my default ldap configuration in application-security.xml is
<ldap-authentication-provider
server-ref="ldap_server" group-search-filter="member={0}"
group-search-base="ou=groups" user-search-base="ou=users"
user-search-filter="uid={0}" group-role-attribute="cn"
user-dn-pattern="uid={0},ou=users" />
Now i have to integrate it with customer ldap server, so i asked for values of following attributes:
group-search-filter
group-search-base
user-search-base
user-search-filter
group-role-attribute
Now customer come back with following details and saying it works for some other third party software:
The current 3rd party setup:
LDAP Hostname - 10.0.1.213
Port - 636
Secure - Yes
Assume this means SSL
RDN (Bind DN / bind user) - %u@%d
LDAP Domain - ORGANIZATION.local
Bind Password - N/A
User Search Base - ou=users,ou=us,dc=ORGANIZATION,dc=local
User Search Scope - subtree
Now i should ask him that we do need group
attributes as well ?
As per my understanding these attributes are required to extract group name, group member and username from ldap and customer has just provided with the user
related attributes
We use spring ldap and this is my first time with ldap
If the customer's ldap configuration is a single node without groups, the group attributes can be skipped.
Reference - 19.3.2 : http://docs.spring.io/spring-security/site/docs/3.1.x/reference/ldap.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.