LDAP - authentication failed

86 views
Skip to first unread message

delidir...@gmail.com

unread,
Aug 11, 2014, 6:55:49 AM8/11/14
to webpass...@googlegroups.com
I can't login with my AD user.
I did all settings describing in the tutorial.

my webpasswordsafe-service.xml file is like that.
Is there anyway to see what's happening while trying to login with AD user.
How could I understand if the LDAP connection is working successfully?

<?xml version="1.0" encoding="UTF-8"?>
<!--
    Copyright 2008-2013 Josh Drummond
   
    This file is part of WebPasswordSafe.
   
    WebPasswordSafe is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
   
    WebPasswordSafe is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
   
    You should have received a copy of the GNU General Public License
    along with WebPasswordSafe; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-->
<beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:context="http://www.springframework.org/schema/context"
     xsi:schemaLocation="
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

    <!-- core services -->
   
    <context:component-scan base-package="net.webpasswordsafe.server.service" />

    <!-- pluggable services -->
   
    <bean id="passwordGenerator"
        class="net.webpasswordsafe.server.plugin.generator.SimpleRandomPasswordGenerator" >
        <property name="passwordLength" value="20" />
        <property name="allowLowercase" value="true" />
        <property name="allowUppercase" value="true" />
        <property name="allowNumeric" value="true" />
        <property name="specialChars" value="!@#$%^*" />
        <property name="excludeChars" value="O0l1" />
    </bean>

    <bean id="authenticator"
        class="net.webpasswordsafe.server.plugin.authentication.IPLockoutAuthenticator">
        <property name="authenticator" ref="userLockoutAuthenticator" />
        <property name="failedLoginThreshold" value="10" />
        <property name="lockoutLength" value="1440" />
        <property name="whitelist">
            <set>
                <value>127.0.0.1</value>
            </set>
        </property>
    </bean>

    <bean id="userLockoutAuthenticator"
        class="net.webpasswordsafe.server.plugin.authentication.UserLockoutAuthenticator">
        <property name="authenticator" ref="multiAuthenticator" />
        <property name="failedLoginThreshold" value="5" />
        <property name="whitelist">
            <set>
                <value>admin</value>
            </set>
        </property>
    </bean>

    <bean id="localAuthenticator"
        class="net.webpasswordsafe.server.plugin.authentication.LocalAuthenticator">
    </bean>

    <bean id="multiAuthenticator"
        class="net.webpasswordsafe.server.plugin.authentication.CompositeAuthenticator">
        <property name="authenticators">
            <list>
                <map>
                    <entry key="users">
                        <list>
                            <value>admin</value>
                        </list>
                    </entry>
                    <entry key="authenticator" value-ref="localAuthenticator"></entry>
                </map>
                <map>
                    <entry key="anyUser" value="true" />
                    <entry key="authenticator" value-ref="ldapAuthenticator"></entry>
                </map>
            </list>
        </property>
    </bean>

   
    <bean id="authnContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="referral" value="follow" />
        <property name="url" value="ldap://IP:389" />
        <property name="userDn" value="CN=webpasstest,OU=IT,OU=xxx,OU=xxx,DC=cb,DC=xxx,DC=com,DC=tr" />
<property name="password" value="Password" />
    </bean>
    <bean id="authnLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
        <constructor-arg ref="authnContextSource" />
    </bean>
    <bean id="ldapAuthenticator" class="net.webpasswordsafe.server.plugin.authentication.LdapAuthenticator">
        <property name="ldapTemplate" ref="authnLdapTemplate" />
        <property name="filter" value="(&amp;(objectclass=person)(sAMAccountName=$1))" />
       <property name="base" value="dc=corpneta,dc=com" />
    </bean>


    <!-- ## Uncomment to use a different authenticator implementation

    <bean id="demoAuthenticator"
        class="net.webpasswordsafe.server.plugin.authentication.DemoAuthenticator">
        <property name="demoPassword" value="demo" />
    </bean>
   
    <bean id="rsaAuthenticator"
        class="net.webpasswordsafe.server.plugin.authentication.RsaSecurIdAuthenticator">
        <property name="configPath" value="/usr/local/rsa/rsa_api.properties" />
    </bean>
    -->
       
    <bean id="roleRetriever"
        class="net.webpasswordsafe.server.plugin.authentication.LocalRoleRetriever">
        <property name="adminUsers">
            <set>
                <value>admin</value>
            </set>
        </property>
    </bean>

    <bean id="authorizer"
        class="net.webpasswordsafe.server.plugin.authorization.DefaultAuthorizer">
        <property name="allowAdminBypassPasswordPermissions" value="true" />
    </bean>
 
    <bean id="auditLoggerLog4j"
        class="net.webpasswordsafe.server.plugin.audit.Log4jAuditLogger">
        <property name="delimiter" value=" || " />
    </bean>
       
    <bean id="auditLoggerDatabase"
        class="net.webpasswordsafe.server.plugin.audit.DatabaseAuditLogger" />
   
    <bean id="auditLogger"
        class="net.webpasswordsafe.server.plugin.audit.CompositeAuditLogger">
        <property name="auditLoggers">
            <list>
                <ref bean="auditLoggerLog4j" />
                <ref bean="auditLoggerDatabase" />
            </list>
        </property>
    </bean>
       
    <!--  Encryption related settings, these should not be changed after initial deployment otherwise
          data may be corrupted or unreadable -->
         
    <!-- ## Uncomment for Jasypt Encryption -->
    <bean id="digester" class="net.webpasswordsafe.server.plugin.encryption.JasyptDigester">
        <property name="passwordEncryptor" ref="passwordEncryptor" />
    </bean>
    <bean id="passwordEncryptor" class="org.jasypt.util.password.StrongPasswordEncryptor" />
    <bean id="encryptor" class="net.webpasswordsafe.server.plugin.encryption.JasyptEncryptor">
        <property name="stringEncryptor" ref="strongEncryptor" />
    </bean>
    <bean id="bcProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider" />
    <bean id="strongEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
        <property name="algorithm" value="${encryptor.jasypt.algorithm}" />
        <property name="provider" ref="bcProvider" />
        <property name="password" value="${encryptor.jasypt.password}" />
        <property name="keyObtentionIterations" value="${encryptor.jasypt.keyObtentionIterations}" />
    </bean>

    <!-- ## Uncomment for OWASP-ESAPI Encryption -->
    <!--
    <bean id="digester" class="net.webpasswordsafe.server.plugin.encryption.EsapiDigester">
        <constructor-arg index="0" value="${encryptor.esapi.useClasspath}" />
        <constructor-arg index="1" value="${encryptor.esapi.resourceDir}" />
    </bean>
    <bean id="encryptor" class="net.webpasswordsafe.server.plugin.encryption.EsapiEncryptor">
        <constructor-arg index="0" value="${encryptor.esapi.useClasspath}" />
        <constructor-arg index="1" value="${encryptor.esapi.resourceDir}" />
    </bean>
    -->
       
</beans>
Reply all
Reply to author
Forward
0 new messages