Spring LDAP和Spring Boot配置

时间:2017-05-20 09:44:44

标签: java spring spring-boot spring-security spring-ldap

我有教育问题:

有一个带有用户及其密码的Windows Server 2003(AD)虚拟机。建立与机器的连接(IP:192.168.56.101:389)。

Web应用程序的目的是使用户能够在AD中更改其密码。

问题:无法配置与windws server 2003的连接。

我从本教程开始https://spring.io/guides/gs/authenticating-ldap/

当我尝试以“Jack Wood”身份登录并通过“1234”时,我收到了错误消息。 

org.springframework.security.authentication.InternalAuthenticationServiceException: 
Uncategorized exception occured during LDAP processing; 
nested exception is javax.naming.NamingException: 
[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'cn=Jack Wood,cn=Users'

Error

请检查application.properties 

#spring.ldap.embedded.ldif=classpath:test-server.ldif
#spring.ldap.embedded.base-dn=dc=springframework,dc=org
#spring.ldap.embedded.port=8389
spring.ldap.base=dc=GRSU,dc=local
spring.ldap.urls=192.168.56.101:389
spring.ldap.username=cn=Jack Wood,cn=Users,dc=GRSU,dc=local
spring.ldap.password=1234

WebSecurityConfig 

package hello;

import java.util.Arrays;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .ldapAuthentication()
                .userDnPatterns("cn={0},cn=Users")
                .groupSearchBase("ou=groups")
                .contextSource(contextSource())
                .passwordCompare()
                    .passwordEncoder(new LdapShaPasswordEncoder())
                    .passwordAttribute("userPassword");
    }

    @Bean
    public DefaultSpringSecurityContextSource contextSource() {
        return new DefaultSpringSecurityContextSource("ldap://192.168.56.101:389/");
    }

}

的HomeController 

package hello;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HomeController {

    @GetMapping("/")
    public String index() {
        return "Welcome to the home page!";
    }
}

应用 

package hello;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

}

AD structure

1 个答案:

答案 0 :(得分:0)

尝试更改

spring.ldap.username=cn=Jack Wood,cn=Users,dc=GRSU,dc=local


spring.ldap.username=cn=Jack Wood,cn=Users

有帮助吗?

我的理解是用户名使用相对域名(rdn)而不是绝对域名(dn)。

相关问题
最新问题