2017-10-16 21 views
1

私はJasper 6.4.0を使用してアクティブディレクトリサーバーに対してしばらくの間認証を行い、次のエラーが発生しています。lasap認証を使用してjasperサーバーを構成する方法は?

2017-10-16 13:39:35,145 WARN JSLdapAuthenticationProvider,http-apr-8080-exec-9:62 - [ 
LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]; 
nested exception is javax.naming.AuthenticationException: 
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ] 

私が集めたことから、data 52eは無効な資格情報を示しています。私はbobに自分のサービスアカウントのパスワードを変更して、同じエラーが表示されるかどうかを確認しようとしました(ログインしていたテストアカウントではなくLDAPサーバーにバインドするときのエラーを示しています)。

ここにジャスパーのサービスアカウントの設定があります。

<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource"> 
    <constructor-arg value="ldaps://MyLDAPSServer:636/"/> 
    <!-- manager user name and password (may not be needed) --> 
    <property name="userDn" value="dc=mydomain,dc=com,uid=MyServiceAccount"/> 
    <property name="password" value="SomePasswordWithSpecialCharacters"/> 
</bean> 

私はユーザー名とパスワードが正しいと確信しています。次のPythonコードを使用して、同じLDAPサーバーに対して認証することができます。

from ldap3 import Server, \ 
    Connection, \ 
    AUTO_BIND_NO_TLS, \ 
    SUBTREE, \ 
    ALL_ATTRIBUTES 

def get_ldap_info(u): 
    with Connection(Server('MyLDAPSServer', port=636, use_ssl=True), 
        auto_bind=AUTO_BIND_NO_TLS, 
        read_only=True, 
        check_names=True, 
        user='MyServiceAccount', password='SomePasswordWithSpecialCharacters') as c: 

     c.search(search_base='DC=mydomain,DC=com', 
       search_filter='(&(samAccountName=' + u + '))', 
       search_scope=SUBTREE, 
       attributes=ALL_ATTRIBUTES, 
       get_operational_attributes=True) 
     print(c.response_to_json()) 
     print(c.result) 


get_ldap_info('test.user') 

私は考えることができました一つのことは、多分碧玉がパスワードに特殊文字を持つようにしないのですか?

ここでは、何か不足している場合のジャスパーサーバーの構成の残りの部分を示します。私がしたように、このに苦しんでいます将来的に誰のための

<!-- 
~ Copyright (C) 2005 - 2014 TIBCO Software Inc. All rights reserved. 
~ http://www.jaspersoft.com. 
~ Licensed under commercial Jaspersoft Subscription License Agreement 
    --> 

<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> 

    <!-- ############ LDAP authentication ############ 
     - Sample configuration of external authentication via an external LDAP server. 
    --> 

    <bean id="proxyAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.security.EncryptionAuthenticationProcessingFilter" 
      parent="mtAuthenticationProcessingFilter"> 
     <property name="authenticationManager"> 
      <ref local="ldapAuthenticationManager"/> 
     </property> 

     <property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" /> 
    </bean> 

    <bean id="proxyAuthenticationSoapProcessingFilter" 
      class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.MTDefaultAuthenticationSoapProcessingFilter"> 
     <property name="authenticationManager" ref="ldapAuthenticationManager"/> 
     <property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" /> 

     <property name="filterProcessesUrl" value="/services"/> 
    </bean> 

    <bean id="proxyAuthenticationRestProcessingFilter" class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.MTDefaultAuthenticationRestProcessingFilter"> 
     <property name="authenticationManager"> 
      <ref local="ldapAuthenticationManager"/> 
     </property> 
     <property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" /> 
     <property name="filterProcessesUrl" value="/rest/login"/> 
    </bean> 

    <bean id="proxyRequestParameterAuthenticationFilter" 
      class="com.jaspersoft.jasperserver.war.util.ExternalRequestParameterAuthenticationFilter" parent="requestParameterAuthenticationFilter"> 
     <property name="authenticationManager"> 
      <ref local="ldapAuthenticationManager"/> 
     </property> 
     <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/> 
    </bean> 

    <bean id="externalAuthSuccessHandler" 
      class="com.jaspersoft.jasperserver.api.security.externalAuth.JrsExternalAuthenticationSuccessHandler" parent="successHandler"> 
     <property name="externalDataSynchronizer"> 
      <ref local="externalDataSynchronizer"/> 
     </property> 
    </bean> 

    <bean id="proxyBasicProcessingFilter" 
      class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.MTExternalAuthBasicProcessingFilter" parent="mtBasicProcessingFilter"> 
     <property name="authenticationManager" ref="ldapAuthenticationManager"/> 
     <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/> 
    </bean> 

    <bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager"> 
     <property name="providers"> 
      <list> 
       <ref local="ldapAuthenticationProvider"/> 
       <ref bean="${bean.daoAuthenticationProvider}"/> 
       <!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true 
       <ref bean="anonymousAuthenticationProvider"/>--> 
      </list> 
     </property> 
    </bean> 

    <bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider"> 
     <constructor-arg> 
      <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator"> 
       <constructor-arg><ref local="ldapContextSource"/></constructor-arg> 
       <property name="userSearch" ref="userSearch"/> 
      </bean> 
     </constructor-arg> 
     <constructor-arg> 
      <bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator"> 
       <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg> 
       <constructor-arg index="1"><value></value></constructor-arg> 
       <property name="groupRoleAttribute" value="title"/> 
       <property name="groupSearchFilter" value="(uid={1})"/> 
       <property name="searchSubtree" value="true"/> 
       <!-- Can setup additional external default roles here <property name="defaultRole" value="LDAP"/> --> 
      </bean> 
     </constructor-arg> 
    </bean> 

    <bean id="userSearch" 
      class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch"> 
     <constructor-arg index="0"> 
      <value>cn=Users</value> 
     </constructor-arg> 
     <constructor-arg index="1"> 
      <!--<value>(uid={0})</value>--> 
      <!--<value>(uid=test.user)</value>--> 
      <value>(sAMAccountName={0})</value> 
     </constructor-arg> 
     <constructor-arg index="2"> 
      <ref local="ldapContextSource" /> 
     </constructor-arg> 
     <property name="searchSubtree"> 
      <value>true</value> 
     </property> 
    </bean> 

<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource"> 
    <constructor-arg value="ldaps://MyLDAPSServer:636/"/> 
    <!-- manager user name and password (may not be needed) --> 
    <property name="userDn" value="dc=mydomain,dc=com,uid=MyServiceAccount"/> 
    <property name="password" value="SomePasswordWithSpecialCharacters"/> 
</bean> 
    <!-- ############ LDAP authentication ############ --> 

    <!-- ############ JRS Synchronizer ############ --> 
    <bean id="externalDataSynchronizer" 
      class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.MTExternalDataSynchronizerImpl"> 
     <property name="externalUserProcessors"> 
      <list> 
       <ref local="ldapExternalTenantProcessor"/> 
       <ref local="mtExternalUserSetupProcessor"/> 
       <!-- Example processor for creating user folder--> 
       <!--<ref local="externalUserFolderProcessor"/>--> 
      </list> 
     </property> 
    </bean> 

    <bean id="abstractExternalProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor" abstract="true"> 
     <property name="repositoryService" ref="${bean.repositoryService}"/> 
     <property name="userAuthorityService" ref="${bean.userAuthorityService}"/> 
     <property name="tenantService" ref="${bean.tenantService}"/> 
     <property name="profileAttributeService" ref="profileAttributeService"/> 
     <property name="objectPermissionService" ref="objectPermissionService"/> 
    </bean> 

    <!-- 
     Multi-tenant configuration. For a JRS deployment with multiple 
     organizations, modify this bean to set up your organizations. For 
     single-organization deployments, comment this out and uncomment the version 
     below. 
    --> 
    <bean id="ldapExternalTenantProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.ldap.LdapExternalTenantProcessor" parent="abstractExternalProcessor"> 
     <property name="ldapContextSource" ref="ldapContextSource"/> 
     <property name="multiTenancyService"><ref bean="internalMultiTenancyService"/></property> 
     <property name="excludeRootDn" value="false"/> 
     <!--only following LDAP attributes will be used in creation of organization hierarchy. 
       Eg. cn=Smith,ou=Developement,o=Jaspersoft will produce tanant Development as child of 
       tenant Jaspersoft (if excludeRootDn=false) as child of default tenant organization_1--> 
     <property name="organizationRDNs"> 
      <list> 
       <value>dc</value> 
       <value>c</value> 
       <value>o</value> 
       <value>ou</value> 
       <value>st</value> 
      </list> 
     </property> 
     <property name="rootOrganizationId" value="organization_1"/> 
     <property name="tenantIdNotSupportedSymbols" value="#{configurationBean.tenantIdNotSupportedSymbols}"/> 

