Java 不获取角色的AD身份验证

我有个问题。我试图通过spring security对AD进行身份验证，但我无法这样做，因为每次看到下一个stacktrace：

2013-10-10 11:22:18.923 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.a.LdapAuthenticationProvider - Processing authentication request for user: Ivan.Ivanov
2013-10-10 11:22:18.924 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.s.FilterBasedLdapUserSearch - Searching for user 'Ivan.Ivanov', with user search [ searchFilter: '(&(sAMAccountName={0})(objectclass=user))', searchBase: 'DC=MyCompany,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-10-10 11:22:19.104 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Searching for entry in under DN '', base = 'DC=MyCompany,DC=com', filter = '(&(sAMAccountName={0})(objectclass=user))'
2013-10-10 11:22:19.114 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Found DN: cn=Ivanov Ivan,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.119 FET INFO  [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Ignoring PartialResultException
2013-10-10 11:22:19.121 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.a.BindAuthenticator - Attempting to bind as cn=Ivan.Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.122 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.303 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com

2013-10-10 11:22:19.304 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'Ivan.Ivanov', DN = 'cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com', with filter (uniqueMember={0}) in search base ''

2013-10-10 11:22:19.304 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com)
2013-10-10 11:22:19.306 FET INFO  [http-apr-8080-exec-3] o.s.l.c.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-10-10 11:22:19.343 FET WARN  [http-apr-8080-exec-3] o.s.s.a.e.LoggerListener - Authentication event AuthenticationFailureServiceExceptionEvent: Ivan.Ivanov; details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: D2C31B0111572159FA65357E652352D4; exception: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:'' ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:'' ]; remaining name ''

我的config*-security.xml是：

 <authentication-manager alias="authenticationManager">
    <ldap-authentication-provider  server-ref="contextSource"
            user-search-base="OU=Deparment 1,OU=Users,OU=MyCompany JSC,OU=MyCompany Group,DC=MyCompany,DC=com"
            user-search-filter="(&amp;(sAMAccountName={0})(objectclass=user))"
            role-prefix="none">
    </ldap-authentication-provider>
</authentication-manager>

---

LdapAuthenticationProvider

类使用

DefaultLdapAuthoritiesPopulator

搜索组。您可以创建并使用不同的

LdapAuthoritiesPopulator

实现来分配角色，例如通过查找数据库或仅通过硬编码（如果您只有一个角色）

---

请参阅哪个提供了更多详细信息，包括如何连接自定义权限填充器的示例。

谢谢，我使用CustomAuthoritiesPopulator设置了配置，我的错误消失了

CN=Ivanov Ivan,OU=Department 1.1.1,OU=Department 1.1,OU=Department 1,OU=Users,OU=MyCompany JSC,OU=MyCompany Group,DC=MyCompany,DC=com