LDAP search not working. Different account in LDAP #1164
Unanswered
leondelange6969
asked this question in
Q&A
Replies: 1 comment
-
|
Hello, PTAL at this thread. Might be the same issue, if you're running LDAPS. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm have some difficulty in setting up the LDAP connection.
I believe the issue is with the fact that we use different username that what the DN record discribes out our site.
The record is in the form of last name and firstname and not username as supplied on the webpage interface
Is this not suppose to user the search filter ?
Ldap Record.
ldapsearch -xLLL -H usldaps.us.aegon.com -b 'DC=us,DC=aegon,DC=com' '(&(objectClass=person)(sAMAccountName=admldelang1))'
dn: CN=ADM DeLange, Leon Jaco,OU=AA,DC=us,DC=aegon,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ADM DeLange, Leon Jaco
sn: DeLange
givenName: Leon
distinguishedName: CN=ADM DeLange, Leon Jaco,OU=AA,DC=us,DC=aegon,DC=com
instanceType: 4
whenCreated: 20230113145713.0Z
whenChanged: 20250628113458.0Z
displayName: ADM DeLange, Leon Jaco
memberOf: CN=UMQKAFKAUIUSERS,OU=Groups,DC=us,DC=aegon,DC=com
logonCount: 941
sAMAccountName: admldelang1
sAMAccountType: 805306368
Config File settings (edited)
======================================================
LDAP Configuration
Used for user and group resolution in RBAC when using LDAP.
======================================================
auth:
type: LDAP
spring:
ldap:
urls: "ldap://usldaps.us.aegon.com:389"
base: "CN={0},OU=AA,DC=us,DC=aegon,DC=com"
user-filter-search-base: "OU=AA,DC=us,DC=aegon,DC=com"
user-filter-search-filter: "(&(objectClass=person)(sAMAccountName={0}))"
group-filter-search-base: "OU=Groups,DC=us,DC=aegon,DC=com"
#admin-user: "xxxxxx" Not required at our site
#admin-password: "xxxxxx" Not required at our site
oauth2:
ldap:
activeDirectory: false
activeDirectory.domain: usldaps.us.aegon.com
======================================================
Role-Based Access Control (RBAC)
Configure roles, user/group bindings, and permissions.
======================================================
rbac:
roles:
- name: mqadmin
clusters:
- Kafka-Test
subjects:
- provider: ldap
type: group
value: "UMQKAFKAUIUSERS"
permissions:
- resource: applicationconfig
actions: all
- resource: clusterconfig
actions: all
- resource: topic
value: "."
actions: all
- resource: consumer
value: "."
actions: view
- resource: schema
value: "."
actions: all
- resource: connect
value: "."
actions: all
- resource: ksql
actions: all
- resource: acl
actions: all
Logging on to the KAFBAT web interface using admldelang1
Getting this error
mework.http.server.reactive.ReactorHttpHandlerAdapter@78778dd8
2025-07-02 15:45:29,183 DEBUG [reactor-http-epoll-4] o.s.w.s.a.HttpWebHandlerAdapter: [9d9e8699-1] HTTP POST "/login"
2025-07-02 15:45:29,200 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/login', method=POST}
2025-07-02 15:45:29,201 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.PathPatternParserServerWebExchangeMatcher: Checking match of request : '/login'; against '/login'
2025-07-02 15:45:29,201 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: matched
2025-07-02 15:45:29,203 DEBUG [reactor-http-epoll-4] r.n.c.FluxReceive: [9d9e8699-1, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] [terminated=false, cancelled=false, pending=0, error=null]: subscribing inbound receiver
2025-07-02 15:45:29,207 DEBUG [reactor-http-epoll-4] o.s.h.c.FormHttpMessageReader: [9d9e8699-1] Read form fields [username, password] (content masked)
2025-07-02 15:45:29,333 DEBUG [boundedElastic-1] o.s.s.l.a.BindAuthenticator: Failed to bind with any user DNs [CN=admldelang1,OU=AA,DC=us,DC=aegon,DC=com]
2025-07-02 15:45:29,336 DEBUG [boundedElastic-1] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldap://usldaps.us.aegon.com:389'
2025-07-02 15:45:29,339 DEBUG [boundedElastic-1] o.s.s.w.s.a.AuthenticationWebFilter: Authentication failed: Uncategorized exception occured during LDAP processing
org.springframework.security.authentication.InternalAuthenticationServiceException: Uncategorized exception occured during LDAP processing
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:190)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:80)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
at org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter.doAuthenticate(ReactiveAuthenticationManagerAdapter.java:60)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:132)
at reactor.core.publisher.FluxSubscribeOnValue$ScheduledScalar.run(FluxSubscribeOnValue.java:181)
at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)
at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:230)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:790)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:261)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100)
at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:88)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:174)
... 12 common frames omitted
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A06, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3300)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3206)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2997)
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1876)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1799)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1816)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:388)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:271)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.lambda$searchForSingleEntry$3(SpringSecurityLdapTemplate.java:261)
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:804)
... 17 common frames omitted
2025-07-02 15:45:29,341 DEBUG [boundedElastic-1] o.s.s.w.s.DefaultServerRedirectStrategy: Redirecting to '/login?error'
2025-07-02 15:45:29,342 DEBUG [boundedElastic-1] o.s.w.s.a.HttpWebHandlerAdapter: [9d9e8699-1] Completed 302 FOUND
2025-07-02 15:45:29,348 DEBUG [boundedElastic-1] r.n.h.s.HttpServerOperations: [9d9e8699-1, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Last HTTP response frame
2025-07-02 15:45:29,348 DEBUG [boundedElastic-1] r.n.h.s.HttpServerOperations: [9d9e8699-1, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Headers are not sent before onComplete().
