You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by 0xsven <0x...@gmail.com> on 2010/11/03 16:47:23 UTC

Authentication with AD/LDAP problem

Hi guys,

I use my realm, which extends ActiveDirectoryRealm to authenticate my users
via an Active Directory. I did only override the method dogetAuthorizaion()
which provides my roles out of my database. 

I didn't touch dogetAthentication() ! 

So here is the problem:
If I use the right credentials --> It works, and I can enter
If I use the right username, but wrong password --> it works, and doesn't
let me pass
If i use a username, that doesn't exist in the AD in combination with or
without a passwort --> I can enter !!!

That shouldn't happen -.- 


Does somebody has an idea? what's my mistake? where could it be? 

Thank you for any help :-)
-- 
View this message in context: http://shiro-user.582556.n2.nabble.com/Authentication-with-AD-LDAP-problem-tp5701874p5701874.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Authentication with AD/LDAP problem

Posted by 0xsven <0x...@gmail.com>.

I tried it, and I git the same problem with Shiro 1.1 and JndiLdapRealm !

Any further suggestions/advices? :-)
-- 
View this message in context: http://shiro-user.582556.n2.nabble.com/Authentication-with-AD-LDAP-problem-tp5701874p5704762.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Authentication with AD/LDAP problem

Posted by 0xsven <0x...@gmail.com>.

I am using INI and here is my config:

   [main]
	MyRealm = de.spirit21.studentenportal.common.util.MyRealm
	MyRealm.systemUsername = *****
	MyRealm.systemPassword = *****
	MyRealm.searchBase = *****
	MyRealm.url = *****

I masked most parts of the config because of security issues :-)

Next step is: I gonna try the new realm...
-- 
View this message in context: http://shiro-user.582556.n2.nabble.com/Authentication-with-AD-LDAP-problem-tp5701874p5704333.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Authentication with AD/LDAP problem

Posted by Les Hazlewood <lh...@apache.org>.

Hi Sven,

Can we see your active directory realm configuration?  Are you using
INI or Spring?

Also, I would try the org.apache.shiro.realm.ldap.JndiLdapRealm for
JNDI/AD-based authentication.  This is a new class added in Shiro 1.1.

Les

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com