You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by GLoureiro <gi...@iol.pt> on 2014/01/28 12:42:09 UTC
Bind error while searching Active Directory
Hello all,
I'm triyng to connect into an AD , authenticate a user and get attribute
values.
With code bellow I succeed in user authentication, but when I try to make
the search I get the "perform this operation a successful bind must be
completed on the connection" error (see bellow). I've googled a lot, but no
solution found.... anyone can help?
Kr,
NRC
-----------------------------------------------------------------------------------------
final JndiLdapContextFactory contextFactory = new
JndiLdapContextFactory();
contextFactory.setUrl("ldap://localhost:389/DC=doc,DC=com");
contextFactory.setSystemUsername("geanes@doclog.com");
contextFactory.setSystemUsername("a1b2c3d4!");
ActiveDirectoryRealm ldapRealm = new ActiveDirectoryRealm();
ldapRealm.setLdapContextFactory(contextFactory);
ldapRealm.setSearchBase("DC=doclog,DC=com");
ldapRealm.setSystemUsername("geanes@doclog.com");
ldapRealm.setSystemUsername("a1b2c3d4!");
Hashtable rolesvsGroups = new Hashtable<>();
rolesvsGroups.put( "admins","ADMIN");
rolesvsGroups.put( "powerusers","PWUSER");
ldapRealm.setGroupRolesMap(rolesvsGroups );
ldapRealm.init();
LdapContext ldapContext =
contextFactory.getSystemLdapContext();
SecurityManager securityManager = new
DefaultSecurityManager(ldapRealm);
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
AuthenticationToken authenticationToken = new
UsernamePasswordToken("geanes@doclog.com", "a1b2c3d4!");
currentUser.login(authenticationToken);
}
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = { "internationaliSDNNumber",
"sn"};
constraints.setReturningAttributes(attrIDs);
NamingEnumeration answer = ldapContext.search("DC=doclog,DC=com",
"uid="+ "geanes", constraints);
if (answer.hasMore()) {
Attributes attrs = ((SearchResult)
answer.next()).getAttributes();
logger.info(attrs.get("internationaliSDNNumber"));
logger.info(attrs.get("sn"));
logger.info(currentUser.hasRole("PWUSER"));
}else{
throw new Exception("Error getting user properties");
}
logger.info("User [" + currentUser.getPrincipal() +"] logged
succesfully");
--------------------------------------------------------------------------------------------------
Exception in thread "main" javax.naming.NamingException: [LDAP: error code 1
- 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0,
v1db1
--------------------------------------------------------------------------------------------------
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Bind-error-while-searching-Active-Directory-tp7579587.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Bind error while searching Active Directory
Posted by GLoureiro <gi...@iol.pt>.
Hello all,
No comment... change from:
contextFactory.setSystemUsername("geanes@doclog.com");
contextFactory.setSystemUsername("a1b2c3d4!");
to:
contextFactory.setSystemUsername("geanes@doclog.com");
contextFactory.setSystemPassword("a1b2c3d4!");
Sorry.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Bind-error-while-searching-Active-Directory-tp7579587p7579687.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Bind error while searching Active Directory
Posted by GLoureiro <gi...@iol.pt>.
I've changed the user to administrator, to try despite permissions issues,
but error persists.
I've used those tools to browse:
ADExplorer (http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx)
with administrator user I can browse everything
ActiveDirectoryBrowser (http://sourceforge.net/projects/adb/) I can just
browse with administrator user the cn=users,dc=doclog,dc=com. But with Java
code I'm not able to browse this DN...
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Bind-error-while-searching-Active-Directory-tp7579587p7579593.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Bind error while searching Active Directory
Posted by Brian Demers <br...@gmail.com>.
Does that user have access to that branch of your LDAP tree? ( can you log
in with another tool and do the same query?)
On Tue, Jan 28, 2014 at 6:42 AM, GLoureiro <gi...@iol.pt> wrote:
> Hello all,
>
> I'm triyng to connect into an AD , authenticate a user and get attribute
> values.
>
> With code bellow I succeed in user authentication, but when I try to make
> the search I get the "perform this operation a successful bind must be
> completed on the connection" error (see bellow). I've googled a lot, but no
> solution found.... anyone can help?
>
> Kr,
> NRC
>
>
> -----------------------------------------------------------------------------------------
>
> final JndiLdapContextFactory contextFactory = new
> JndiLdapContextFactory();
>
>
> contextFactory.setUrl("ldap://localhost:389/DC=doc,DC=com");
> contextFactory.setSystemUsername("geanes@doclog.com");
> contextFactory.setSystemUsername("a1b2c3d4!");
>
> ActiveDirectoryRealm ldapRealm = new
> ActiveDirectoryRealm();
> ldapRealm.setLdapContextFactory(contextFactory);
>
> ldapRealm.setSearchBase("DC=doclog,DC=com");
> ldapRealm.setSystemUsername("geanes@doclog.com");
> ldapRealm.setSystemUsername("a1b2c3d4!");
>
> Hashtable rolesvsGroups = new Hashtable<>();
> rolesvsGroups.put( "admins","ADMIN");
> rolesvsGroups.put( "powerusers","PWUSER");
> ldapRealm.setGroupRolesMap(rolesvsGroups );
>
> ldapRealm.init();
>
> LdapContext ldapContext =
> contextFactory.getSystemLdapContext();
> SecurityManager securityManager = new
> DefaultSecurityManager(ldapRealm);
> SecurityUtils.setSecurityManager(securityManager);
> Subject currentUser = SecurityUtils.getSubject();
>
> if (!currentUser.isAuthenticated()) {
> AuthenticationToken authenticationToken = new
> UsernamePasswordToken("geanes@doclog.com", "a1b2c3d4!");
> currentUser.login(authenticationToken);
> }
>
> SearchControls constraints = new SearchControls();
> constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
> String[] attrIDs = { "internationaliSDNNumber",
> "sn"};
> constraints.setReturningAttributes(attrIDs);
> NamingEnumeration answer = ldapContext.search("DC=doclog,DC=com",
> "uid="+ "geanes", constraints);
> if (answer.hasMore()) {
> Attributes attrs = ((SearchResult)
> answer.next()).getAttributes();
> logger.info(attrs.get("internationaliSDNNumber"));
> logger.info(attrs.get("sn"));
> logger.info(currentUser.hasRole("PWUSER"));
>
>
> }else{
> throw new Exception("Error getting user properties");
> }
> logger.info("User [" + currentUser.getPrincipal() +"]
> logged
> succesfully");
>
> --------------------------------------------------------------------------------------------------
>
> Exception in thread "main" javax.naming.NamingException: [LDAP: error code
> 1
> - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
> operation a successful bind must be completed on the connection., data 0,
> v1db1
>
>
>
> --------------------------------------------------------------------------------------------------
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Bind-error-while-searching-Active-Directory-tp7579587.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>