Ldap authentication problem

Hi,

I have trouble in setting ldap authentication. When I use cn it works fine, but after I switch cn to another attribute it doesnt. My working configuration:

URL: ldap://dc1.wan.company.com:389/DC=wan,DC=company,DC=com

Transform: cn=$login$,OU=Company Com Users,OU=Company,DC=wan,DC=company,DC=com

Query: (cn=$login$)

Settings above give me positive authentication but since we keep in cn first name and last name id like to use sAMAccountName instead so I'm changing above configuration to:

URL: ldap://dc1.wan.company.com:389/DC=wan,DC=company,DC=com

Transform: sAMAccountName=$login$,OU=Company Com Users,OU=Company,DC=wan,DC=company,DC=com

Query: (sAMAccountName=$login$)

and the result is error:  "[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece□]"

What am i doing wrong ? (using youtrack 3.0.4)

logs:

11:49:18,365 WARN  [gsDialog_HtmlTemplateComponent] [Dlg.test:click]] LDAP error while testing connection:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece^@]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
        at jetbrains.charisma.ldap.main.LdapAuthenticationModule.ldapLogin(LdapAuthenticationModule.java:124)
        at jetbrains.charisma.ldap.ui.TestLdapSettingsDialog_HtmlTemplateComponent.test(TestLdapSettingsDialog_HtmlTemplateComponent.java:485)
        at jetbrains.charisma.ldap.ui.TestLdapSettingsDialog_HtmlTemplateComponent.access$000(TestLdapSettingsDialog_HtmlTemplateComponent.java:35)
        at jetbrains.charisma.ldap.ui.TestLdapSettingsDialog_HtmlTemplateComponent$1.invoke(TestLdapSettingsDialog_HtmlTemplateComponent.java:68)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateEventHandler.handle(TemplateEventHandler.java:32)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateComponent.doNewHandleEvent(TemplateComponent.java:731)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateComponent.newHandleByEventHandlers(TemplateComponent.java:685)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateComponent.newHandleByEventHandlers(TemplateComponent.java:683)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateComponent.newHandleByEventHandlers(TemplateComponent.java:683)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateComponent.newHandleByEventHandlers(TemplateComponent.java:683)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateComponent.newHandleEvent(TemplateComponent.java:656)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateActionController.handleEventImpl(TemplateActionController.java:112)
        at jetbrains.mps.webr.runtime.templateComponent.TemplateActionController.handleEvent(TemplateActionController.java:101)
        at jetbrains.mps.webr.runtime.requestProcessor.EventRequestProcessor.processRequest(EventRequestProcessor.java:75)
        at jetbrains.mps.webr.runtime.servlet.MainServlet.processRequest(MainServlet.java:198)
        at jetbrains.mps.webr.runtime.servlet.MainServlet.doGet(MainServlet.java:93)
        at jetbrains.mps.webr.runtime.servlet.MainServlet.doPost(MainServlet.java:167)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:533)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1351)
        at jetbrains.mps.webr.runtime.filter.QueryParameterFilter.doFilter(QueryParameterFilter.java:25)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322)
        at org.eclipse.jetty.continuation.ContinuationFilter.doFilter(ContinuationFilter.java:111)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322)
        at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:77)
        at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:133)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:473)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:514)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:920)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:403)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:184)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:856)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)
        at org.eclipse.jetty.server.Server.handle(Server.java:352)
        at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:596)
        at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1066)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:805)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)
        at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:426)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:510)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.access$000(SelectChannelEndPoint.java:34)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:450)
        at java.lang.Thread.run(Thread.java:619)

8 comments
Comment actions Permalink

Try logging in with full DN (i. e. "COMPANY\user" instead of "user")

0
Comment actions Permalink

Since my full DN is cn=$login$,OU=Company Com Users,OU=Company,DC=wan,DC=company,DC=com

What should I use ? only Company ? If yes, its not working.

0
Comment actions Permalink

No, I mean the "windows logon domain".

0
Comment actions Permalink

We dont use windows domain.

0
Comment actions Permalink

Sorry for delay.

Try empty transform and tell me the error.

0
Comment actions Permalink

When I use empty transform with query: cn=$login$ I'm able to login usung my full name. When I change query string to sAMAccountName=$login$ , I cant use my login, error:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece□]

I also realized then in both cases I'm able to login using my email address (which is another value in LDAP).

0
Comment actions Permalink

I finally got my ldap authentication to work. I didn't see a direct solution so I though I would put this up more for comments than anything else.

First of all I have been told by our admin that we arenot setup like most companies. I tried many diffrent settings and logins. I finally was able to log in with just the URL filled in and everthing alse blank.

the URLlooks like the one in the example. But this only worked using my full email address (username@OurEmailAddresss). Once I changed the transform to $login$@OurEmailAddresss then i could login using just my username. Seems simple now but I am not sure what all the DC=companyname, DC=com stuff comes in for the transformation. Like we are diffrent but this works.

So I guess in short if you can get logged in using email or something close then put that stuff in the transform and use $login$ where the username will go.

Hope this helps someone.

0
Comment actions Permalink
Hi all,

It seems, that I have a similar problem.

I use this URL:
ldap://ldap.company.com:389/ou=users,ou=others,dc=company,dc=com

And we have DN like cn=SecondName\, FirstName,ou=users,ou=others,dc=company,dc=com.

When I try to use
transform: sAMAccountName=$login$,ou=users,ou=others,dc=company,dc=com
query: (sAMAccountName=$login$)
I have an error [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] which is “invalid credentials”.

But if I use the following values:
transform: cn=Olendarenko\, Sergey,ou=users,ou=others,dc=company,dc=com (I specified my name explicitly)
query: (sAMAccountName=$login$)
I'm able to use my login (only mine of course). And this is the only successful combination of Transform/Query I've found.

So, my question is:
What should I specify in Transform to be able to use my login?
0

Please sign in to leave a comment.