LDAP Authentication with AD

Question

When I try to configure on Cloudify LDAP authentication with Microdoft LDAP I receive the following error:

Caused by: ErrorStatusException, reason code: unauthorized, message arguments: Verbose: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]

I use the "domain\user" and only the "user" but I receive the same error. I try to connect with ldapsearch from vm management to LDAP and I must use "domain\user" else I receive the 52e error.

Answer 1

As you describe, error code 52e means the combination of password and username is invalid.

Cloudify is commonly used with standard directories (I personally tested on OpenLDAP) but wasn't officially tested against AD, so it's very likely that this is a matter of naming conventions.

Following this thread I suggest you use "cn" instead of "uid" when composing the user's dn. To do this you should edit your spring-security.xml "userSearch" bean configuration. Replace: value="(uid={0})" with value="(cn={0})"

Also, as far as I know the username should not contain "\" (often used to separate the domain and the username). Try to use this formatting: user@mydomain.com instead.

If altering the configuration doesn't get you there, it's also possible to implement your own authentication provider and plug it into Cloudify as described in the "Integrating a Custom Authentication Provider" section here.