What login name to use for Spring LDAP authentication -


i created local ldap server , added user "djiao" password "123456 enter image description here

trying implement authentication spring security spring boot. webconfig class follows:

@configuration @enablewebsecurity public class websecurityconfig extends websecurityconfigureradapter {      @override     protected void configure(httpsecurity http) throws exception {         http             .authorizerequests()                 .anyrequest()                 .authenticated()                 .and()             .formlogin();     }      @bean     public activedirectoryldapauthenticationprovider activedirectoryldapauthenticationprovider() {         activedirectoryldapauthenticationprovider provider = new activedirectoryldapauthenticationprovider("", "ldap://localhost:10389");         provider.setconvertsuberrorcodestoexceptions(true);         provider.setconvertsuberrorcodestoexceptions(true);         provider.setuseauthenticationrequestcredentials(true);         return provider;     }      @bean     public loggerlistener loggerlistener() {         return new loggerlistener();     }      @override     protected void configure(authenticationmanagerbuilder auth) throws exception {         auth.authenticationprovider(activedirectoryldapauthenticationprovider());     } 

however can't seem login login page.

  1. if use djiao (cn) or djiao1 (uid), 500.

    [ldap: error code 34 - incorrect dn given : djiao1 (0x64 0x6a 0x69 0x61 0x6f 0x31 ) invalid]; nested exception javax.naming.invalidnameexception: [ldap: error code 34 - incorrect dn given : djiao1 (0x64 0x6a 0x69 0x61 0x6f 0x31 ) invalid]

  2. if use dn "cn=djiao,ou=users,dc=example,dc=com" username "bad credentials" error. , password 123456.

what should username login? or missing in websecurityconfig class?

since code identify you're using spring-boot.

this working connecting ldap

@configuration 

public class securityconfig extends websecurityconfigureradapter {

@autowired public void configureglobal(authenticationmanagerbuilder authbuilder) throws exception {     authbuilder         .ldapauthentication()         .usersearchfilter("(samaccountname={0})")         .usersearchbase("dc=some,dc=domain,dc=com")         .groupsearchbase("ou=groups,dc=some,dc=domain,dc=com")         .groupsearchfilter("member={0}")         .contextsource()             .url("ldaps://<ldap-server>")             .port(639)             .managerdn("cn=binduser,ou=users,dc=some,dc=domain,dc=com")             .managerpassword("some pass")     ; } 

so in essence going usersearchfilter you'd have define different values. if use ldap besides ad filter should "(uid={0})" or if wan't people able use email go "(mail={0})" or combination "(|(uid={0})(mail={0}))" woul allow use both.

if go activedirectory – assume not based on have written above – should samaccountname stated above allow people enter id in domain mydomain\myusername login myusername.

if need connect multiple ldap-server share same information ha purposes can through .contextsource().url() call. if carry different ones, e.g. 'emea', 'us', 'ap' can combine these calls using:

@autowired public void configureglobal(authenticationmanagerbuilder authbuilder) throws exception {     authbuilder         .ldapauthentication()         .usersearchfilter("(samaccountname={0})")         .usersearchbase("dc=emea,dc=domain,dc=com")         .groupsearchbase("ou=groups,dc=emea,dc=domain,dc=com")         .groupsearchfilter("member={0}")         .contextsource()             .url("ldaps://<emea-ldap-server>")             .port(639)             .managerdn("cn=binduser,ou=users,dc=emea,dc=domain,dc=com")             .managerpassword("some pass")         .and()         .and()         .ldapauthentication()         .usersearchfilter("(samaccountname={0})")         .usersearchbase("dc=ap,dc=domain,dc=com")         .groupsearchbase("ou=groups,dc=ap,dc=domain,dc=com")         .groupsearchfilter("member={0}")         .contextsource()             .url("ldaps://<ap-ldap-server>")             .port(639)             .managerdn("cn=binduser,ou=users,dc=ap,dc=domain,dc=com")             .managerpassword("some pass")      ; } 

btw: allows combine different authentication mechanisms inmemory (default-admin-backdoor) ldap and/or jdbc.


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -