stackoom
  简体   繁体   中英

Authentication with Spring-Security via Active Directory LDAP

 原文  2019-10-19 13:56:23       spring/ spring-security/ active-directory/ ldap/ spring-ldap

Question

I can't authenticate using a real active directory, let me explain better I tried to authenticate using the example proposed by spring.io without problem where a internal service is started without any problem. reference https://spring.io/guides/gs/authenticating-ldap/

I tried to modify the code below by inserting the configuration of my active directory without success. Can you kindly guide me or show me a real case where a true connection is made without using internal services like those in the examples? I looked on the net but found everything similar to the official example without any real case

@Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource()
                    .url("ldap://localhost:8389/dc=springframework,dc=org")
                    .and()
                .passwordCompare()
                    .passwordEncoder(new LdapShaPasswordEncoder())
                    .passwordAttribute("userPassword");
    }

Error show: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580

2 answers

solution1
 9  2019-10-25 20:46:20

Yeah, authentication via LDAP that's too painful. In order to be able to perform authentication to AD you need to use the ActiveDirectoryLdapAuthenticationProvider . Here is the working sample:

@Override
protected void configure(AuthenticationManagerBuilder auth) {
    ActiveDirectoryLdapAuthenticationProvider adProvider =
            new ActiveDirectoryLdapAuthenticationProvider("domain.com", "ldap://localhost:8389");
    adProvider.setConvertSubErrorCodesToExceptions(true);
    adProvider.setUseAuthenticationRequestCredentials(true);
    auth.authenticationProvider(adProvider);
}

And to save your time just read the following, that's really important: AD authentication doc

solution2
 1  2020-10-27 22:23:19

I found a sample over here, which was useful:

https://github.com/sachin-awati/Mojito/tree/master/webapp/src/main/java/com/box/l10n/mojito/security

You can optionally implement UserDetailsContextMapperImpl which overrides mapUserFromContext to create the UserDetails object if the user is not found during the Active Directory lookup - loadUserByUsername .

@Component
public class UserDetailsContextMapperImpl implements UserDetailsContextMapper {

    @Override
    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String username, Collection<? extends GrantedAuthority> authorities) {

        UserDetails userDetails = null;

        try {
            userDetails = userDetailsServiceImpl.loadUserByUsername(username);

        } catch (UsernameNotFoundException e) {
            String givenName = dirContextOperations.getStringAttribute("givenname");
            String surname = dirContextOperations.getStringAttribute("sn");
            String commonName = dirContextOperations.getStringAttribute("cn");

            userDetails = userDetailsServiceImpl.createBasicUser(username, givenName, surname, commonName);
        }

        return userDetails;
    }

Ensure you are using the ActiveDirectoryLdapAuthenticationProvider spring security class as Active Directory has its own nuances compared to other LDAP servers. You'll probably need to be using the @EnableGlobalAuthentication annotation in your security configuration class as you can have multiple AuthenticationManagerBuilder s which confuses things a lot.

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        ActiveDirectoryLdapAuthenticationProvider adProvider =
                new ActiveDirectoryLdapAuthenticationProvider("domain.com", "ldap://primarydc.domain.com:389");
        adProvider.setConvertSubErrorCodesToExceptions(true);
        adProvider.setUseAuthenticationRequestCredentials(true);
        auth.authenticationProvider(adProvider);
}

More details here: https://github.com/spring-projects/spring-security/issues/4324 https://github.com/spring-projects/spring-security/issues/4571

solution3
 0  2019-10-26 16:10:24

The solution is the post of Yaroslav Kiryak

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Active directory authentication with spring-security Spring Security Active directory LDAP Authentication error Spring-Security Spring-LDAP bind with Active Directory using sAMAccountName attribute Unable to authenticate via LDAP to directory (Active Directory) with Spring Security Spring security 2.0.5 LDAP authentication setup w/Active Directory Vaadin and Spring, authentication against Active Directory via LDAP Spring Security 3.1 LDAP Active Directory Issue Spring boot mvc ldap authentication with Active Directory Spring-security with Oauth2 and LDAP How to use ActiveDirectory with Spring-Security LDAP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM