Thanks,
I've modifier the LDAP config in your file, and change the search on
sAMAccountName rather that the mail.
And it still does the same thing : i can login with the roller pwd, but with my
ldap pwd, it does not work.
The logs are still the same. No return from the LDAP, and directly the dao
authentification :(
DEBUG 2006-12-06 13:02:44,929 AbstractProcessingFilter:doFilter - Request is to
process authentication
DEBUG 2006-12-06 13:02:44,929 ProviderManager:doAuthentication - Authentication
attempt using org.acegisecurity.providers.ldap.LdapAuthenticationProvider
DEBUG 2006-12-06 13:02:44,929 EhCacheBasedUserCache:getUserFromCache - Cache
hit: false; username: ebardoux
DEBUG 2006-12-06 13:02:44,939 LdapAuthenticationProvider:retrieveUser -
Retrieving user ebardoux
DEBUG 2006-12-06 13:02:44,939 DefaultInitialDirContextFactory:connect -
Creating InitialDirContext with environment
{java.naming.provider.url=ldap://ldap.fr.pasteur.aventis.com:389/dc=pasteur,dc=aventis,dc=com,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=FRMS-WEBPLATFORM,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.credentials=******, java.naming.referral=follow}
DEBUG 2006-12-06 13:02:44,939 FilterBasedLdapUserSearch:searchForUser -
Searching for user 'ebardoux', in context [EMAIL PROTECTED], with user search [
searchFilter: '(sAMAccountName={0})', searchBase: '', scope:
subtreesearchTimeLimit: 0derefLinkFlag: false ]
DEBUG 2006-12-06 13:02:44,939 DefaultInitialDirContextFactory:connect -
Creating InitialDirContext with environment
{java.naming.provider.url=ldap://ldap.fr.pasteur.aventis.com:389/dc=pasteur,dc=aventis,dc=com,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=FRMS-WEBPLATFORM,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.credentials=******, java.naming.referral=follow}
DEBUG 2006-12-06 13:03:06,050 ProviderManager:doAuthentication - Authentication
attempt using org.acegisecurity.providers.dao.DaoAuthenticationProvider
DEBUG 2006-12-06 13:03:06,050 EhCacheBasedUserCache:getUserFromCache - Cache
hit: false; username: ebardoux
-----Message d'origine-----
De : Thomas Hofmann [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 6 décembre 2006 12:20
À : [email protected]
Objet : RE: TR: Problem with LDAP
Hi ,
SECURITY.XML attached . This is the version that authenticates against LDAp but
retrieves userrights from rollerdb I have put 2 small comments in :
http://www.nabble.com/file/4477/security.xml security.xml
-Thomas
zeldamo wrote:
>
> Could you attach your security.xml file to help me?
> Thanks
> Eric
>
> ----
> HI,
>
> after finally getting my installation to work and having looked at
> those lofile messages for quite a while ....
>
> Using the Acegi LDAP implementation the tasks to get user access is
> split into two parts.
>
> -Authentication - thus identifying the user by username/password
> credentials -Autorisation - retrieving the users rights
>
> it looks like your configuration does not have an Autorisation bean
> set up in the Acegi LDAP section.
>
> It really depends if your user roles are held in the LDAP or in
> rollerdb to tell how the configuration should look like.
>
> -Thomas
>
>
> zeldamo wrote:
>>
>>
>> Hi all,
>> I was trying to connect my roller 3.0 to LDAP.
>> I've all set up correctly (i think), and there is something strange
>> in the logs :
>>
>> DEBUG 2006-12-04 17:35:32,288 AbstractProcessingFilter:doFilter -
>> Request is to process authentication DEBUG 2006-12-04 17:35:32,290
>> ProviderManager:doAuthentication - Authentication attempt using
>> org.acegisecurity.providers.ldap.LdapAuthenticationProvider
>> DEBUG 2006-12-04 17:35:32,299 EhCacheBasedUserCache:getUserFromCache
>> - Cache hit: false; username: ebardoux DEBUG 2006-12-04 17:35:32,301
>> LdapAuthenticationProvider:retrieveUser - Retrieving user ebardoux
>> DEBUG
>> 2006-12-04 17:35:32,304 DefaultInitialDirContextFactory:connect -
>> Creating InitialDirContext with environment
>> {java.naming.provider.url=ldap://ldap.pasteur.aventis.com:389/DC=past
>> e
>> ur
>> ,DC=aventis,DC=com,
>> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>> java.naming.security.principal=FRMS-WEBPLATFORM,
>> com.sun.jndi.ldap.connect.pool=true,
>> java.naming.security.authentication=simple,
>> java.naming.security.credentials=******, java.naming.referral=follow}
>> DEBUG 2006-12-04 17:35:32,476 ProviderManager:doAuthentication -
>> Authentication attempt using
>> org.acegisecurity.providers.dao.DaoAuthenticationProvider
>>
>>
>> As you can see, Roller tries first to authenticate through LDAP, but
>> there is no information about what came back from ldap, and it goes
>> on dao authentification (which will fail because i don't use the
>> right
>> password...)
>>
>> Any idea?
