LDAP - authentication failed
86 views
Skip to first unread message
delidir...@gmail.com
Aug 11, 2014, 6:55:49 AM8/11/14
to webpass...@googlegroups.com
I can't login with my AD user.
I did all settings describing in the tutorial.
my webpasswordsafe-service.xml file is like that.
Is there anyway to see what's happening while trying to login with AD user.
How could I understand if the LDAP connection is working successfully?
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2008-2013 Josh Drummond
This file is part of WebPasswordSafe.
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- core services -->
<context:component-scan base-package="net.webpasswordsafe.server.service" />
<!-- pluggable services -->
<bean id="passwordGenerator"
class="net.webpasswordsafe.server.plugin.generator.SimpleRandomPasswordGenerator" >
<property name="passwordLength" value="20" />
<property name="allowLowercase" value="true" />
<property name="allowUppercase" value="true" />
<property name="allowNumeric" value="true" />
<property name="specialChars" value="!@#$%^*" />
<property name="excludeChars" value="O0l1" />
</bean>
<bean id="authenticator"
class="net.webpasswordsafe.server.plugin.authentication.IPLockoutAuthenticator">
<property name="authenticator" ref="userLockoutAuthenticator" />
<property name="failedLoginThreshold" value="10" />
<property name="lockoutLength" value="1440" />
<property name="whitelist">
<set>
<value>127.0.0.1</value>
</set>
</property>
</bean>
<bean id="userLockoutAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.UserLockoutAuthenticator">
<property name="authenticator" ref="multiAuthenticator" />
<property name="failedLoginThreshold" value="5" />
<property name="whitelist">
<set>
<value>admin</value>
</set>
</property>
</bean>
<bean id="localAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.LocalAuthenticator">
</bean>
<bean id="multiAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.CompositeAuthenticator">
<property name="authenticators">
<list>
<map>
<entry key="users">
<list>
<value>admin</value>
</list>
</entry>
<entry key="authenticator" value-ref="localAuthenticator"></entry>
</map>
<map>
<entry key="anyUser" value="true" />
<entry key="authenticator" value-ref="ldapAuthenticator"></entry>
</map>
</list>
</property>
</bean>
<bean id="authnContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="referral" value="follow" />
<property name="url" value="ldap://IP:389" />
<property name="userDn" value="CN=webpasstest,OU=IT,OU=xxx,OU=xxx,DC=cb,DC=xxx,DC=com,DC=tr" />
<property name="password" value="Password" />
</bean>
<bean id="authnLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="authnContextSource" />
</bean>
<bean id="ldapAuthenticator" class="net.webpasswordsafe.server.plugin.authentication.LdapAuthenticator">
<property name="ldapTemplate" ref="authnLdapTemplate" />
<property name="filter" value="(&(objectclass=person)(sAMAccountName=$1))" />
<property name="base" value="dc=corpneta,dc=com" />
</bean>
<!-- ## Uncomment to use a different authenticator implementation
<bean id="demoAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.DemoAuthenticator">
<property name="demoPassword" value="demo" />
</bean>
<bean id="rsaAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.RsaSecurIdAuthenticator">
<property name="configPath" value="/usr/local/rsa/rsa_api.properties" />
</bean>
-->
<bean id="roleRetriever"
class="net.webpasswordsafe.server.plugin.authentication.LocalRoleRetriever">
<property name="adminUsers">
<set>
<value>admin</value>
</set>
</property>
</bean>
<bean id="authorizer"
class="net.webpasswordsafe.server.plugin.authorization.DefaultAuthorizer">
<property name="allowAdminBypassPasswordPermissions" value="true" />
</bean>
<bean id="auditLoggerLog4j"
class="net.webpasswordsafe.server.plugin.audit.Log4jAuditLogger">
<property name="delimiter" value=" || " />
</bean>
<bean id="auditLoggerDatabase"
class="net.webpasswordsafe.server.plugin.audit.DatabaseAuditLogger" />
<bean id="auditLogger"
class="net.webpasswordsafe.server.plugin.audit.CompositeAuditLogger">
<property name="auditLoggers">
<list>
<ref bean="auditLoggerLog4j" />
<ref bean="auditLoggerDatabase" />
</list>
</property>
</bean>
<!-- Encryption related settings, these should not be changed after initial deployment otherwise
data may be corrupted or unreadable -->
<!-- ## Uncomment for Jasypt Encryption -->
<bean id="digester" class="net.webpasswordsafe.server.plugin.encryption.JasyptDigester">
<property name="passwordEncryptor" ref="passwordEncryptor" />
</bean>
<bean id="passwordEncryptor" class="org.jasypt.util.password.StrongPasswordEncryptor" />
<bean id="encryptor" class="net.webpasswordsafe.server.plugin.encryption.JasyptEncryptor">
<property name="stringEncryptor" ref="strongEncryptor" />
</bean>
<bean id="bcProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider" />
<bean id="strongEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="${encryptor.jasypt.algorithm}" />
<property name="provider" ref="bcProvider" />
<property name="password" value="${encryptor.jasypt.password}" />
<property name="keyObtentionIterations" value="${encryptor.jasypt.keyObtentionIterations}" />
</bean>
<!-- ## Uncomment for OWASP-ESAPI Encryption -->
<!--
<bean id="digester" class="net.webpasswordsafe.server.plugin.encryption.EsapiDigester">
<constructor-arg index="0" value="${encryptor.esapi.useClasspath}" />
<constructor-arg index="1" value="${encryptor.esapi.resourceDir}" />
</bean>
<bean id="encryptor" class="net.webpasswordsafe.server.plugin.encryption.EsapiEncryptor">
<constructor-arg index="0" value="${encryptor.esapi.useClasspath}" />
<constructor-arg index="1" value="${encryptor.esapi.resourceDir}" />
</bean>
-->
</beans>
I did all settings describing in the tutorial.
my webpasswordsafe-service.xml file is like that.
