Trying to do simple AD or ldap integration with the below code but it is not working,
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws NamingException {
Hashtable
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://abc.hsys.local:456");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=${0},OU=users,DC=org");
env.put(Context.SECURITY_CREDENTIALS, "password");
ActiveDirectoryLdapAuthenticationProvider adProvider =
new ActiveDirectoryLdapAuthenticationProvider(null, "ldaps://abc.hsys.local:456", "OU=users,DC=org");
adProvider.setSearchFilter("(&(objectClass=user)(cn={0}))");
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
adProvider.setContextEnvironmentProperties(env);
auth.authenticationProvider(adProvider);
}
- I am using spring security 6 with spring boot.
- Here the problem is cn=${0} is even not parsing or leading to correct user id, which is the same userId entered in browser.
- So to make it work after spending multiple days with all possible configurations available online, I had to create a new class which will extend AbstractLdapAuthenticationProvider and need to manually change the bindAsUser method logic to use correct dn with correct userId.
- Or else When I was trying debug it and I saw the bind Principal was going with cn=${0},OU=users,DC=org.
- Please make the class as no final so that we can extend it or add some fixes on spring security 6.2.x
Comment From: jzheaux
Thanks, @akash-saha-jmh, for the report, and I'm sorry you have had so much trouble.
And while I appreciate the detail you provided, it's not yet clear to me what you mean by "not working" and by "not even parsing". Can you please clarify with a minimal sample?
In the meantime, some things seem not quite right:
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldaps://abc.hsys.local:456"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, "cn=${0},OU=users,DC=org"); env.put(Context.SECURITY_CREDENTIALS, "password");
These properties are provided by bindAsUser and are not typically passed by the application; I understand that may be because you were trying everything you could think of. For example, the authentication provider will set SECURITY_PRINCIPAL to be the value that was passed in as the username (e.g. johndoe@domain).
Let's start with a simpler configuration. Can you provide a sample that does something simple like the following:
@Test
public void adShouldAuthenticate() {
var adProvider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldaps://abc.hsys.local:456", "OU=users,DC=org");
adProvider.setSearchFilter("(&(objectClass=user)(cn={0}))");
Authentication result = adProvider.authenticate(new UsernamePasswordAuthenticationToken("user@domain", "password"));
assertThat(result.isAuthenticated()).isTrue();
}
and let me know what you see.
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.