great-motherboard-71467
08/12/2022, 1:31 PMWHZ-Authentication {
com.sun.security.auth.module.LdapLoginModule sufficient
userProvider="<ldaps://ldaps.some.server.eu/dc=some,dc=domain,dc=com>"
authIdentity="{USERNAME}@some.domain.com"
userFilter="uid={USERNAME},cn=users,cn=accounts,dc=some,dc=domain,dc=com"
java.naming.security.authentication="simple"
debug="true"
useSSL="true";
};
Whatever i`m changing inside of this config for example port setting to :636
I`m ending with following error
datahub-frontend-react | [LdapLoginModule] authentication-first mode; SSL enabled
datahub-frontend-react | [LdapLoginModule] user provider: <ldaps://ldaps.some.server.eu/cn=users,cn=accounts,dc=some,dc=domain,dc=com>
datahub-frontend-react | 13:06:46 [application-akka.actor.default-dispatcher-2] ERROR application - The submitted callback is of type: class javax.security.auth.callback.NameCallback : javax.security.auth.callback.NameCallback@332d2227
datahub-frontend-react | 13:06:46 [application-akka.actor.default-dispatcher-2] ERROR application - The submitted callback is of type: class javax.security.auth.callback.PasswordCallback : javax.security.auth.callback.PasswordCallback@7dbea6b9
datahub-frontend-react | [LdapLoginModule] attempting to authenticate user: some_test_user
datahub-frontend-react | [LdapLoginModule] authentication failed
datahub-frontend-react | [LdapLoginModule] aborted authentication
No matter if i will change authIdentity to only {USERNAME} or if i will provide with domain name, or with dc standard.
It is not working.
Or when i`m trying to provide technical user which will connect by providing
java.naming.security.principal=
java.naming.security.credential=
Then the Dummy Module is authenticating everything in such case.
When i`m doing on my CLI following ldapsearch, i`m able to get info from LDAP about the specific user
ldapsearch -H <ldaps://ldaps.some.server.eu> -x -b dc=some,dc=domain,dc=com '(&(objectClass=person)(uid=some_test_user))'
Any hint what could be wrong ?WHZ-Authentication {
com.sun.security.auth.module.LdapLoginModule sufficient
userProvider="<ldaps://ldaps.some.server.eu:636/cn=users,cn=accounts,dc=some,dc=domain,dc=com>"
authzIdentity="{USERNAME}"
userFilter="(&(objectClass=person)(uid={USERNAME}))"
java.naming.security.authentication="simple"
debug="true"
useSSL="true";
};
as you can see there is a change which works in my case
i replaced authIdentity with authzIdentity
authzIdentity="{USERNAME}"
Regarding to the documentation:
authzIdentity=authz_id
This option specifies an authorization identity for the user. authz_id
is any string name. If it comprises a single special token with curly braces then that token is treated as a attribute name and will be replaced with a single value of that attribute from the user's LDAP entry. If the attribute cannot be found then the option is ignored. When this option is supplied and the user has been successfully authenticated then an additional UserPrincipal
is created using the authorization identity and it is associated with the current Subject
.