Active Directory Authentication

Thread: Active Directory Authentication

Search this list only Search all lists
Active Directory Authentication
United States	2007-07-26 12:06:39

I’m using jtrac-2.1.0-beta and I can’t seem to get active directory authentication to work. ; We have a Windows 2003 active directory in which both the domain and forest functional level has been raised to Windows 2003 Server mode. I have put the three lines in the jtrac.properties file ldap.url=ldap://deleon.domain.com ldap.searchBase=OU=Domain Users,DC=domain,DC=com ldap.activeDirectoryDomain=DOMAIN.COM When I try to login as an AD user I see in the log: 2007-07-26 11:04:36,195 [btpool0-7] INFO [info.jtrac.acegi.JtracLdapAuthenticationProvider] - ldap authenthication provider initialized searchKey = 'sAMAccountName', searchBase =’OU=Domain Users,DC=domain,DC=com', activeDirectoryDomain = 'DOMAIN.COM', ldapUrl = 'ldap://deleon.domain.com' I have tried to login without creating a database user first and with creating a database user with the same userid.  Everytime I get ̶0;Bad Credentials”. Does jtrac try to bind to the directory as the user logging in, or is there a way I can tell jtrac to bind to the directory with a service account before authenticating the user? What am I missing? ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com "Privileged/Confidential Information of Communications Supply Corp. may be contained in this message.  If you are not the addressee of this message, you may not copy, use or deliver this message to anyone.  In such event, you should destroy the message and kindly notify the sender by reply e-mail.  It is understood that opinions or conclusions that do not relate to the official business of Communications Supply Corp. are neither given nor endorsed by Communications Supply Corp.";
Re: Active Directory Authentication
	2007-07-26 13:25:27

Hi, The activeDirectoryDomain as far as I know should be something like "DOMAIN" not DOMAIN.COM - this is the NT domain into which you login etc. You can also try to not use the activeDirectoryDomain entry also, it should default to normal LDAP. You should also ensure that LDAP is enabled, from what I remember this is not done by default on Active Directory. Thanks, Peter. On 7/26/07, Dennis Hopp < dhoppgocsc.com">dhoppgocsc.com> wrote: I'm using jtrac-2.1.0-beta and I can't seem to get active directory authentication to work. ; We have a Windows 2003 active directory in which both the domain and forest functional level has been raised to Windows 2003 Server mode. I have put the three lines in the jtrac.properties file ldap.url=ldap://deleon.domain.com ldap.searchBase=OU=Domain Users,DC=domain,DC=com ldap.activeDirectoryDomain=DOMAIN.COM When I try to login as an AD user I see in the log: 2007-07-26 11:04:36,195 [btpool0-7] INFO [info.jtrac.acegi.JtracLdapAuthenticationProvider] - ldap authenthication provider initialized searchKey = 'sAMAccountName', searchBase ='OU=Domain Users,DC=domain,DC=com', activeDirectoryDomain = 'DOMAIN.COM', ldapUrl = 'ldap://deleon.domain.com9; I have tried to login without creating a database user first and with creating a database user with the same userid.  Everytime I get "Bad Credentials". Does jtrac try to bind to the directory as the user logging in, or is there a way I can tell jtrac to bind to the directory with a service account before authenticating the user? What am I missing? ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dhoppgocsc.com "Privileged/Confidential Information of Communications Supply Corp. may be contained in this message.  If you are not the addressee of this message, you may not copy, use or deliver this message to anyone.  In such event, you should destroy the message and kindly notify the sender by reply e-mail.  It is understood that opinions or conclusions that do not relate to the official business of Communications Supply Corp. are neither given nor endorsed by Communications Supply Corp."; ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ j-trac-users mailing list lists.sourceforge.net">j-trac-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/j-trac-users
Re: Active Directory Authentication
United States	2007-07-26 13:30:07

