stackoom
  简体   繁体   中英

Spring LDAP authentication NO_OBJECT

 原文  2019-12-16 14:33:57       java/ spring/ active-directory/ ldap

Question

I am trying to connect a Spring application to an AD-LDAP server. If I type the correct user/pass-data I get NO_OBJECT -error in the log:

DEBUG o.s.s.l.s.FilterBasedLdapUserSearch - Searching for user 'THEUSER', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'DC=dev,DC=company,DC=local', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
DEBUG o.s.s.l.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'dc=entwicklung,dc=Lemken,dc=local', filter = '(sAMAccountName={0})'
DEBUG o.s.s.l.SpringSecurityLdapTemplate - Found DN: CN=THEUSER\, FirstName,OU=users,DC=dev,DC=company,DC=local
DEBUG o.s.s.l.a.BindAuthenticator - Attempting to bind as cn=THEUSER\, FirstName,ou=users,dc=dev,dc=company,dc=local
DEBUG o.s.s.l.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=THEUSER\, FirstName,ou=users,dc=dev,dc=company,dc=local
DEBUG o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=THEUSER\, FirstName,ou=users,dc=dev,dc=company,dc=local
DEBUG o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'THEUSER', DN = 'cn=THEUSER\, FirstName,ou=users,dc=dev,dc=company,dc=local', with filter (uniqueMember={0}) in search base ''
DEBUG o.s.s.l.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=THEUSER\5c, FirstName,ou=users,dc=dev,dc=company,dc=local)
ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
    ''

This is my configuration:

ContextSourceBuilder context = auth.ldapAuthentication()
  .userSearchFilter("(sAMAccountName={0})")
  .userSearchBase("dc=dev,dc=company,dc=local")
  .contextSource();

context.port(389);
context
  .root("dc=dev,dc=company,dc=local")
  .url("ldap://example.com")
  .managerDn("cn=manager,ou=users,dc=dev,dc=company,dc=local")
  .managerPassword("thepassword");

If i type a wrong password I get "Bad password", so this part works.

What am I doing wrong?

1 answers

solution1
 0  2019-12-16 17:55:59

The key parts are:

Searching for roles
...
Using filter: (uniqueMember=

It is trying to find the user's roles - in AD those are the groups that the user is a member of. But it's doing that by searching groups that have the uniqueMember attribute set to the user. That attribute doesn't exist in AD. That is the default attribute name it uses since that's what's used in OpenLDAP.

You will need to use groupSearchFilter() to change the attribute it looks at to find groups. AD uses the member attribute. 

ContextSourceBuilder context = auth.ldapAuthentication()
  .userSearchFilter("(sAMAccountName={0})")
  .userSearchBase("dc=dev,dc=company,dc=local")
  .groupSearchFilter("(member={0})")
  .contextSource();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JAVA ldap error NO_OBJECT spring ldap template authentication Spring Security and LDAP authentication Spring LDAP Authentication Spring - ldap authentication Spring LDAP Authentication (Automatic or not?) LDAP authentication with Spring Security [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of: Authentication in Java using Spring LDAP LDAP authentication in spring boot app
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM