Help with LDAP login

Hi,
I had LDAP authentication against multiple servers working in an earlier
build but it recently broke and no longer allows me to authenticate
against any server other than the first one on the list - although
according to
http://www.jetbrains.net/jira/browse/TW-2320
the problem seems to be on my side.

I enabled debug logging but the only interesting thing log I get is
Login failed, error: javax.security.auth.login.LoginException:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece]

I know the credentials presented are OK because if I change the
ldap-config.properties (attached below) to query the ldap.fr server
first everything works fine (for a user in the fr domain, but not for ie
or sg users).

I tried writing a test sample (attached as a post scriptum) but my test
sample works OK and allows me to authenticate against any one of the
servers on my list. Can anybody give me any pointers?

Thanks,
Robert

PS My ldap-config.properties file
java.naming.referral=follow
java.naming.provider.url=ldap://ldap.ie.xxx.com:389
ldap://ldap.fr.xxx.com:389 ldap://ldap.sg.xxx.com:389
java.naming.security.authentication=simple

PPS Test code
import java.io.FileInputStream;
import java.util.Properties;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.Context;

public class TestLDAP
{
public static void main (String[] args) throws Exception
{

Properties env = new Properties ();
env.load (new FileInputStream
("/usr/local/TeamCity/config/ldap-config.properties"));
env.put (Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");

env.put (Context.SECURITY_PRINCIPAL, "FR
rgibson");
env.put (Context.SECURITY_CREDENTIALS, "password");

// Create the initial directory context
LdapContext ctx = new InitialLdapContext (env, null);
System.out.println ("Login succeeded");
ctx.close ();
}
}

2 comments
Comment actions Permalink

Robert,

PS My ldap-config.properties file
java.naming.referral=follow
java.naming.provider.url=ldap://ldap.ie.xxx.com:389
ldap://ldap.fr.xxx.com:389 ldap://ldap.sg.xxx.com:389
java.naming.security.authentication=simple


This may seem very obvious but have you tried wrapping the value in quotes or replacing spaces with "%20"s in the properties file?

e.g.:
java.naming.provider.url="ldap://ldap.ie.xxx.com:389 ldap://ldap.fr.xxx.com:389 ldap://ldap.sg.xxx.com:389"
or
java.naming.provider.url=ldap://ldap.ie.xxx.com:389%20ldap://ldap.fr.xxx.com:389%20ldap://ldap.sg.xxx.com:389

-Dave

0
Comment actions Permalink

Dave,
Obvious or not, wrapping the list in quotes works, thanks a lot!
(Replacing the spaces with %20 doesn't.) I'm a bit baffled why my code
works and TeamCity barfs, but what would life be without a bit of mystery?

JetBrains - you should update the doc at
http://www.jetbrains.net/confluence/display/TCD/Authentication+Settings

R

0

Please sign in to leave a comment.