java - Configuring Spring Security to Authenticate against LDAP without anonymous and without bind DN -
using jndi can authenticate against our ldap server, has anonymous binds disabled, using user's username , password, this:
hashtable<string, object> env = new hashtable<string, object>(); env.put(context.initial_context_factory, "com.sun.jndi.ldap.ldapctxfactory"); env.put(context.provider_url, url); env.put(context.security_authentication, "simple"); env.put(context.security_principal, username); env.put(context.security_credentials, password); dircontext ctx = new initialdircontext(env); attribute groups = ctx.getattributes(username).get("groupmembership");
now same thing using spring boot, spring security, , spring ldap.
i can configure authentication using bind dn , password, this:
defaultspringsecuritycontextsource context = new defaultspringsecuritycontextsource(ldapconfig.url); context.setuserdn(ldapconfig.binddn); string bindpassword = passwordresolver.getpassword(ldapconfig.password); context.setpassword(bindpassword); context.afterpropertiesset(); customauthoritiespopulator customauthoritiespopulator = new customauthoritiespopulator(context, ldapconfig.groupsearchbase); string[] dnpatarr = new string[ldapconfig.userdnpatterns.size()]; ldapconfig.userdnpatterns.toarray(dnpatarr); auth.ldapauthentication() .ldapauthoritiespopulator(customauthoritiespopulator) .contextsource(context) .userdnpatterns(dnpatarr) .groupsearchbase(ldapconfig.groupsearchbase);
this works--the spring boot webapp authenticate users successfully.
but without passing in bind dn , bind password, did jndi example.
if omit setting bind dn , password, "ldap: error code 48 - anonymous simple bind disabled.".
i don't want anonymous bind--i want spring use username , password user provides simple bind against each of bind dn patterns until 1 works.
i've read docs i'm having hard time determining whether or not possible. jndi can figure should able spring it. i've thought writing own custom spring security authentication provider surely that's not necessary.
in jndi, authentication information specified in environment properties. please make sure property names spelled correctly.
for example environment property credentials java.naming.security.credentials
not java.naming.security.credential
. notice missing letter 's'
@ end give
"ldap: error code 48 - anonymous simple bind disabled."
<bean id="jnditemplate" class="org.springframework.jndi.jnditemplate"> <property name="environment"> <props> <prop key="java.naming.factory.initial">com.sun.jndi.ldap.ldapctxfactory</prop> <prop key="java.naming.provider.url">ldap://serverurl/jndi_ctx </prop> <prop key="java.naming.security.authentication">simple</prop> <prop key="java.naming.security.principal">user_id</prop> <prop key="java.naming.security.credentials">password</prop> </props> </property> </bean>
Comments
Post a Comment