Problem with Security Provider (AD)

0

Hello

i have a config problem with LDAP (Microsoft AD) and cant get authentication.

LDAP URL: ldap://sadpoa01.brother.local:389/DC=brother,DC=local
Manager DN: syncldap
User DN Pattern: (&(objectClass=user)(sAMAccountName={0}))
Connection Successful.

I have tested with a valid user/password on
User DN Pattern: (sAMAccountName={0})
User DN Pattern: sAMAccountName={0}
User DN Pattern: sAMAccountName

and always be the same
"Invalid username or password"

Wavemaker its installed on Centos 6.2 with centos port enabled on firewall.

Any ideas?
Where i find a error log?

thanks

edc's picture

Yeah, nothing there. Only

Yeah, nothing there. Only confirming that security is enabled.
The next place for logging is the AD service itself, which I try to avoid if at all possible.
Instead I would suggest using a ldap browser, such as softerra to get a visual look at the tree.

-Ed


Edward Callahan
Staff Engineer
WaveMaker/SpringSource/VMware
===========================
WM 6.4.5, 6.5.M1

Acegi LOG - Problem with Security Provider (AD)

Thanks Edward.

I have activated acegi/ldap log and received these logs:

- On LOAD login page
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/boot/boot.css'; to: '/lib/boot/boot.css'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/boot/boot.css'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/boot/boot.css has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/runtimeloader.js'; to: '/lib/runtimeloader.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/runtimeloader.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/runtimeLoader.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/theme.css'; to: '/lib/wm/base/widget/themes/wm_darkdawn/theme.css'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/theme.css'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/theme.css has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/boot/boot.js'; to: '/lib/boot/boot.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/boot/boot.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/boot/boot.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/custom.css'; to: '/lib/wm/base/widget/themes/wm_darkdawn/custom.css'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/custom.css'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/custom.css has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/dojo/dojo/dojo_build.js'; to: '/lib/dojo/dojo/dojo_build.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/dojo/dojo/dojo_build.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/dojo/dojo/dojo_build.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/dojo/dojo/i18n.js'; to: '/lib/dojo/dojo/i18n.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/dojo/dojo/i18n.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/dojo/dojo/i18n.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/language/nls/components.js'; to: '/lib/wm/language/nls/components.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/language/nls/components.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/language/nls/components.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/language/nls/pt/components.js'; to: '/lib/wm/language/nls/pt/components.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/language/nls/pt/components.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/language/nls/pt/components.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/language/nls/pt-br/components.js'; to: '/lib/wm/language/nls/pt-br/components.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/language/nls/pt-br/components.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/language/nls/pt-br/components.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/language/nls/properties.js'; to: '/lib/wm/language/nls/properties.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/language/nls/properties.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/language/nls/properties.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/language/nls/pt/properties.js'; to: '/lib/wm/language/nls/pt/properties.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/language/nls/pt/properties.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/language/nls/pt/properties.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/language/nls/pt-br/properties.js'; to: '/lib/wm/language/nls/pt-br/properties.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/language/nls/pt-br/properties.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/language/nls/pt-br/properties.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/build/gzipped/lib_build.js'; to: '/lib/build/gzipped/lib_build.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/build/gzipped/lib_build.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/build/Gzipped/lib_build.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/common/645ga_patches.js'; to: '/lib/wm/common/645ga_patches.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/common/645ga_patches.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/common/645GA_patches.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/build/nls/lib_build_pt-br.js'; to: '/lib/build/nls/lib_build_pt-br.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/build/nls/lib_build_pt-br.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/build/nls/lib_build_pt-br.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/runtime_manifest.js'; to: '/lib/runtime_manifest.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/runtime_manifest.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/runtime_manifest.js has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/dojo/dijit/themes/tundra/t.css'; to: '/lib/dojo/dijit/themes/tundra/t.css'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/boot/images/loader.gif'; to: '/lib/boot/images/loader.gif'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/boot/images/loader.gif'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/boot/images/loader.gif has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/default/theme.css'; to: '/lib/wm/base/widget/themes/default/theme.css'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/styles/wavemaker.css'; to: '/lib/wm/base/styles/wavemaker.css'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/default/theme.css'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/dojo/dijit/themes/tundra/t.css'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/default/theme.css has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/styles/wavemaker.css'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/styles/wavemaker.css has an empty filter list> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/dojo/dijit/themes/tundra/t.css has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/theme.js'; to: '/lib/wm/base/widget/themes/wm_darkdawn/theme.js'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/theme.js'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/Theme.js?dojo.preventCache=1340798219902 has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/default/images/blank.gif'; to: '/lib/wm/base/widget/themes/default/images/blank.gif'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/default/images/blank.gif'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/default/images/blank.gif has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/default/images/tree_blank.gif'; to: '/lib/wm/base/widget/themes/default/images/tree_blank.gif'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/default/images/tree_blank.gif'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/default/images/tree_blank.gif has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightthickedge3.png'; to: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightthickedge3.png'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightthickedge3.png'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightThickEdge3.png has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge2.png'; to: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge2.png'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge2.png'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightEdge2.png has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge1.png'; to: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge1.png'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge1.png'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightEdge1.png has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/greythickedge1.png'; to: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/greythickedge1.png'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/greythickedge1.png'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/greyThickEdge1.png has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/boot/images/favicon.ico'; to: '/lib/boot/images/favicon.ico'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/boot/images/favicon.ico'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/boot/images/favicon.ico has an empty filter list> ()

- On try logon in AD
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge1.png'; to: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge1.png'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge1.png'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightEdge1.png has an empty filter list> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge2.png'; to: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge2.png'> ()
DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightedge2.png'; pattern is /**; matched=true> ()
DEBUG [org.acegisecurity.util.FilterChainProxy] - </lib/wm/base/widget/themes/wm_darkdawn/images/repeatx/brightEdge2.png has an empty filter list> ()

I cant see anything relevant to resolv my problem.

On PHP, i've used this code with sucess:
$ad = ldap_connect($ldap_server, 389) ;
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
$bound = ldap_bind($ad, $ldap_user, $ldap_pass);

edc's picture

WM.log has the server side

WM.log has the server side story, but you'll likely need to uncomment these's loggers in log4j.properties to get anything useful. Don't forget to redeploy after changing log levels.

log4j.logger.org.acegisecurity=debug

# log LDAP provider
log4j.logger.org.acegisecurity.providers.ldap=debug

-Ed


Edward Callahan
Staff Engineer
WaveMaker/SpringSource/VMware
===========================
WM 6.4.5, 6.5.M1