Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed

avatar
Contributor

External authentication with active directory is working for ALL users except one ID. Other users in the same group can access cloudera manager too.

Getting following error.

 

Is this user's active directory setting issue?

Is this a bug?

Am I missing some setting in cloudera manager?

 

2015-09-08 16:36:17,767 INFO 1305153855@scm-web-14:org.springframework.security.ldap.SpringSecurityLdapTemplate: Ignoring PartialResultException
2015-09-08 16:36:17,767 ERROR 1305153855@scm-web-14:com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider: LDAP/AD authentication failed
org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 0
         at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:239)
         at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.searchForUser(ActiveDirectoryLdapAuthenticationProvider.java:258)
         at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:114)
         at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
         at com.cloudera.server.web.cmf.CmfLdapAuthenticationProvider.authenticate(CmfLdapAuthenticationProvider.java:104)
         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
         at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
         at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
         at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
         at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
         at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
         at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
         at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
         at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
         at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
         at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
         at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
         at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
         at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
         at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:767)
         at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
         at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
         at org.mortbay.jetty.handler.StatisticsHandler.handle(StatisticsHandler.java:53)
         at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
         at org.mortbay.jetty.Server.handle(Server.java:326)
         at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
         at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
         at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
         at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
         at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
         at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
         at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
2015-09-08 16:36:17,771 INFO 1305153855@scm-web-14:com.cloudera.server.web.cmf.AuthenticationFailureEventListener: Authentication failure for user: user123

1 ACCEPTED SOLUTION

avatar
Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
4 REPLIES 4

avatar
Cloudera Employee

Hi,

 

I believe this is likely a configuration issue with your Active Directory (AD) installation, and how ClouderaMmanager uses Spring.

The key is the first line to diagnosing this:

 

 

2015-09-08 16:36:17,767 INFO 1305153855@scm-web-14:org.springframework.security.ldap.SpringSecurityLdapTemplate: Ignoring PartialResultException

 

This might happen if your AD is configured to allow referrals, and this user who has trouble logging in is in a different 

AD CN or directory partition than the AD instance currently configured for use with your CM.

 

The utility we use does not currently support following LDAP referrals.

avatar
Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Expert Contributor

@Jayesh Seshadri

 

Is there any limitation on the character size or special characters in the password that are not allowed ?

 

I have the same issue and switching to ldap also does not work. 

 

After looking firther, I am able to login with my password, however when i try with a functional user where the username is  "abc_efg_scd_dfc" password is   "a61Odc7zxxaGArlSInIUYu-iq"  it does not work 

 

Do the username/password have any limitations ? 

avatar
Master Guru

@desind,

 

No limit that I know of on the CM side.

Please start a new thread and provide your LDAP configuration, what happens in the logs and also the "abc_efg_scd_dfc" user LDIF entry.

 

There are lots of reasons for failures, so it is important we start with what you observe and the items involved.