Spring安全ldap首先进行身份验证

时间:2010-03-26 22:08:26

标签: ldap spring-security

我已使用以下配置设置了ldap身份验证。我只需要用户对LDAP数据存储进行身份验证,然后让他们的会话获得身份验证令牌。从阅读文档来看,这就是我认为应该发生的事情:

  1. 作为管理员进行身份验证,根据搜索条件查找用户完整的数据
  2. 尝试以用户身份绑定(使用完整的dn)和提供的密码

    3. 日志似乎没有提供足够的信息来说明为什么会失败。它只是说无效凭证 - 当我知道它们有效时。我的想法是发生以下情况之一:

    1. 找不到用户的完整DN,他们只是使用用户名
      2. 进行身份验证
    2. 它正在尝试进行密码比较,而不是实际尝试绑定到目录

      3. 配置:

      <ldap-server 
    url="ldap://adapps.company.com:389/dc=company,dc=com" 
    manager-dn="cn=fulluserdn,dc=company,dc=com" 
    manager-password="password"/>
<ldap-user-service user-search-base="" user-search-filter="(samaccountname={0})"/>  
<authentication-manager>
<ldap-authentication-provider user-search-filter="(samaccountname={0})" user-search-base="dc=company,dc=com"/>
</authentication-manager>

      错误日志:

      [DEBUG,FilterBasedLdapUserSearch] Searching for user 'test', with user search [ searchFilter: '(samaccountname={0})', searchBase: 'dc=company,dc=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
[DEBUG,AbstractContextSource] Got Ldap context on server 'ldap://adapps.company.com:389/dc=company,dc=com'
[INFO,SpringSecurityLdapTemplate] Ignoring PartialResultException
[DEBUG,XmlWebApplicationContext] Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@488b5f0b: Principal: test; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 0718B7EED3F930C63C03DA97C4344CBD; Not granted any authorities]
[DEBUG,UsernamePasswordAuthenticationFilter] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
[DEBUG,UsernamePasswordAuthenticationFilter] Updated SecurityContextHolder to contain null Authentication
[DEBUG,UsernamePasswordAuthenticationFilter] Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@395158
[DEBUG,TokenBasedRememberMeServices] Interactive login attempt was unsuccessful.
[DEBUG,TokenBasedRememberMeServices] Cancelling cookie

1 个答案:

答案 0 :(得分:1)

问题是LDAP服务器在不同的端口上运行,但正常的端口仍处于打开状态。

相关问题
最新问题