Question

我正在尝试使用Spring Security通过Spring LDAP（2.3.1.RELEASE）登录现有的AD。到目前为止，我有以下代码负责配置（几乎取自Spring getting started guide）：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/", "/home").permitAll()
        .anyRequest().fullyAuthenticated()
        .and()
        .formLogin()
        .loginPage("/login")
        .permitAll()
        .and()
        .logout()
        .permitAll();
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    authauth
        .ldapAuthentication()
        .userDnPatterns("uid={0}")
        .contextSource(contextSource())
        .passwordCompare()
        .passwordEncoder(new LdapShaPasswordEncoder())
        .passwordAttribute("userPassword");
}


@Bean
public BaseLdapPathContextSource contextSource() {
    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setAnonymousReadOnly(false);
    contextSource.setBase("dc=foo,dc=bar");
    contextSource.setUserDn("j.doe@company.com");
    contextSource.setPassword("plainTextPassword");
    contextSource.setUrl("ldap://active.directory.address");
    return ldapContextSource;
 }
}

这是我的pom片段：

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.2.RELEASE</version>
</parent>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.ldap</groupId>
        <artifactId>spring-ldap-core</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-ldap</artifactId>
    </dependency>
    <dependency>
        <groupId>com.unboundid</groupId>
        <artifactId>unboundid-ldapsdk</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.apache.directory.server</groupId>
        <artifactId>apacheds-all</artifactId>
        <version>1.5.5</version>
    </dependency>
</dependencies>

<properties>
    <java.version>1.8</java.version>
</properties>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

我故意省略.html文件，因为我认为他们在这个问题上没有任何作用。我得到了

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580 ]

结果是

。在谷歌搜索异常后，我发现数据52e表示AD_INVALID CREDENTIALS。我多次查看我的证书，他们真的很对。我甚至下载了Microsofts AD资源管理器并使用这些凭据成功连接到AD。为什么它不通过代码工作，并通过AD资源管理器工作？

通过Spring LDAP和Spring安全性连接到现有AD

0 个答案: