Question

我想在我的应用程序中使用LDAP身份验证。我遇到的例子使用了一个简单的AD结构。我想要认证的AD公司使用以下结构：

“OU = Users”是用户所在的位置，我想搜索。这看起来存在于嵌套OU的多个位置。我确实尝试过设置身份验证，但即使它们是正确的，它也会一直说失败。这是由于我们的结构吗？

配置如下所示：

    @Configuration
    protected static class AuthenticationConfiguration extends
        GlobalAuthenticationConfigurerAdapter {

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication()
                .contextSource().url("ldap://url/DC=example,DC=com")
                .managerDn("sampleaccount,OU=ServiceAccounts,DC=example,DC=com").managerPassword("password")
                .and().userSearchBase("DC=example,DC=com").userSearchFilter("(sAMAccountName={0})");
    }
}

有关如何解决这个问题的任何建议吗？

编辑：日志显示：

2016-06-14 15:00:26.948 DEBUG 13792 --- [nio-8080-exec-7] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2016-06-14 15:00:26.948 DEBUG 13792 --- [nio-8080-exec-7] o.s.s.l.a.LdapAuthenticationProvider     : Processing authentication request for user: testUser
2016-06-14 15:00:26.948 DEBUG 13792 --- [nio-8080-exec-7] o.s.s.l.s.FilterBasedLdapUserSearch      : Searching for user 'testUser', with user search [ searchFilter: '(sAMAccountName={0})', searchBase: 'OU=OU1,OU=OU2,OU=OU3,OU=OU4,DC=example,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.authentication.InternalAuthenticationServiceException
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] o.s.s.w.a.www.BasicAuthenticationFilter  : Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=example,DC=com'
 ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=example,DC=com'
 ]; remaining name 'ou=Users,ou=OU2,ou=OU3,ou=OU4,dc=example,dc=com'
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.HttpStatusEntryPoint@2bb83072
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7a9711fa
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-06-14 15:00:27.742 DEBUG 13792 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

在Spring Security中设置LDAP身份验证

0 个答案: