We have a Spring application authenticating with Acegi. It is trying to
access Microsoft Active
Directory via LDAP. I've seen some documention describing this
configuration but it's not
alot of details.
We are getting an Authentication object back. It does not have any granted
authorities.
We can log in, but are not allowed access to the first available page.
Are there no roles defined in Active Directory? Is it not wired up
correctly to translate
the existing roles into the Authentication object?
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="ldapProvider"/>
<!--ref local="daoAuthenticationProvider"/-->
<ref local="anonymousAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="ldapProvider"
class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="initialDirContextFactory"/>
<property name="userSearch" ref="userSearch"/>
<property name="userDetailsMapper"
ref="ldapUserDetailsMapper"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="initialDirContextFactory"/>
<constructor-arg value=""/>
<property name="groupRoleAttribute" value="CN"/>
<property name="groupSearchFilter"
value="(&(objectclass=groupOfUniqueNames)(uniqueMember={0}))"/>
<property name="searchSubtree" value="true"/>
<property name="rolePrefix" value=""/>
<property name="convertToUpperCase" value="true"/>
</bean>
</constructor-arg>
</bean>
<bean id="initialDirContextFactory"
class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
<constructor-arg value="${ldap.url}/${ldap.base}"/>
<property name="managerDn" value="${ldap.username}"/>
<property name="managerPassword" value="${ldap.password}"/>
<!--
<property name="extraEnvVars">
<map>
<entry key="java.naming.referral">
<value>follow</value>
</entry>
</map>
</property>
-->
</bean>
<bean id="userSearch"
class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="initialDirContextFactory"/>
<property name="searchSubtree" value="true"/>
</bean>
<bean id="ldapUserDetailsMapper"
class="org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper">
<property name="rolePrefix" value=""/>
</bean>
<bean id="passwordEncoder"
class="org.acegisecurity.providers.ldap.authenticator.LdapShaPasswordEncoder"/>
--
View this message in context:
http://www.nabble.com/Granted-Authorities-tf4738674s2369.html#a13551451
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