2025-07-02 15:45:29,350 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699-1, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Decreasing pending responses count: 0
2025-07-02 15:45:29,350 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699-1, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Last HTTP packet was sent, terminating the channel
2025-07-02 15:45:29,350 DEBUG [reactor-http-epoll-4] r.n.c.ChannelOperations: [9d9e8699-1, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] [HttpServer] Channel inbound receiver cancelled (subscription disposed).
2025-07-02 15:45:29,410 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Increasing pending responses count: 1
2025-07-02 15:45:29,410 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServer: [9d9e8699-2, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@78778dd8
2025-07-02 15:45:29,410 DEBUG [reactor-http-epoll-4] o.s.w.s.a.HttpWebHandlerAdapter: [9d9e8699-2] HTTP GET "/login?error"
2025-07-02 15:45:29,411 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/login', method=POST}
2025-07-02 15:45:29,412 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.PathPatternParserServerWebExchangeMatcher: Request 'GET /login' doesn't match 'POST /login'
2025-07-02 15:45:29,412 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: No matches found
2025-07-02 15:45:29,412 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/login', method=GET}
2025-07-02 15:45:29,412 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.PathPatternParserServerWebExchangeMatcher: Checking match of request : '/login'; against '/login'
2025-07-02 15:45:29,412 DEBUG [reactor-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher: matched
2025-07-02 15:45:29,415 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699-2, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Last HTTP response frame
2025-07-02 15:45:29,415 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699-2, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Headers are not sent before onComplete().
2025-07-02 15:45:29,417 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699-2, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Decreasing pending responses count: 0
2025-07-02 15:45:29,417 DEBUG [reactor-http-epoll-4] r.n.h.s.HttpServerOperations: [9d9e8699-2, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] Last HTTP packet was sent, terminating the channel
2025-07-02 15:45:29,417 DEBUG [reactor-http-epoll-4] r.n.c.ChannelOperations: [9d9e8699-2, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] [HttpServer] Channel inbound receiver cancelled (subscription disposed).
2025-07-02 15:45:29,417 DEBUG [reactor-http-epoll-4] o.s.w.s.a.HttpWebHandlerAdapter: [9d9e8699-2] Completed 200 OK
2025-07-02 15:45:29,418 DEBUG [reactor-http-epoll-4] r.n.c.ChannelOperationsHandler: [9d9e8699, L:/10.38.100.206:8081 - R:/10.57.25.141:59956] No ChannelOperation attached.2025-07-02 15:45:38,353 DEBUG [parallel-2] i.k.u.s.ClustersStatisticsScheduler: Start getting metrics for kafkaCluster: Kafka-Test
2025-07-02 15:45:38,353 DEBUG [parallel-2] o.a.k.c.a.KafkaAdminClient: [AdminClient clientId=kafbat-ui-admin-1751467508-1] Queueing Call(callName=listNodes, deadlineMs=1751467598353, tries=0, nextAllowedTryMs=0) with a timeout 30000 ms from now.
2025-07-02 15:45:38,353 DEBUG [kafka-admin-client-thread | kafbat-ui-admin-1751467508-1] o.a.k.c.a.KafkaAdminClient: [AdminClient clientId=kafbat-ui-admin-1751467508-1] Sending DescribeClusterRequestData(includeClusterAuthorizedOperations=true, endpointType=1) to uklnxpuk2431.us.aegon.com:9092 (id: 0 rack: null). correlationId=16, timeoutMs=30000
2025-07-02 15:45:38,353 DEBUG [kafka-admin-client-thread | kafbat-ui-admin-1751467508-1] o.a.k.c.NetworkClient: [AdminClient clientId=kafbat-ui-admin-1751467508-1] Sending DESCRIBE_CLUSTER request with header RequestHeader(apiKey=DESCRIBE_CLUSTER, apiVersion=1, clientId=kafbat-ui-admin-1751467508-1, correlationId=16, headerVersion=2) and timeout 30000 to node 0: DescribeClusterRequestData(includeClusterAuthorizedOperations=true, endpointType=1)
Beta Was this translation helpful? Give feedback.
All reactions