stackoom
  简体   繁体   中英

Spring Security with LDAP - error after login

 原文  2020-10-31 16:52:46       java/ spring-boot/ spring-security/ ldap/ spring-security-ldap

Question

I've managed to make my Spring project work with Security and LDAP, but only with an LDIF file. Now I'm trying to make it work by configuring it with an LDAP server, but I only get this far - I get no error on my website by logging in with correct credentials, but I cannot get any further than that.

I have been googling these errors, but I could not find anything similar/useful that would help. Perhaps someone who's been working with Spring LDAP knows how to properly configure a project to work with an LDAP server?

Here's what the console is throwing:

2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.LdapAuthenticationProvider     : Processing authentication request for user: MY_USERNAME
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator              : Attempting to bind as cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] s.s.l.DefaultSpringSecurityContextSource : Removing pooling flag for user cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.384 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator              : Retrieving attributes...
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user 'MY_USERNAME', DN = 'cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2', with filter (uniqueMember={0}) in search base ''
2020-10-31 18:32:25.409 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.ldap.SpringSecurityLdapTemplate    : Using filter: (uniqueMember=cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2)
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@18100b72
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-10-31 18:32:25.494 ERROR 21100 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name ''

Here's my application.properties:

spring.ldap.embedded.base-dn=dc=FOO,dc=FOO2
spring.ldap.embedded.port=8389
spring.ldap.urls=ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2
spring.ldap.embedded.validation.enabled=false
spring.ldap.base=ou=MY_GROUP,dc=FOO,dc=FOO2

And the cofig class that extends WebSecurityConfigurerAdapter:

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth
                .ldapAuthentication()
                .userDnPatterns("cn={0},ou=MY_GROUP")
                .contextSource()
                .url("ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin().permitAll()
                .and()
                .logout().permitAll();
    }

1 answers

solution1
 1  2021-06-30 10:20:34

Had the same issue - Your LDAP server needs bind authentication. Adding below solved it:

.managerDn("manager").managerPassword("password")

WebSecurityConfigurerAdapter (in bold):

auth .ldapAuthentication() .userDnPatterns("uid={0},ou=users,DC=company,DC=com") .groupSearchBase("ou=groups") .contextSource() .url("ldap://XXXX:389/DC=company,DC=com") .managerDn("manager").managerPassword("password") .and() .passwordCompare() .passwordEncoder(new BCryptPasswordEncoder()) .passwordAttribute("userPassword");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Custom login with LDAP and Spring Security unable to login into by LDAP authentication by Spring Security Spring Security LDAP Authentication with custom login Custom login form with Vaadin + Spring Security + Ldap CSRF/Spring Security - 403 Error After Login via AJAX Spring Security Authentication with ldap fail when I use a custom login How to Login with Angular by ldap with using Rest and Spring security Spring Security Ldap authentication userDn and password from login form Spring Security. Login error Spring Security Custom Login Error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM