How to config LDAP and Jespa

I followed manual at https://doc.cuba-platform.com/manual-7.2-ru/jespa_lib.html & /jespa_conf.html to integrate Jespa with CUBA.
-Add the dependencies to the web module configuration section in build.gradle (2 libs now present in \deploy\tomcat\shared\lib);
-Create a LoginProvider implementation class in the web module;
-Create a bean intended for resolving domains by their aliases in the web module;
-create Jespa computer account, test it in jespa\example app;
-set activeDirectory.domains and activeDirectory.integrationEnabled = true
-set url in local intranet

Run app and open Url, i was asked enter login & password.
Jespa’s Log absent (I set parameter with path to Jespa’s log).
Cuba ver is 7.2.5

I have some questions about it, may be anyone have thoughts aboute that.

  1. Where is the point to call a class JespaAuthProvider?
    In local.app.properties I have a settings, but I set breakpoint in this class in debugger, and not receive any result.

  2. Manual told: create a LoginProvider implementation class JespaAuthProvider and first 2 records is not determined:
    import com.company.sample.config.ActiveDirectoryConfig;
    import com.company.sample.web.sys.DomainAliasesResolver;
    as I understand it’s not actual after version 6.8?
    import of DomainAliasesResolver replaced by separated class, but what about com.company.example.config.ActiveDirectoryConfig ?

  3. Should I use Jespa with LDAP Addon or without it (Base LDAP setting)? I check both of them with same result: I was asked again enter login & password.
    But when I use LDAP Addon and Jespa is on, I can’t take authentificate by entering domain login & password and have error message “bad login or password”

1 Like

Possible, that I had some misunderstanding with parameter of activate Jespa authentication in various version of Cuba-platform.
So, I did check of parameters again.
Some updates:

  1. class JespaAuthProvider’s call is displayed in the debugger (when app is deploying).
  2. Log of Jespa appeared (new records is appearing in time of app deploying):
    CipherCache: checking for expired entries …
    HttpSecurityService: {service.password.encrypted=tBuh2Ххх==, service.acctname=JESPA1$@domainName.com, account.canonicalForm=3, bindstr=domainName.com, log.level=4, log.path=C:\TsI-Cuba\labworkshop\deploy\tomcat/…/app_home/logs/jespa.log}
    2020-07-06 11:49:05: NtlmSecurityProvider: JESPA1$@domainName.com
    2020-07-06 11:49:05: HttpSecurityService: name=com.company.labworkshop.web.JespaAuthProvider, http.parameter.username.name=null, http.parameter.password.name=null, http.parameter.logout.name=null, http.parameter.anonymous.name=anon, fallback.location=null, excludes[], groupsDenied[], groupsAllowed[], propertiesPath=null

But still the system asks for a login & password.