Is there anyway to see what's happening while trying to login with AD user.
How could I understand if the LDAP connection is working successfully?
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2008-2013 Josh Drummond
This file is part of WebPasswordSafe.
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- core services -->
<context:component-scan base-package="net.webpasswordsafe.server.service" />
<!-- pluggable services -->
<bean id="passwordGenerator"
class="net.webpasswordsafe.server.plugin.generator.SimpleRandomPasswordGenerator" >
<property name="passwordLength" value="20" />
<property name="allowLowercase" value="true" />
<property name="allowUppercase" value="true" />
<property name="allowNumeric" value="true" />
<property name="specialChars" value="!@#$%^*" />
<property name="excludeChars" value="O0l1" />
</bean>
<bean id="authenticator"
class="net.webpasswordsafe.server.plugin.authentication.IPLockoutAuthenticator">
<property name="authenticator" ref="userLockoutAuthenticator" />
<property name="failedLoginThreshold" value="10" />
<property name="lockoutLength" value="1440" />
<property name="whitelist">
<set>
<value>127.0.0.1</value>
</set>
</property>
</bean>
<bean id="userLockoutAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.UserLockoutAuthenticator">
<property name="authenticator" ref="multiAuthenticator" />
<property name="failedLoginThreshold" value="5" />
<property name="whitelist">
<set>
<value>admin</value>
</set>
</property>
</bean>
<bean id="localAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.LocalAuthenticator">
</bean>
<bean id="multiAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.CompositeAuthenticator">
<property name="authenticators">
<list>
<map>
<entry key="users">
<list>
<value>admin</value>
</list>
</entry>
<entry key="authenticator" value-ref="localAuthenticator"></entry>
</map>
<map>
<entry key="anyUser" value="true" />
<entry key="authenticator" value-ref="ldapAuthenticator"></entry>
</map>
</list>
</property>
</bean>
<bean id="authnContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="referral" value="follow" />
<property name="url" value="ldap://IP:389" />
<property name="userDn" value="CN=webpasstest,OU=IT,OU=xxx,OU=xxx,DC=cb,DC=xxx,DC=com,DC=tr" />
<property name="password" value="Password" />
</bean>
<bean id="authnLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="authnContextSource" />
</bean>
<bean id="ldapAuthenticator" class="net.webpasswordsafe.server.plugin.authentication.LdapAuthenticator">
<property name="ldapTemplate" ref="authnLdapTemplate" />
<property name="filter" value="(&(objectclass=person)(sAMAccountName=$1))" />
<property name="base" value="dc=corpneta,dc=com" />
</bean>
<!-- ## Uncomment to use a different authenticator implementation
<bean id="demoAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.DemoAuthenticator">
<property name="demoPassword" value="demo" />
</bean>
<bean id="rsaAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.RsaSecurIdAuthenticator">
<property name="configPath" value="/usr/local/rsa/rsa_api.properties" />
</bean>
-->
<bean id="roleRetriever"
class="net.webpasswordsafe.server.plugin.authentication.LocalRoleRetriever">
<property name="adminUsers">
<set>
<value>admin</value>
</set>
</property>
</bean>
<bean id="authorizer"
class="net.webpasswordsafe.server.plugin.authorization.DefaultAuthorizer">
<property name="allowAdminBypassPasswordPermissions" value="true" />
</bean>
<bean id="auditLoggerLog4j"
class="net.webpasswordsafe.server.plugin.audit.Log4jAuditLogger">
<property name="delimiter" value=" || " />
</bean>
<bean id="auditLoggerDatabase"
class="net.webpasswordsafe.server.plugin.audit.DatabaseAuditLogger" />
<bean id="auditLogger"
class="net.webpasswordsafe.server.plugin.audit.CompositeAuditLogger">
<property name="auditLoggers">
<list>
<ref bean="auditLoggerLog4j" />
<ref bean="auditLoggerDatabase" />
</list>
</property>
</bean>
<!-- Encryption related settings, these should not be changed after initial deployment otherwise
data may be corrupted or unreadable -->
<!-- ## Uncomment for Jasypt Encryption -->
<bean id="digester" class="net.webpasswordsafe.server.plugin.encryption.JasyptDigester">
<property name="passwordEncryptor" ref="passwordEncryptor" />
</bean>
<bean id="passwordEncryptor" class="org.jasypt.util.password.StrongPasswordEncryptor" />
<bean id="encryptor" class="net.webpasswordsafe.server.plugin.encryption.JasyptEncryptor">
<property name="stringEncryptor" ref="strongEncryptor" />
</bean>
<bean id="bcProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider" />
<bean id="strongEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="${encryptor.jasypt.algorithm}" />
<property name="provider" ref="bcProvider" />
<property name="password" value="${encryptor.jasypt.password}" />
<property name="keyObtentionIterations" value="${encryptor.jasypt.keyObtentionIterations}" />
</bean>
<!-- ## Uncomment for OWASP-ESAPI Encryption -->
<!--
<bean id="digester" class="net.webpasswordsafe.server.plugin.encryption.EsapiDigester">
<constructor-arg index="0" value="${encryptor.esapi.useClasspath}" />
<constructor-arg index="1" value="${encryptor.esapi.resourceDir}" />
</bean>
<bean id="encryptor" class="net.webpasswordsafe.server.plugin.encryption.EsapiEncryptor">
<constructor-arg index="0" value="${encryptor.esapi.useClasspath}" />
<constructor-arg index="1" value="${encryptor.esapi.resourceDir}" />
</bean>
-->
</beans>
Reply all
Reply to author
Forward
0 new messages