Spring Security ActiveDirectoryLdapAuthenticationProvider does not support different AuthoritiesPopulator

Summary

The ActiveDirectoryLdapAuthenticationProvider is final and does not use an AuthoritiesPopulator and LdapAuthenticator.

I found on stackoverflow that other people also struggled with this: https://stackoverflow.com/questions/16113115/how-do-i-use-a-custom-authorities-populator-with-spring-security-and-the-actived

Actual Behavior

I cannot override the loadUserAuthorities method in the ActiveDirectoryLdapAuthenticationProvider.

Expected Behavior

I expected the ActiveDirectoryAuthenticationProvider to work in the same way as the LdapAuthenticationProvider, with a separate LdapAuthenticator and AuthoritiesPopulator that I can override if needed.

Version

The latest version on master still has a seperate loadUserAuthorities method instead of using an AuthoritiesPopulator: https://github.com/spring-projects/spring-security/blob/01579be7d42a0f7c0e75b35a50e46165c14f9c7f/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java

Comment From: Haarolean

Six years later this is still an issue. Can we get some triaging as a start?

Comment From: jzheaux

@Haarolean, I think this would be a nice feature to add. Would you like to contribute a PR?

Comment From: Haarolean

@jzheaux thanks for triaging the issue. Sure, please assign :)

Comment From: alecdesjardins

What is the status on this? This would be extremely useful.

Comment From: Haarolean

Raised a PR #14539

Comment From: jzheaux

Thanks, @Haarolean! Closing in favor of https://github.com/spring-projects/spring-security/pull/14539

Comment From: Haarolean

@jzheaux just noticed I've made DefaultActiveDirectoryAuthoritiesPopulator final, shouldn't we make it extendable on par with DefaultLdapAuthoritiesPopulator?