Spring ActiveDirectoryLdapAuthenticationProvider问题-获取密码无效

时间:2018-08-21 05:38:44

标签: spring-boot spring-security active-directory spring-ldap

请查看如下所示的配置:

 ldap.urls=ldap://***.***.local:8389
    ldap.base.dn=dc=test,dc=com
    ldap.user.dn.pattern=(&(objectClass=user)(userPrincipalName={0})(memberof=CN=Group Name,OU=***,OU=****,DC=test,DC=com))

WebSecurityConfig.java

 @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.url}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;

        @Override
        protected void configure(HttpSecurity http) throws Exception {


            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);

            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
                adProvider.setSearchFilter(this.ldapUserDnPattern);
            }

            auth.authenticationProvider(adProvider);

        }

    }

有人可以告诉我在使用ActiveDirectoryLdapAuthenticationProvider进行配置时如何指定userDn和密码吗?

1 个答案:

答案 0 :(得分:0)

在属性中定义ldap.domain = test.com。

 @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.url}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapBaseDN;

        @Value("${ldap.domain}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;

        @Override
        protected void configure(HttpSecurity http) throws Exception {


            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl, this.ldapBaseDN);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);

            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
                adProvider.setSearchFilter(this.ldapUserDnPattern);
            }

            auth.authenticationProvider(adProvider);

        }

    }