Spring Security Issue and Active Directory LDAP Error 32 Issues 2001 (NO_OBJECT)

Question

Spring Security Issue and Active Directory LDAP Error 32 Issues 2001 (NO_OBJECT)

I am trying to authenticate the AD LDS \ ADAM user again using Spring framework and Spring Security 3.0. I keep getting the following error and hopefully someone here can explain where the problem is.

[LDAP: error code 32 - 0000208D: NameErr: DSID-0315258B, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Users,DC=Domain,DC=local' ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0315258B, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Users,DC=Domain,DC=local' ]; remaining name 'cn=Mo Logan,cn=Users,dc=Domain,dc=local'

Can someone explain what the best match means and the remaining bits of the name - does it really bother me? Is this type of search sensitive? And will the problems associated with time differences between the server and the client matter?

From what I read, an online error code of 32 means that the object cannot be found - very useful. I am sure you will agree. Here is the configuration information I'm using:

 <authentication-manager alias="ldapAuthenicationManager"> <ldap-authentication-provider user-search-base="cn=Users,dc=Domain,dc=local" user-search-filter="(uid={0})" role-prefix="Users" /> </authentication-manager> <ldap-server url="ldap://server:50006/" manager-dn="CN=Admin,CN=Users,DC=Domain,DC=local" manager-password="Password101" />

I am looking for uid (no SAMAccountName in LDS), and when I search by the same criteria using ldap.exe on the server, I can find the user correctly, for example:

 ldap_search_s(ld, "CN=Users,DC=Domain,DC=local", 2, "(uid=mologan)", attrList, 0, &msg) ***Searching... ldap_search_s(ld, "CN=Users,DC=Domain,DC=local", 2, "(uid=mologan)", attrList, 0, &msg) Getting 1 entries: Dn: CN=Mo Logan,CN=Users,DC=Domain,DC=local badPasswordTime: 9/20/2011 1:19:51 PM GMT Standard Time; badPwdCount: 0; cn: Mo Logan; distinguishedName: CN=Mo Logan,CN=Users,DC=Domain,DC=local; dSCorePropagationData: 0x0 = ( ); instanceType: 0x4 = ( WRITE ); lastLogonTimestamp: 9/20/2011 9:10:32 AM GMT Standard Time; lockoutTime: 0; memberOf (2): CN=DMSUsers,CN=Users,DC=Domain,DC=local; CN=Users,CN=Roles,CN=Users,DC=Domain,DC=local; msDS-UserAccountDisabled: FALSE; name: Mo Logan; objectCategory: CN=Person,CN=Schema,CN=Configuration,CN={BD500A33-CE7C-492F-9007-BF1B17F972EE}; objectClass (4): top; person; organizationalPerson; user; objectGUID: 40f74ed4-6cf3-495e-a28c-6aa080a0333b; objectSid: S-1-514506224-2209559093-2723712157-1234827279-3369888698-2052446679; pwdLastSet: 9/20/2011 8:19:06 AM GMT Standard Time; uid: mologan; uSNChanged: 13994; uSNCreated: 13985; whenChanged: 9/20/2011 9:10:32 AM GMT Standard Time; whenCreated: 9/20/2011 8:16:54 AM GMT Standard Time;

I bind to AD LDS as an administrator account, which belongs to a group of readers under roles. This user is at the same level as the username I'm trying to verify.

As you can probably say that I am categorical for reasons as to why I get this error, and I hope someone can help me or point me in the right direction,

Greetings and thanks in advance

+4

spring spring-security active-directory ldap

Morrislgn 20 sept '11 at 18:35

source share

2 answers

Morrislgn · Answer 1 · 2011-09-26T22:57:03+0000

I think, finally, I realized that this would help someone else. The following is my security configuration:

 <authentication-manager alias="ldapAuthenicationManager"> <ldap-authentication-provider user-search-filter="(uid={0})" group-search-filter="(member=userGroup)" > </ldap-authentication-provider> </authentication-manager> <ldap-server url="ldap://server:50006/CN=Users,CN=Domain,CN=local" manager-dn="Cn=Admin,CN=Domain,CN=local" manager-password="Password101" />

I had to create a user in LDS called admin and assign him a reader role in LDS (if you do not have one, import it from the ldf files provided for LDS). Now create a user and then a group by adding the user to the group created in AD

At this point, I was getting an Ldap 32 error. After debugging the spring security code and looking at the server event logs, I realized that the problem was with AD LDS setup. After many exercises and guessing, I came across a problem.

To solve this problem, I added the user to whom I wanted to log in (and not manager-dn) to the reader group to ensure successful linking. This resolved the issue.

Hope this is helpful?

JPBlanc · Answer 2 · 2011-09-21T03:57:03+0000

I notice a strange thing in your question. do a search:

 ldap_search_s(ld, "CN=Users,DC=Domain,DC=local", 2, "(uid=mologan)", attrList, 0, &msg)

with (uid=mologan) as a filter, and the result of return uid: chweeks is just a copy / past fingerprints from the result of another search?

one more thing that you wrote about about LDAP.EXE , you mean LDP.EXE

---- EDITED ------

Can you try this configuration

 <authentication-manager alias="ldapAuthenicationManager"> <ldap-authentication-provider user-search-base="cn=Users" user-search-filter="(uid={0})" role-prefix="Users" /> </authentication-manager> <ldap-server url="ldap://server:50006/dc=Domain,dc=local" manager-dn="CN=Admin,CN=Users,DC=Domain,DC=local" manager-password="Password101" />

Spring Security Issue and Active Directory LDAP Error 32 Issues 2001 (NO_OBJECT)

More articles: