com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

nkumari — Fri, 16 Sep 2022 09:40:19 GMT

External authentication with active directory is working for ALL users except one ID. Other users in the same group can access cloudera manager too.

Getting following error.

Is this user's active directory setting issue?

Is this a bug?

Am I missing some setting in cloudera manager?

2015-09-08 16:36:17,767 INFO 1305153855@scm-web-14:org.springframework.security.ldap.SpringSecurityLdapTemplate: Ignoring PartialResultException
2015-09-08 16:36:17,767 ERROR 1305153855@scm-web-14:com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed
org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 0
         at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:239)
         at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.searchForUser(ActiveDirectoryLdapAuthenticationProvider.java:258)
         at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:114)
         at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
         at com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider.authenticate(CmfLdapAuthenticationProvider.java:104)
         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
         at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
         at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
         at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
         at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
         at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
         at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
         at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
         at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
         at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
         at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
         at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
         at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
         at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:767)
         at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
         at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
         at org.mortbay.jetty.handler.StatisticsHandler.handle(StatisticsHandler.java:53)
         at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
         at org.mortbay.jetty.Server.handle(Server.java:326)
         at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
         at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
         at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
         at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
         at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
         at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
         at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
2015-09-08 16:36:17,771 INFO 1305153855@scm-web-14:com.cloudera.server.web.cmf.AuthenticationFailureEventListener: Authentication failure for user: user123

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

Jayesh Seshadri — Thu, 10 Sep 2015 05:53:59 GMT

Hi,

I believe this is likely a configuration issue with your Active Directory (AD) installation, and how ClouderaMmanager uses Spring.

The key is the first line to diagnosing this:

2015-09-08 16:36:17,767 INFO 1305153855@scm-web-14:org.springframework.security.ldap.SpringSecurityLdapTemplate: Ignoring PartialResultException

This might happen if your AD is configured to allow referrals, and this user who has trouble logging in is in a different

AD CN or directory partition than the AD instance currently configured for use with your CM.

The utility we use does not currently support following LDAP referrals.

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

nkumari — Fri, 11 Sep 2015 16:57:09 GMT

Thanks for the reponse!

My issue is resolved.

Issue:

When Active directory is selected the spring providers were converting the userID to UserPrincipalName by appending @domain.

user123 was converted to user123@xyz.corp.com and being authenticated against active directory.

For some employess UserPrincipal name was different. It was user1234@newXYZ.com.

That's why it was working for some users and not others even if they were in same group which was granted access.

Solution:

We did not want to customize or update the srping code\xml files. So instead of "Active Directory" option we selected "LDAP".

Had to add the bind user and password.

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

desind — Thu, 13 Sep 2018 20:53:06 GMT

@Jayesh Seshadri

Is there any limitation on the character size or special characters in the password that are not allowed ?

I have the same issue and switching to ldap also does not work.

After looking firther, I am able to login with my password, however when i try with a functional user where the username is "abc_efg_scd_dfc" password is "a61Odc7zxxaGArlSInIUYu-iq" it does not work

Do the username/password have any limitations ?

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

bgooley — Sat, 15 Sep 2018 00:57:06 GMT

@desind,

No limit that I know of on the CM side.

Please start a new thread and provide your LDAP configuration, what happens in the logs and also the "abc_efg_scd_dfc" user LDIF entry.

There are lots of reasons for failures, so it is important we start with what you observe and the items involved.

question Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed in Archives of Support Questions (Read Only)

com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

Re: com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed