Open GoogleCodeExporter opened 8 years ago
Can you paste how your "authenticator" and "userLockoutAuthenticator" beans are
defined? If they are still the default, that's the issue, the "authenticator"
property of the "userLockoutAuthenticator" should reference the next
authenticator instance to call in the chain, either the "ldapAuthenticator"
bean it looks like you have defined above, or a "multiAuthenticator" that
references both localAuthenticator and ldapAuthenticator for different sets of
users, depending on your use case requirements.
Original comment by joshdrum...@gmail.com
on 30 Jun 2013 at 2:23
[deleted comment]
<bean id="authenticator"
class="net.webpasswordsafe.server.plugin.authentication.IPLockoutAuthenticator">
<property name="authenticator" ref="userLockoutAuthenticator" />
<property name="failedLoginThreshold" value="10" />
<property name="lockoutLength" value="1440" />
<property name="whitelist">
<set>
<value>127.0.0.1</value>
</set>
</property>
</bean>
<bean id="userLockoutAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.UserLockoutAuthenticator">
<property name="authenticator" ref="ldapAuthenticator" />
<property name="failedLoginThreshold" value="500" />
<property name="whitelist">
<set>
<value>admin</value>
</set>
</property>
</bean>
<bean id="localAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.LocalAuthenticator">
</bean>
<!-- ## Uncomment to use a different authenticator implementation-->
<bean id="multiAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.CompositeAuthenticator">
<property name="authenticators">
<list>
<map>
<entry key="users">
<list>
<value>admin</value>
</list>
</entry>
<entry key="authenticator" value-ref="localAuthenticator"></entry>
</map>
<map>
<entry key="anyUser" value="true" />
<entry key="authenticator" value-ref="ldapAuthenticator"></entry>
</map>
</list>
</property>
</bean>
Original comment by g.fer.or...@gmail.com
on 1 Jul 2013 at 3:12
Based on that, all users will attempt the ldap plugin. Nothing in your
webpasswordsafe-audit.log?
Original comment by joshdrum...@gmail.com
on 2 Jul 2013 at 6:05
Yes.. the failures related to ldap
2013-07-01 11:02:12,112 || 2013-07-01 11:02:12.108 || server2003\VS.user ||
192.168.1.30 || login || || fail || authentication failed ||
2013-07-01 11:02:16,108 || 2013-07-01 11:02:16.102 || server2003/VS.user ||
192.168.1.30 || login || || fail || authentication failed ||
2013-07-01 11:06:02,033 || 2013-07-01 11:06:01.861 || VS.user || 192.168.1.30
|| login || || fail || authentication failed ||
2013-07-01 11:06:13,012 || 2013-07-01 11:06:13.004 || server2003\VS.user ||
192.168.1.30 || login || || fail || authentication failed ||
As you can see I have tried different ways of accessing the AD
Original comment by g.fer.or...@gmail.com
on 2 Jul 2013 at 6:46
Are those usernames defined in webpasswordsafe? The user has to be defined in
webpasswordsafe (with a dummy password since authentication will be via ldap
password).
Original comment by joshdrum...@gmail.com
on 9 Jul 2013 at 3:38
Original issue reported on code.google.com by
g.fer.or...@gmail.com
on 6 Jun 2013 at 7:44