>>
>> Eric
>> ---------------------------------------------------------------------
>> -
>> --------------------- "Cette communication (y compris les pieces
>> jointes) est reservee a l'usage exclusif du destinataire (des
>> destinataires) et peut contenir des informations privilegiees,
>> confidentielles, exemptees de divulgation selon la loi ou protegees
>> par les droits d'auteur. Si vous n'etes pas un destinataire, toute
>> utilisation, divulgation, distribution, reproduction, examen ou copie
>> (totale ou partielle) est non-autorisee et peut etre illegale. Tout
>> message electronique est susceptible d'alteration et son integrite ne
>> peut etre assuree. Sanofi Pasteur decline toute responsabilite au
>> titre de ce message s'il a ete modifie ou falsifie. Si vous n'etes
>> pas destinataire de ce message, merci de le detruire immediatement et
>> d'avertir l'expediteur de l'erreur de distribution et de la
>> destruction du message. Merci.
>> This transmission (including any attachments) is intended solely for
>> the use of the addressee(s) and may contain confidential information
>> including trade secrets which are privileged, confidential, exempt
>> from disclosure under applicable law and/or subject to copyright. If
>> you are not an intended recipient, any use, disclosure, distribution,
>> reproduction, review or copying (either whole or partial) is
>> unauthorized and may be unlawful. E-mails are susceptible to
>> alteration and their integrity cannot be guaranteed.Sanofi Pasteur
>> shall not be liable for this e-mail if modified or falsified. If you
>> are not the intended recipient of this e-mail, please delete it
>> immediately from your system and notify the sender of the wrong
>> delivery and the mail deletion. Thank you."
>> *********************************************************************
>> *
>>
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/TR%3A-Problem-with-LDAP-tf2761760s12275.html#a77
> 16217 Sent from the Roller - Dev mailing list archive at Nabble.com.
>
> ----------------------------------------------------------------------
> --------------------- "Cette communication (y compris les pieces
> jointes) est reservee a l'usage exclusif du destinataire (des
> destinataires) et peut contenir des informations privilegiees,
> confidentielles, exemptees de divulgation selon la loi ou protegees
> par les droits d'auteur. Si vous n'etes pas un destinataire, toute
> utilisation, divulgation, distribution, reproduction, examen ou copie
> (totale ou partielle) est non-autorisee et peut etre illegale. Tout
> message electronique est susceptible d'alteration et son integrite ne
> peut etre assuree. Sanofi Pasteur decline toute responsabilite au
> titre de ce message s'il a ete modifie ou falsifie. Si vous n'etes pas
> destinataire de ce message, merci de le detruire immediatement et
> d'avertir l'expediteur de l'erreur de distribution et de la
> destruction du message. Merci.
> This transmission (including any attachments) is intended solely for
> the use of the addressee(s) and may contain confidential information
> including trade secrets which are privileged, confidential, exempt
> from disclosure under applicable law and/or subject to copyright. If
> you are not an intended recipient, any use, disclosure, distribution,
> reproduction, review or copying (either whole or partial) is
> unauthorized and may be unlawful. E-mails are susceptible to
> alteration and their integrity cannot be guaranteed.Sanofi Pasteur
> shall not be liable for this e-mail if modified or falsified. If you
> are not the intended recipient of this e-mail, please delete it
> immediately from your system and notify the sender of the wrong delivery and
> the mail deletion. Thank you."
> **********************************************************************
>
>
>
--
View this message in context:
http://www.nabble.com/TR%3A-Problem-with-LDAP-tf2761760s12275.html#a7717509
Sent from the Roller - Dev mailing list archive at Nabble.com.
-------------------------------------------------------------------------------------------
"Cette communication (y compris les pieces jointes) est reservee a l'usage
exclusif du destinataire (des destinataires) et peut contenir des informations
privilegiees, confidentielles, exemptees de divulgation selon la loi ou
protegees par les droits d'auteur. Si vous n'etes pas un destinataire, toute
utilisation, divulgation, distribution, reproduction, examen ou copie (totale
ou partielle) est non-autorisee et peut etre illegale. Tout message
electronique est susceptible d'alteration et son integrite ne peut etre
assuree. Sanofi Pasteur decline toute responsabilite au titre de ce message
s'il a ete modifie ou falsifie. Si vous n'etes pas destinataire de ce message,
merci de le detruire immediatement et d'avertir l'expediteur de l'erreur de
distribution et de la destruction du message. Merci.
This transmission (including any attachments) is intended solely for the use of
the addressee(s) and may contain confidential information including trade
secrets which are privileged, confidential, exempt from disclosure under
applicable law and/or subject to copyright. If you are not an intended
recipient, any use, disclosure, distribution, reproduction, review or copying
(either whole or partial) is unauthorized and may be unlawful. E-mails are
susceptible to alteration and their integrity cannot be guaranteed.Sanofi
Pasteur shall not be liable for this e-mail if modified or falsified. If you
are not the intended recipient of this e-mail, please delete it immediately
from your system and notify the sender of the wrong delivery and the mail
deletion. Thank you."
**********************************************************************
