Spring Security LDAP身份验证不会抛出任何属性或值错误
在遵循spring.io指南时,我无法针对真实的LDAP/AD进行身份验证: 当对真实的AD/LADP进行自动验证时,我遇到的问题是:Spring Security LDAP身份验证不会抛出任何属性或值错误,spring,spring-security,ldap,spring-security-ldap,Spring,Spring Security,Ldap,Spring Security Ldap,在遵循spring.io指南时,我无法针对真实的LDAP/AD进行身份验证: 当对真实的AD/LADP进行自动验证时,我遇到的问题是: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1: 0: 00002080: DSID-03080155, proble
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; nested exception is javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; remaining name 'CN=olahell,OU=Consultants,OU=Production,OU=Company'
下面是我的java身份验证配置:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.contextSource()
.url("ldap://company-dc02.company.local:389/dc=company,dc=local")
.managerDn("CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local")
.managerPassword("myPassword")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
我需要做的是使用
bindeauthenticator
,LDAP的配置如下:
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
String ldapServerUrl = "ldap://company-dc02.bergsala.local:389/dc=company,dc=local";
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapServerUrl);
String ldapManagerDn = "CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local";
contextSource.setUserDn(ldapManagerDn);
String ldapManagerPassword = "myPassword";
contextSource.setPassword(ldapManagerPassword);
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch("", "(&(objectClass=user)(sAMAccountName={0}))", contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new EmsLdapAuthoritiesPopulator(contextSource, ""));
return ldapAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
注意:EmsLdapAuthoritiesPopulator
扩展了defaultldaAuthoritiesPopulator
并覆盖了#getAdditionalRoles
,使我能够为用户设置额外的角色