I’ve tried both DOMAIN and DOMAIN.COM and both fail with the same error. I have other applications authenticating via LDAP without a problem. I can use ldapsearch to query the directory, but I have to supply a user to bind to the directory with. ; I don’t think Windows 2003 AD allows for anonymous bind to the directory. ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com From: j-trac-users-bounceslists.sourceforge.net [mailto:j-trac-users-bounceslists.sourceforge.net] On Behalf Of Peter Thomas Sent: Thursday, July 26, 2007 1:25 PM To: JTrac users mailing-list Subject: Re: [jtrac-users] Active Directory Authentication Hi, The activeDirectoryDomain as far as I know should be something like "DOMAIN" not DOMAIN.COM - this is the NT domain into which you login etc. You can also try to not use the activeDirectoryDomain entry also, it should default to normal LDAP. You should also ensure that LDAP is enabled, from what I remember this is not done by default on Active Directory. Thanks, Peter. On 7/26/07, Dennis Hopp < dhoppgocsc.com">dhoppgocsc.com> wrote: I'm using jtrac-2.1.0-beta and I can't seem to get active directory authentication to work.  We have a Windows 2003 active directory in which both the domain and forest functional level has been raised to Windows 2003 Server mode. I have put the three lines in the jtrac.properties file ldap.url=ldap://deleon.domain.com ldap.searchBase=OU=Domain Users,DC=domain,DC=com ldap.activeDirectoryDomain=DOMAIN.COM When I try to login as an AD user I see in the log: 2007-07-26 11:04:36,195 [btpool0-7] INFO [info.jtrac.acegi.JtracLdapAuthenticationProvider] - ldap authenthication provider initialized searchKey = 'sAMAccountName', searchBase ='OU=Domain Users,DC=domain,DC=com', activeDirectoryDomain = 'DOMAIN.COM', ldapUrl = 'ldap://deleon.domain.com' I have tried to login without creating a database user first and with creating a database user with the same userid.  Everytime I get "Bad Credentials". Does jtrac try to bind to the directory as the user logging in, or is there a way I can tell jtrac to bind to the directory with a service account before authenticating the user? What am I missing? ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com" target="_blank">dhoppgocsc.com "Privileged/Confidential Information of Communications Supply Corp. may be contained in this message.  If you are not the addressee of this message, you may not copy, use or deliver this message to anyone.  In such event, you should destroy the message and kindly notify the sender by reply e-mail.  It is understood that opinions or conclusions that do not relate to the official business of Communications Supply Corp. are neither given nor endorsed by Communications Supply Corp."; ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ j-trac-users mailing list j-trac-userslists.sourceforge.net">j-trac-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/j-trac-users
Re: Active Directory Authentication
United States	2007-07-26 13:44:59

I got it… I had changed the activeDirectoryDomain back and forth, but when I had it set to just DOMAIN I didn’;t have a database user created so it was failing, when I created the database user it worked. I had blown away my installation so many times and made so many changes, I had forgotten what I had done…; Thanks, --Dennis ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com From: j-trac-users-bounceslists.sourceforge.net [mailto:j-trac-users-bounceslists.sourceforge.net] On Behalf Of Dennis Hopp Sent: Thursday, July 26, 2007 1:30 PM To: JTrac users mailing-list Subject: Re: [jtrac-users] Active Directory Authentication I’ve tried both DOMAIN and DOMAIN.COM and both fail with the same error. I have other applications authenticating via LDAP without a problem. I can use ldapsearch to query the directory, but I have to supply a user to bind to the directory with. ; I don’t think Windows 2003 AD allows for anonymous bind to the directory. ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com From: j-trac-users-bounceslists.sourceforge.net [mailto:j-trac-users-bounceslists.sourceforge.net] On Behalf Of Peter Thomas Sent: Thursday, July 26, 2007 1:25 PM To: JTrac users mailing-list Subject: Re: [jtrac-users] Active Directory Authentication Hi, The activeDirectoryDomain as far as I know should be something like "DOMAIN" not DOMAIN.COM - this is the NT domain into which you login etc. You can also try to not use the activeDirectoryDomain entry also, it should default to normal LDAP. You should also ensure that LDAP is enabled, from what I remember this is not done by default on Active Directory. Thanks, Peter. On 7/26/07, Dennis Hopp < dhoppgocsc.com">dhoppgocsc.com> wrote: I'm using jtrac-2.1.0-beta and I can't seem to get active directory authentication to work. ; We have a Windows 2003 active directory in which both the domain and forest functional level has been raised to Windows 2003 Server mode. I have put the three lines in the jtrac.properties file ldap.url=ldap://deleon.domain.com ldap.searchBase=OU=Domain Users,DC=domain,DC=com ldap.activeDirectoryDomain=DOMAIN.COM When I try to login as an AD user I see in the log: 2007-07-26 11:04:36,195 [btpool0-7] INFO [info.jtrac.acegi.JtracLdapAuthenticationProvider] - ldap authenthication provider initialized searchKey = 'sAMAccountName', searchBase ='OU=Domain Users,DC=domain,DC=com', activeDirectoryDomain = 'DOMAIN.COM', ldapUrl = 'ldap://deleon.domain.com' I have tried to login without creating a database user first and with creating a database user with the same userid.  Everytime I get "Bad Credentials". Does jtrac try to bind to the directory as the user logging in, or is there a way I can tell jtrac to bind to the directory with a service account before authenticating the user? What am I missing? ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com" target="_blank">dhoppgocsc.com "Privileged/Confidential Information of Communications Supply Corp. may be contained in this message.  If you are not the addressee of this message, you may not copy, use or deliver this message to anyone.  In such event, you should destroy the message and kindly notify the sender by reply e-mail.  It is understood that opinions or conclusions that do not relate to the official business of Communications Supply Corp. are neither given nor endorsed by Communications Supply Corp."; ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ j-trac-users mailing list j-trac-userslists.sourceforge.net">j-trac-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/j-trac-users
Re: Active Directory Authentication
	2007-07-26 13:51:50

