我对LDAP身份验证有问题。我尝试配置LDAP配置并在我的Spring Boot登录API中使用该LDAP。我不知道它是否正确。请有人建议如何在登录API中实现。 下面是我的LDAP配置代码。
@Value("${spring.ldap.username}")
private String LDAP_USERNAME;
@Value("${spring.ldap.password}")
private String LDAP_PASSWORD;
@Value("${spring.ldap.urls}")
private String LDAP_URLS;
@Value("${spring.ldap.base}")
private String LDAP_BASE;
@Value("${spring.ldap.anonymous-read-only}")
private boolean LDAP_ReadOnly;
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
LdapContextSource lcs = new LdapContextSource();
lcs.setUserDn(LDAP_USERNAME);
lcs.setPassword(LDAP_PASSWORD);
lcs.setUrl(LDAP_URLS);
// lcs.setReferral("follow");
lcs.setBase(LDAP_BASE);
lcs.setAnonymousReadOnly(LDAP_ReadOnly);
lcs.afterPropertiesSet();
authenticationManagerBuilder.ldapAuthentication().contextSource(lcs).userSearchBase("ouBaseHere").groupSearchBase(LDAP_USERNAME).userSearchFilter("userNameSearchHere");
}
这是我的Login API代码。
@PostMapping(value = {"/signin"})
public ResponseEntity < ?>signin(@Valid@RequestBody LoginRequest loginRequest) {
System.out.println("Username : " + loginRequest.getUsernameOrEmail());
System.out.println("Password : " + loginRequest.getPassword());
}
这是我的申请。属性。
spring.ldap.anonymous-read-only=true
spring.ldap.base= dc=example,dc=com
spring.ldap.password=XsR453!333@#q
spring.ldap.urls=ldap://192.168.111.1:1015
spring.ldap.username=test_usr
答案 0 :(得分:2)
我在项目中添加了LDAP,因此这里的信息可以帮助您在工作中设置ldap。您需要设置类似如下所述的内容:
private LoginLdapSettings getLdapSettings() {
LoginLdapSettings ldapSettings = new LoginLdapSettings();
ldapSettings.setDn(/**Enter the Dn of the LDAP server**/);
ldapSettings.setLdapUrl(/**Enter the URL of the LDAP server**/);
ldapSettings.setLdapPassword(/**Enter the PASSWORD of the LDAP server**/);
ldapSettings.setSearchFilter(/**Enter the SEARCH FILTER of the LDAP server**/);
ldapSettings.setLdapUsername(/**Enter the USERNAME of the LDAP server**/);
ldapSettings.setUserDnPattern(/**Enter the URL of the LDAP server**/);
return ldapSettings;
}
下面的方法是在使用Active Directory时
private ActiveDirectoryLdapAuthenticationProvider getActiveDirectoryLdapAuthenticationProvider(){
LoginLdapSettings ldapSettings = getLdapSettings();
StringBuilder ldapDomain = getLdapDomain(ldapSettings.getDn());
ActiveDirectoryLdapAuthenticationProvider authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(ldapDomain.toString(), ldapSettings.getLdapUrl());
authenticationProvider.setConvertSubErrorCodesToExceptions(true);
authenticationProvider.setUseAuthenticationRequestCredentials(false);
if(null != ldapSettings.getSearchFilter() && !ldapSettings.getSearchFilter().trim().isEmpty()) {
authenticationProvider.setSearchFilter(ldapSettings.getSearchFilter().trim());
}
authenticationProvider.setUserDetailsContextMapper(ldapUserDetailsMapper);
return authenticationProvider;
}
@Override
public void configure() throws ConfigurationException, InvalidAttributeValueException, IOException{
auth.authenticationProvider(getActiveDirectoryLdapAuthenticationProvider());
}
下面的方法是在使用OpenLDAP时
@Override
public void configure() throws Exception {
LoginLdapSettings ldapSettings = getLdapSettings();
auth.ldapAuthentication()
.contextSource()
.url(ldapSettings.getLdapUrl() + "/" + ldapSettings.getDn())
.managerDn(ldapSettings.getLdapUsername())
.managerPassword(ldapSettings.getLdapPassword())
.and()
.userSearchFilter(searchFilter)
.userDnPatterns(ldapSettings.getUserDnPattern()) // I used this as the pattern "uid={0}"
.userDetailsContextMapper(ldapUserDetailsMapper);
}
如果您喜欢答案,请投票! :)