使用Spring Security的LDAP认证对任何用户抛出LDAP错误49、52e
[英]LDAP Authentication with Spring Security throwing LDAP error 49, 52e for any userDn
问题描述
I have basic sample 3.2.4 ldap-xml script downloaded from spring security. 
我有从Spring Security下载的基本示例3.2.4 ldap-xml脚本。 The only part modified is the application security context.xml to point to my ldap server instead of dummy server. 唯一修改的部分是application security context.xml ,它指向我的ldap服务器而不是虚拟服务器。
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://server:389"/>
<property name="userDn" value="cn=myUsername"/>
<property name="password" value="myPassword"/>
</bean>
Now thing is, no matter what I provide in userDn value, whether it is, "afdjljaf" or "1234244" or even " " . 现在,无论我提供的userDn值是什么,无论是“ afdjljaf”还是“ 1234244”甚至是“” 。 I get error as 我得到错误
"LDAP: error code 49 - 80090308 : LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e".
Using AdFind.exe " http://www.joeware.net/freetools/tools/adfind/usage.htm ", using same userDn (Lets assume my userDn is XYZ, and password is passxyz), I am able to login in ldap server using command 使用AdFind.exe“ http://www.joeware.net/freetools/tools/adfind/usage.htm ”,使用相同的userDn(假设我的userDn为XYZ,密码为passxyz),我可以在ldap中登录服务器使用命令
"Adfind.exe -h server:port -u XYZ -up passxyz"
I am able to connect to ldap server successfully and browse directory. 我能够成功连接到ldap服务器并浏览目录。
Can someone please tell me equivalent value for userDn and password properties that I should put in security context xml? 有人可以告诉我应该放入安全上下文xml中的userDn和密码属性的等效值吗?
2 个解决方案
解决方案1
1 2014-06-01 19:15:37
userDN should be like that "cn=myUsername,ou=myDepartment,dc=mydomain,dc=com". userDN应该类似于“ cn = myUsername,ou = myDepartment,dc = mydomain,dc = com”。 your user name should contain partition name and another thing you can use spring security tags. 您的用户名应包含分区名,还可以使用spring安全标签。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<s:ldap-server id="contextSource" url="${ldap.url}" manager-dn="${ldap.userDn}"
manager-password="${ldap.password}"/>
</beans>
UPDATE: 更新:
your server url should contain partition name too. 您的服务器网址也应包含分区名称。 "ldap://10.0.0.1:389/DC=mycompany,DC=com,DC=tr" “LDAP://10.0.0.1:389 / DC = myCompany中,DC = COM,DC = TR”
解决方案2
0 2014-06-02 13:29:14
Generally Speaking, a DN or Distinguished Name contains a full path of the object with active directory. 一般来说,DN或专有名称包含具有活动目录的对象的完整路径。
CN=myUsername is not a valid DN. CN=myUsername不是有效的DN。 Firstly, where you put myUsername , should actually go the object's name (NOT their samAccountName or UserPrincipalName, ie a username, or their displayName for that matter) and should contain the domain name and containers like this example: 首先,在您放置myUsername ,实际上应该使用对象的名称(而不是它们的samAccountName或UserPrincipalName,即用户名或它们的displayName),并且应包含域名和容器,例如以下示例:
CN=Joe Bloggs,OU=Users,OU=Company,DN=domainname,DN=local
This can be accessed by viewing the distinguishedName property of an active directory object. 可以通过查看活动目录对象的distinguishedName属性来访问它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.