Good to hear that. For the reference of others who may come across this thread in the future, this forum thread linked below can help troubleshoot LDAP connectivity (if you know Java): http://sourceforge.net/forum/message.php?msg_id=4305262 On 7/27/07, Dennis Hopp < dhoppgocsc.com">dhoppgocsc.com> wrote: I got it… I had changed the activeDirectoryDomain back and forth, but when I had it set to just DOMAIN I didn't have a database user created so it was failing, when I created the database user it worked. I had blown away my installation so many times and made so many changes, I had forgotten what I had done… Thanks, --Dennis ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dhoppgocsc.com From: j-trac-users-bounceslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> j-trac-users-bounceslists.sourceforge.net [mailto: j-trac-users-bounceslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">j-trac-users-bounceslists.sourceforge.net] On Behalf Of Dennis Hopp Sent: Thursday, July 26, 2007 1:30 PM To: JTrac users mailing-list Subject: Re: [jtrac-users] Active Directory Authentication I've tried both DOMAIN and DOMAIN.COM and both fail with the same error. I have other applications authenticating via LDAP without a problem. I can use ldapsearch to query the directory, but I have to supply a user to bind to the directory with. ; I don't think Windows 2003 AD allows for anonymous bind to the directory. ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dhoppgocsc.com From: j-trac-users-bounceslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">j-trac-users-bounceslists.sourceforge.net [mailto: j-trac-users-bounceslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">j-trac-users-bounceslists.sourceforge.net] On Behalf Of Peter Thomas Sent: Thursday, July 26, 2007 1:25 PM To: JTrac users mailing-list Subject: Re: [jtrac-users] Active Directory Authentication Hi, The activeDirectoryDomain as far as I know should be something like "DOMAIN" not DOMAIN.COM - this is the NT domain into which you login etc. You can also try to not use the activeDirectoryDomain entry also, it should default to normal LDAP. You should also ensure that LDAP is enabled, from what I remember this is not done by default on Active Directory. Thanks, Peter. On 7/26/07, Dennis Hopp < dhoppgocsc.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dhoppgocsc.com> wrote: I'm using jtrac-2.1.0-beta and I can't seem to get active directory authentication to work. ; We have a Windows 2003 active directory in which both the domain and forest functional level has been raised to Windows 2003 Server mode. I have put the three lines in the jtrac.properties file ldap.url=ldap://deleon.domain.com ldap.searchBase=OU=Domain Users,DC=domain,DC=com ldap.activeDirectoryDomain=DOMAIN.COM When I try to login as an AD user I see in the log: 2007-07-26 11:04:36,195 [btpool0-7] INFO [info.jtrac.acegi.JtracLdapAuthenticationProvider] - ldap authenthication provider initialized searchKey = 'sAMAccountName', searchBase ='OU=Domain Users,DC=domain,DC=com';, activeDirectoryDomain = 'DOMAIN.COM', ldapUrl = 'ldap://deleon.domain.com9; I have tried to login without creating a database user first and with creating a database user with the same userid.  Everytime I get "Bad Credentials". Does jtrac try to bind to the directory as the user logging in, or is there a way I can tell jtrac to bind to the directory with a service account before authenticating the user? What am I missing? ---------------------------------- Dennis B. Hopp Senior Technical Administrator Communications Supply Corporation Voice: (630) 221-6557 Fax: ; (630) 221-6558 Email: dhoppgocsc.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dhoppgocsc.com "Privileged/Confidential Information of Communications Supply Corp. may be contained in this message.  If you are not the addressee of this message, you may not copy, use or deliver this message to anyone.  In such event, you should destroy the message and kindly notify the sender by reply e-mail.  It is understood that opinions or conclusions that do not relate to the official business of Communications Supply Corp. are neither given nor endorsed by Communications Supply Corp."; ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ j-trac-users mailing list j-trac-userslists.sourceforge.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">j-trac-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/j-trac-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ j-trac-users mailing list lists.sourceforge.net">j-trac-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/j-trac-users

[1-5]

about | contact Other archives ( Real Estate discussion Medical topics )