All geek questions in one place

Error logging into Grails OpenLDAP: sorry, we could not find a user with this username and password

I am trying to add an Ldap login to my grails application. after adding the spring -secutiry-core and spring -security-ldap (2.0.1) plugin, I added the configuration to config.groovy:

grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.managerDn = 'uid=admin,dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.context.managerPassword = 'Admin123'
grails.plugin.springsecurity.ldap.context.server = 'ldap://localhost:389'
grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.useRememberMe = false
grails.plugin.springsecurity.ldap.search.base = 'dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['uid', 'mail', 'cn', 'sn', 'givenName', 'jpegPhoto' , 'telephoneNumber']
grails.plugin.springsecurity.ldap.search.filter = '(uid={0})'
grails.plugin.springsecurity.ldap.authenticator.attributesToReturn = ['uid', 'mail', 'cn', 'sn', 'givenName', 'jpegPhoto' , 'telephoneNumber']
grails.plugin.springsecurity.userLookup.usernamePropertyName = 'uid'

I added my userDetails class, described the contextMapper class according to the official guide.

When you download the Grails application and try to log in, an error message is displayed, as in the header.

Looking at the background slapd log, I'm sure (not familiar with the slapd log format, though) the DN user search was successful ...:

5ac1d79a => send_search_entry: conn 1017 dn="uid=sito,ou=Users,dc=sw01,dc=com"
ber_flush2: 3768 bytes to sd 15
ldap_write: want=3768, written=3768
  0000:  30 82 0e b4 02 01 01 64  82 0e ad 04 20 75 69 64   0......d.... uid  
  0010:  3d 73 69 74 6f 2c 6f 75  3d 55 73 65 72 73 2c 64   =sito,ou=Users,d  
  0020:  63 3d 73 77 30 31 2c 64  63 3d 63 6f 6d 30 82 0e   c=sw01,dc=com0..  
  0030:  87 30 5e 04 0b 6f 62 6a  65 63 74 43 6c 61 73 73   .0^..objectClass  
  0040:  31 4f 04 10 65 78 74 65  6e 73 69 62 6c 65 4f 62   1O..extensibleOb  
  0050:  6a 65 63 74 04 09 75 69  64 4f 62 6a 65 63 74 04   ject..uidObject.  
  0060:  06 70 65 72 73 6f 6e 04  14 6f 72 67 61 6e 69 7a   .person..organiz  
  0070:  61 74 69 6f 6e 61 6c 50  65 72 73 6f 6e 04 0d 69   ationalPerson..i  
  0080:  6e 65 74 4f 72 67 50 65  72 73 6f 6e 04 03 74 6f   netOrgPerson..to  
  0090:  70 30 16 04 02 63 6e 31  10 04 0e 41 6c 66 6f 6e   p0...cn1...Alfon  
  00a0:  73 6f 20 52 69 76 65 72  6f 30 16 04 09 67 69 76   so Rivero0...giv

...

ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
5ac1d79a conn=1018 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
5ac1d79a >>> dnPrettyNormal: <uid=sito,ou=Users,dc=sw01,dc=com>
5ac1d79a <<< dnPrettyNormal: <uid=sito,ou=Users,dc=sw01,dc=com>, <uid=sito,ou=users,dc=sw01,dc=com>
5ac1d79a do_bind: version=3 dn="uid=sito,ou=Users,dc=sw01,dc=com" method=128
5ac1d79a mdb_dn2entry("uid=sito,ou=users,dc=sw01,dc=com")
5ac1d79a => mdb_dn2id("uid=sito,ou=users,dc=sw01,dc=com")
5ac1d79a <= mdb_dn2id: got id=0xd
5ac1d79a => mdb_entry_decode:
5ac1d79a <= mdb_entry_decode
5ac1d79a send_ldap_result: conn=1018 op=0 p=3
5ac1d79a send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 16
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00         0....a...1....    
5ac1d79a connection_get(16): got connid=1018
5ac1d79a connection_read(16): checking for input on id=1018
ber_get_next
ldap_read: want=8, got=0

5ac1d79a ber_get_next on fd 16 failed errno=0 (Undefined error: 0)
5ac1d79a connection_close: conn=1018 sd=16

But while the page does not show a matching username and password. I tried with or without the following configuration line, with the same error:

grails.plugin.springsecurity.password.algorithm = 'SHA-256'

- - ? , , !

[ 20180403]

, . LoginController.groovy authfail() stacktrace:

| Error org.springframework.security.authentication.BadCredentialsException: Bad credentials
| Error     at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
| Error     at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
| Error     at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:80)
| Error     at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
| Error     at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:92)
| Error     at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.java:59)
| Error     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
| Error     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

org.springframework.security.ldap.authentication.BindAuthenticator BadCredentialsException...

, ldif ( JXplorer):

dn: uid=mcurie,ou=Users,dc=sw01,dc=com
objectClass: uidObject
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Marie Curie
facsimileTelephoneNumber: +1 904 982 6883
givenName: Marie
mail: mcurie@example.com
ou: Users
roomNumber: 667
sn: Curie
telephoneNumber: +1 904 982 6882
uid: mcurie
userPassword:: c2VjcmV0

, userName , "uid" , config.groovy:

grails.plugin.springsecurity.userLookup.usernamePropertyName = 'uid'

, - ?

/ !

[UPDATE 20180406]

, , ldap :

$ ldapsearch -D 'cn=admin,dc=sw01,dc=com' -W -x -b 'uid=wpauli,ou=Users,dc=sw01,dc=com'
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <uid=wpauli,ou=Users,dc=sw01,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# wpauli, Users, sw01.com
dn: uid=wpauli,ou=Users,dc=sw01,dc=com
objectClass: uidObject
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Wolfgang Pauli
facsimileTelephoneNumber: +1 904 982 6883
givenName: Wolfgang
mail: wpauli@example.com
ou: Users
roomNumber: 667
sn: Pauli
telephoneNumber: +1 904 982 6882
uid: wpauli
userPassword:: c2VjcmV0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

( , DN, , ):

$ ldapwhoami -vvv -h localhost -p 389 -D 'uid=wpauli,ou=Users,dc=sw01,dc=com' -x -w c2VjcmV0
ldap_initialize( ldap://localhost:389 )
ldap_bind: Invalid credentials (49)

$ ldapwhoami -vvv -h localhost -p 389 -D uid=wpauli,ou=Users,dc=sw01,dc=com -x -w c2VjcmV0
ldap_initialize( ldap://localhost:389 )
ldap_bind: Invalid credentials (49)

? , Ldapsearch ?

-?

+4
1

. LDIF, , , userPassword, "::", , base64...

telephoneNumber: +1 904 982 6882
uid: sito
userPassword:: c2VjcmV0

c2VjcmV0 ' base64, . ...

, ldapwhoami

From:

$ ldapwhoami -vvv -h localhost -p 389 -D uid=wpauli,ou=Users,dc=sw01,dc=com -x -w c2VjcmV0

To:

$ ldapwhoami -vvv -h localhost -p 389 -D uid=wpauli,ou=Users,dc=sw01,dc=com -x -w secret

.

, Grails App .

+3

Source: https://habr.com/ru/post/1695646/

More articles:


All Articles