Spring Security with LDAP - 登录后出错

Question

I've managed to make my Spring project work with Security and LDAP, but only with an LDIF file. Now I'm trying to make it work by configuring it with an LDAP server, but I only get this far - I get no error on my website by logging in with correct credentials, but I cannot get any further than that.

I have been googling these errors, but I could not find anything similar/useful that would help. Perhaps someone who's been working with Spring LDAP knows how to properly configure a project to work with an LDAP server?

Here's what the console is throwing:

2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.LdapAuthenticationProvider     : Processing authentication request for user: MY_USERNAME
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator              : Attempting to bind as cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] s.s.l.DefaultSpringSecurityContextSource : Removing pooling flag for user cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.384 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator              : Retrieving attributes...
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user 'MY_USERNAME', DN = 'cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2', with filter (uniqueMember={0}) in search base ''
2020-10-31 18:32:25.409 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.ldap.SpringSecurityLdapTemplate    : Using filter: (uniqueMember=cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2)
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@18100b72
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-10-31 18:32:25.494 ERROR 21100 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name ''

Here's my application.properties:

spring.ldap.embedded.base-dn=dc=FOO,dc=FOO2
spring.ldap.embedded.port=8389
spring.ldap.urls=ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2
spring.ldap.embedded.validation.enabled=false
spring.ldap.base=ou=MY_GROUP,dc=FOO,dc=FOO2

And the cofig class that extends WebSecurityConfigurerAdapter:

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth
                .ldapAuthentication()
                .userDnPatterns("cn={0},ou=MY_GROUP")
                .contextSource()
                .url("ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin().permitAll()
                .and()
                .logout().permitAll();
    }

Answer 1

Had the same issue - Your LDAP server needs bind authentication. Adding below solved it:

.managerDn("manager").managerPassword("password")

WebSecurityConfigurerAdapter (in bold):

auth .ldapAuthentication() .userDnPatterns("uid={0},ou=users,DC=company,DC=com") .groupSearchBase("ou=groups") .contextSource() .url("ldap://XXXX:389/DC=company,DC=com") .managerDn("manager").managerPassword("password") .and() .passwordCompare() .passwordEncoder(new BCryptPasswordEncoder()) .passwordAttribute("userPassword");