Question

我尝试在Spring Boot Rest API中获得LDAP角色。但是我得到org.springframework.ldap.NameNotFoundException

我对LDAP不熟悉，但尝试了以下指南：

如果我在以下代码段中删除了groupSearchBase，则代码会运行，但是我需要获得角色...

@Configuration
@EnableWebSecurity
public class SecurityConfig  extends WebSecurityConfigurerAdapter   {

    protected void configure(HttpSecurity http) throws Exception {

        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/page1").hasRole("Role1")
                .antMatchers("/page2").hasRole("Role2")
                .and()
                .formLogin();
    }

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            auth
                    .ldapAuthentication()
                    .userSearchFilter("(&(sAMAccountName={0})(memberOf=cn=Users,OU=Group2,OU=Group1,dc=dc3,dc=dc2,dc=dc1))")
                    .groupSearchBase("OU=Group2,OU=Group1,dc=dc3,dc=dc2,dc=dc1")
                    .contextSource()
                        .url(ldapUrls + ldapBaseDn)
                    .managerDn(ldapSecurityPrincipal)
                    .managerPassword(ldapPrincipalPassword);
    }
}

我的例外：

org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=Users,DC=dc3,DC=dc2,DC=dc1'
 ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=Users,DC=dc3,DC=dc2,DC=dc1'
 ]; remaining name 'OU=Group2,OU=Group1,dc=dc3,dc=dc2,dc=dc1'

如何将LDAP组映射到角色

0 个答案: