Hi there, thanks in advance for any assistance.
I am having problems trying to get shinyproxy working with active directory authentication, I have been on many forums and tried various configs, most of which have been discussed above. I have managed to get a point where it is authenticating and pulling back the user and its location (I have tested this with a user that exists outside of the Users OU too to make sure it is not a hardcode recall of the specified OU) but it appears to stall when trying to bring back the group memberships for that user. I would really appreciate any help/pointers.
DCServerName represents our DC1 Server Name
Redacted Password - self explanatory
Admin Group for testing is called TestShinyGlobal and exists in the OU called Users at the top level in AD
For simplicity I have also put the TestShinyUser in the same OU and it is a member of the group above
TestShinyUser is loginname, Test ShinyUser is CN
application.yml extract
authentication: ldap
admin-groups: TestShinyGlobal
ldap:
url: ldap://DCServerName:389/dc=companyname,dc=local
manager-dn: CN=ServiceAccountName,OU=Service Accounts,DC=companyname,DC=local
manager-password: RedactedPassword
user-search-base:
user-search-filter: (sAMAccountName={0})
group-search-base: ou=users
group-search-filter: (member={0})
Error log
2022-04-25 20:21:16.059 DEBUG 7688 — [ XNIO-1 task-4] o.s.s.l.a.LdapAuthenticationProvider : Processing authentication request for user: TestShinyUser
2022-04-25 20:21:16.174 INFO 7688 — [ XNIO-1 task-4] o.s.s.ldap.SpringSecurityLdapTemplate : Ignoring PartialResultException
2022-04-25 20:21:16.175 DEBUG 7688 — [ XNIO-1 task-4] o.s.s.l.a.BindAuthenticator : Attempting to bind as cn=Test ShinyUser,cn=Users,dc=companyname,dc=local
2022-04-25 20:21:16.240 DEBUG 7688 — [ XNIO-1 task-4] o.s.s.l.a.BindAuthenticator : Retrieving attributes…
2022-04-25 20:21:16.242 DEBUG 7688 — [ XNIO-1 task-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=Test ShinyUser,cn=Users,dc=companyname,dc=local
2022-04-25 20:21:16.243 DEBUG 7688 — [ XNIO-1 task-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user ‘TestShinyUser’, DN = ‘cn=Test ShinyUser,cn=Users,dc=companyname,dc=local’, with filter (member={0}) in search base ‘ou=users’
2022-04-25 20:21:16.282 ERROR 7688 — [ XNIO-1 task-4] io.undertow.request : UT005023: Exception handling request to /login
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
‘DC=companyname,DC=local’
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
‘DC=companyname,DC=local’
]; remaining name ‘ou=users’