I am trying to authenticate a user (in Active Directory) from a user login web page. Authentication code below failed with error code code 32 - 0000208D
@EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
String bUrl="ldaps://ldaps.bell.corp.bce.ca:666";
String bManagerDn="CN=mgr-id,OU=Bell Users,OU=Bell,OU=Business Units,DC=bell,DC=corp,DC=bce,DC=ca";
String bManagerPassword="MgrPassword";
String bSerSearchBase="OU=Bell Users,OU=Bell,OU=Business Units,DC=bell,DC=corp,DC=bce,DC=ca";
try {
auth
.ldapAuthentication()
.contextSource()
.url(bUrl)
.managerDn(bManagerDn)
.managerPassword(bManagerPassword)
.and()
.userSearchBase(bSerSearchBase)
.userSearchFilter("(sAMAccountName={0})");
} catch (Exception e) {
logger.info("********* AuthenticationManagerBuilder EXCEPTION !!!!!!! ********* " );
throw new BeanInitializationException("Security configuration failed", e);
}
'''''' }
Errors:
09:27:11.051 [http-nio-8079-exec-1] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=tu.john,ou=Bell Users,ou=Bell,ou=Business Units,dc=bell,dc=corp,dc=bce,dc=ca) 09:27:11.298 [http-nio-8079-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - Did not store empty SecurityContext 09:27:11.298 [http-nio-8079-exec-1] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request 09:27:11.299 [http-nio-8079-exec-1] ERROR org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310021B, problem 2001 (NO_OBJECT), data 0, best match of: '' ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310021B, problem 2001 (NO_OBJECT), data 0, best match of: '' ]; remaining name '' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:183) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:376) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE] at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE] at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:197) ~[spring-security-ldap-5.4.2.jar:5.4.2] at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:223) ~[spring-security-ldap-5.4.2.jar:5.4.2] at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:203) ~[spring-security-ldap-5.4.2.jar:5.4.2] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197) ~[spring-security-ldap-5.4.2.jar:5.4.2] at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:83) ~[spring-security-ldap-5.4.2.jar:5.4.2] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.4.2.jar:5.4.2]
Comment From: snicoll
Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.