Spring Boot LDAP Authentication

Question

I am trying to test Active Directory authentication with Spring Boot. I have an Active Directory working and I can access to it via LDAP browsers for my admin user with that user dn:

CN=Administrator,CN=Users,DC=contoso,DC=com 

I want to use LDAP as authentication manager at my application. Simple example from docs is as follows:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .ldapAuthentication()
            .userDnPatterns("CN={0},CN=Users,DC=contoso,DC=com")
            .groupSearchBase("ou=groups")
            .contextSource()
            .managerDn("CN=Administrator,CN=Users,DC=contoso,DC=com")
            .managerPassword("myadminpassword")
            .url("ldap://192.168.1.1:389");
}

First of all, should I provide admin password to connect Active Directory such a login?

Secondly, should I provide groupSearchBase and userDnPatterns and how?

Answer 1

1. No. For accessing LDAP / Active Directory from your application, you should create a "browse user" in your user directory. The DN and password of the browse user should not be hardcoded, but eg in a configuration file of your application.

2. This mainly depends on your LDAP / AD setup. In an Active Directory, the user names are usually stored in the attribute "sAMAccountName", which is not part of the user's DN, so userDnPatterns will not work. Instead, provide a user search filter, eg .userSearchFilter("(sAMAccountName={0})") (most probably you will need more, but the administrator of the directory should be able to tell you that). An additional userSearchBase may be helpful as well. But this is all not Spring-, but LDAP specific. Again, refer to your LDAP administrator for recommended values for the possible configuration items.