在关注spring.io指南时,我无法对真实的LDAP / AD进行身份验证:https://spring.io/guides/gs/authenticating-ldap/
当autentication再次出现真实的 AD / LADP时,我遇到的问题是:
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; nested exception is javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; remaining name 'CN=olahell,OU=Consultants,OU=Production,OU=Company'
以下是我的java auth config:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.contextSource()
.url("ldap://company-dc02.company.local:389/dc=company,dc=local")
.managerDn("CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local")
.managerPassword("myPassword")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
答案 0 :(得分:1)
我需要做的是使用BindAuthenticator
,LDAP应配置如下:
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
String ldapServerUrl = "ldap://company-dc02.bergsala.local:389/dc=company,dc=local";
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapServerUrl);
String ldapManagerDn = "CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local";
contextSource.setUserDn(ldapManagerDn);
String ldapManagerPassword = "myPassword";
contextSource.setPassword(ldapManagerPassword);
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch("", "(&(objectClass=user)(sAMAccountName={0}))", contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new EmsLdapAuthoritiesPopulator(contextSource, ""));
return ldapAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
注意:EmsLdapAuthoritiesPopulator
扩展DefaultLdapAuthoritiesPopulator
并覆盖#getAdditionalRoles
,以便我可以为用户设置额外的角色。