Spring Security with LDAP - 登錄后出錯

Question

我已經設法使我的 Spring 項目與安全性和 LDAP 一起工作，但只能使用 LDIF 文件。 現在我正在嘗試通過使用 LDAP 服務器配置它來使其工作，但我只能做到這一點 - 通過使用正確的憑據登錄我的網站上沒有錯誤，但我無法獲得更多信息。

我一直在谷歌搜索這些錯誤，但我找不到任何類似/有用的東西。 也許使用 Spring LDAP 的人知道如何正確配置項目以使用 LDAP 服務器？

這是控制台拋出的內容：

2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.LdapAuthenticationProvider     : Processing authentication request for user: MY_USERNAME
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator              : Attempting to bind as cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] s.s.l.DefaultSpringSecurityContextSource : Removing pooling flag for user cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.384 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator              : Retrieving attributes...
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user 'MY_USERNAME', DN = 'cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2', with filter (uniqueMember={0}) in search base ''
2020-10-31 18:32:25.409 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.ldap.SpringSecurityLdapTemplate    : Using filter: (uniqueMember=cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2)
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@18100b72
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-10-31 18:32:25.494 ERROR 21100 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name ''

這是我的 application.properties：

spring.ldap.embedded.base-dn=dc=FOO,dc=FOO2
spring.ldap.embedded.port=8389
spring.ldap.urls=ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2
spring.ldap.embedded.validation.enabled=false
spring.ldap.base=ou=MY_GROUP,dc=FOO,dc=FOO2

以及擴展 WebSecurityConfigurerAdapter 的 cofig 類：

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth
                .ldapAuthentication()
                .userDnPatterns("cn={0},ou=MY_GROUP")
                .contextSource()
                .url("ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin().permitAll()
                .and()
                .logout().permitAll();
    }

Answer 1

有同樣的問題 - 您的 LDAP 服務器需要綁定身份驗證。 添加以下解決了它：

.managerDn("manager").managerPassword("密碼")

WebSecurityConfigurerAdapter （粗體）：

auth .ldapAuthentication() .userDnPatterns("uid={0},ou=users,DC=company,DC=com") .groupSearchBase("ou=groups") .contextSource() .url("ldap://XXXX :389/DC=company,DC=com") .managerDn("manager").managerPassword("password") .and() .passwordCompare() .passwordEncoder(new BCryptPasswordEncoder()) .passwordAttribute("userPassword");