我正在尝试通过Spring Security进行LDAP身份验证。 但它返回一个错误:
错误代码49 - 80090308:LdapErr:DSID-0C0903D9,评论:AcceptSecurityContext错误,数据52e,v2580]
我的代码:
auth.ldapAuthentication()
.contextSource().url("ldap://server:389/dc=main,dc=domain,dc=ru")
.managerDn("uid=user,ou=Domain Users,dc=mydomain,dc=ru").managerPassword("password")
.and()
.userSearchBase("ou=student")
.userSearchFilter("(cn={0})");
}
可能出现什么样的错误(不包括错误的凭证)?
答案 0 :(得分:0)
它的工作......也许任何人都会有所帮助 auth.authenticationProvider(LdapAuthenticationProvider可疑()); auth.eraseCredentials(真);
@Bean
public DefaultSpringSecurityContextSource contextSource(){
DefaultSpringSecurityContextSource contextSource =
new DefaultSpringSecurityContextSource(Arrays.asList("ldap://url:389/"),"dc=ttu,dc=ru");
contextSource.setUserDn(userDn);
contextSource.setPassword(passwordForLDAP);
contextSource.setReferral("follow");
return contextSource;
}
@Bean
public LdapAuthenticationProvider ldapAuthenticationProvider(){
return new
LdapAuthenticationProvider(ldapAuthenticator(),ldapAuthoritiesPopulator());
}
@Bean
public LdapAuthenticator ldapAuthenticator(){
BindAuthenticator authenticator = new BindAuthenticator(contextSource());
authenticator.setUserSearch(userSearch());
return authenticator;
}
@Bean
public DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(){
DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator =
new DefaultLdapAuthoritiesPopulator(contextSource(),"ou=TTU");
ldapAuthoritiesPopulator.setSearchSubtree(true);
ldapAuthoritiesPopulator.setIgnorePartialResultException(true);
//ldapAuthoritiesPopulator.setGroupSearchFilter("member={0}");
ldapAuthoritiesPopulator.setRolePrefix("ROLE_");
ldapAuthoritiesPopulator.setConvertToUpperCase(true);
return ldapAuthoritiesPopulator;
}
@Bean
public FilterBasedLdapUserSearch userSearch(){
FilterBasedLdapUserSearch filterBasedLdapUserSearch =
new FilterBasedLdapUserSearch("","(sAMAccountName={0})",contextSource());
filterBasedLdapUserSearch.setSearchSubtree(true);
return filterBasedLdapUserSearch;
}