     <!-- User credentials are setup in js.externalAuth.properties--> 
     <property name="externalTenantSetupUsers"> 
      <list> 
       <bean class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.MTAbstractExternalProcessor.ExternalTenantSetupUser"> 
        <property name="username" value="${new.tenant.user.name.1}"/> 
        <property name="fullName" value="${new.tenant.user.fullname.1}"/> 
        <property name="password" value="${new.tenant.user.password.1}"/> 
        <property name="emailAddress" value="${new.tenant.user.email.1}"/> 
        <property name="roleSet"> 
         <set> 
          <value>ROLE_ADMINISTRATOR</value> 
          <value>ROLE_USER</value> 
         </set> 
        </property> 
       </bean> 
      </list> 
     </property> 
    </bean> 

    <!-- 
     Single tenant configuration. For a JRS deployment with a single 
     organization, uncomment this bean and configure it to set up your organization. 
     Comment out the multi-tenant version of ldapExternalTenantProcessor above 
    --> 
    <!--<bean id="ldapExternalTenantProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.ldap.LdapExternalTenantProcessor" parent="abstractExternalProcessor"> 
     <property name="ldapContextSource" ref="ldapContextSource"/> 
     <property name="multiTenancyService"><ref bean="internalMultiTenancyService"/></property> 
     <property name="excludeRootDn" value="true"/> 
     <property name="defaultOrganization" value="organization_1"/> 
    </bean>--> 

    <bean id="mtExternalUserSetupProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.MTExternalUserSetupProcessor" parent="abstractExternalProcessor"> 
     <!--Default permitted role characters; others are removed. Change regular expression to allow other chars. 
        <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>--> 

     <property name="userAuthorityService"> 
      <ref bean="${bean.internalUserAuthorityService}"/> 
     </property> 
     <property name="defaultInternalRoles"> 
      <list> 
       <value>ROLE_USER</value> 
      </list> 
     </property> 

     <property name="organizationRoleMap"> 
      <map> 
       <!-- Example of mapping customer roles to JRS roles --> 
       <entry> 
        <key> 
         <value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value> 
        </key> 
        <!-- JRS role that the <key> external role is mapped to--> 
        <value>ROLE_ADMINISTRATOR</value> 
       </entry> 
      </map> 
     </property> 
    </bean> 

    <!-- EXAMPLE Processor 
    <bean id="externalUserFolderProcessor" 
      class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor" 
      parent="abstractExternalProcessor"> 
     <property name="repositoryService" ref="${bean.unsecureRepositoryService}"/> 
    </bean> 
    --> 
    <!-- ############ JRS Synchronizer ############ --> 
</beans> 

答えて

0

、問題は私のldapContextSourceにuserDnはでした。

正しいuserDn

<property name="userDn" value="CN=myserviceaccount,OU=my ou,DC=mydomain,DC=com"/>

だった私は、このPythonスクリプトを実行し、出力を見て、ことがわかった:

from ldap3 import Server, \ 
    Connection, \ 
    AUTO_BIND_NO_TLS, \ 
    SUBTREE, \ 
    ALL_ATTRIBUTES 

def get_ldap_info(u): 
    with Connection(Server('MyLDAPSServer', port=636, use_ssl=True), 
        auto_bind=AUTO_BIND_NO_TLS, 
        read_only=True, 
        check_names=True, 
        user='MyServiceAccount', password='SomePasswordWithSpecialCharacters') as c: 


     c.search(search_base='DC=mydomain,DC=com', 
       search_filter='(&(samAccountName=' + u + '))', 
       search_scope=SUBTREE, 
       attributes=ALL_ATTRIBUTES, 
       get_operational_attributes=True) 
     print(c.response_to_json()) 
     print(c.result) 


get_ldap_info('myserviceaccount') 
関連する問題