomas.
PS: In the versions of Turbine below 2.3 there used to be all sorts of
trouble with the LDAP security service. So try to avoid this if at all
possible.
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org