java - Configuring Spring Security to Authenticate against LDAP without anonymous and without bind DN -

-

using jndi can authenticate against our ldap server, has anonymous binds disabled, using user's username , password, this:

    hashtable<string, object> env = new hashtable<string, object>();     env.put(context.initial_context_factory, "com.sun.jndi.ldap.ldapctxfactory");     env.put(context.provider_url, url);      env.put(context.security_authentication, "simple");     env.put(context.security_principal, username);     env.put(context.security_credentials, password);     dircontext ctx = new initialdircontext(env);     attribute groups = ctx.getattributes(username).get("groupmembership");

now same thing using spring boot, spring security, , spring ldap.

i can configure authentication using bind dn , password, this:

    defaultspringsecuritycontextsource context = new defaultspringsecuritycontextsource(ldapconfig.url);     context.setuserdn(ldapconfig.binddn);     string bindpassword = passwordresolver.getpassword(ldapconfig.password);     context.setpassword(bindpassword);     context.afterpropertiesset();      customauthoritiespopulator customauthoritiespopulator = new customauthoritiespopulator(context, ldapconfig.groupsearchbase);      string[] dnpatarr = new string[ldapconfig.userdnpatterns.size()];     ldapconfig.userdnpatterns.toarray(dnpatarr);      auth.ldapauthentication()         .ldapauthoritiespopulator(customauthoritiespopulator)         .contextsource(context)         .userdnpatterns(dnpatarr)         .groupsearchbase(ldapconfig.groupsearchbase);

this works--the spring boot webapp authenticate users successfully.

but without passing in bind dn , bind password, did jndi example.

if omit setting bind dn , password, "ldap: error code 48 - anonymous simple bind disabled.".

i don't want anonymous bind--i want spring use username , password user provides simple bind against each of bind dn patterns until 1 works.

i've read docs i'm having hard time determining whether or not possible. jndi can figure should able spring it. i've thought writing own custom spring security authentication provider surely that's not necessary.

in jndi, authentication information specified in environment properties. please make sure property names spelled correctly.

for example environment property credentials java.naming.security.credentials not java.naming.security.credential. notice missing letter 's' @ end give

"ldap: error code 48 - anonymous simple bind disabled."

<bean id="jnditemplate" class="org.springframework.jndi.jnditemplate">           <property name="environment">         <props>             <prop key="java.naming.factory.initial">com.sun.jndi.ldap.ldapctxfactory</prop>             <prop key="java.naming.provider.url">ldap://serverurl/jndi_ctx             </prop>             <prop key="java.naming.security.authentication">simple</prop>             <prop key="java.naming.security.principal">user_id</prop>             <prop key="java.naming.security.credentials">password</prop>                     </props>     </property> </bean>

Comments

Post a Comment

Popular posts from this blog

ruby - Trying to change last to "x"s to 23 -

-
i have been playing around irb , have string looks this: irb(main):072:0> puts ["[\"4354 5432 5432 xxxxx\", \"6547 6547 8543 xxxxx\", \"2344 6543 6674 xxxxx\", \"2346 6236 7543 xxxxx\", \"1273 5585 5587 xxxxx\"]"] => nil irb(main):073:0> what want gsub last 2 "x" s of each 17 digit combination, 23 . what i've tried far (i've been using rubular): a.gsub(/\d[x]/,"23") <= grabs "x" s i'm close a.gsub(/\w[x{2}]/,"23") <= grabs "x" s grabs two digits each combination. is there easier way i'm not understanding? a.gsub(/\d{4} \d{4} \d{4} xxx\kxx/, '23') \d{4} = 4 digits what \k drop matched far. can use don't replace entire number, still able validate have in desired format.
Read more

jquery - Clone last and append item to closest class -

-
this bare-bones code on page: <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <di
Read more

c - Unrecognised emulation mode: elf_i386 on MinGW32 -

-
i'm trying make kernel, , cannot link c output assembly. ld . i'm getting error: unrecognized emulation mode: elf_i386 i'm using windows 10 professional mingw32 , msys. code using: link.ld /* * link.ld */ output_format(elf32-i386) entry(start) sections { . = 0x100000; .text : { *(.text) } .data : { *(.data) } .bss : { *(.bss) } } kernel.c /* * kernel.c */ void kmain(void) { const char *str = "my first kernel"; char *vidptr = (char*)0xb8000; //video mem begins here. unsigned int = 0; unsigned int j = 0; /* loops clears screen * there 25 lines each of 80 columns; each element takes 2 bytes */ while(j < 80 * 25 * 2) { /* blank character */ vidptr[j] = ' '; /* attribute-byte - light grey on black screen */ vidptr[j+1] = 0x07; j = j + 2; } j = 0; /* loop writes string video memory */ while(str[j] != '\0') { /
Read more