The first part describes how it was possible to find where the AD server was running and then how to figure out the appropriate ldapquery string for the bind.
The source code can be found here.
To find an AD server on Windows 7, I pressed Ctrl + Window Menu + F together.
Selected a "function" filter of "All Active Directory Domain-controllers" and pressed search.
Next, I installed the Apache AD plugin for Eclipse and tested the connection to the "dcmuc" host name shown above in the search results.
The Apache plugin can be found here: http://directory.apache.org/studio/downloads.html
After snooping around in AD, I was able to find my distinguishedName (DN):
CN=wnpr,OU=users,OU=frankfurt,OU=gftobjects,DC=gft,DC=com
Below, one can see the Spring Security configuration for the above determined information.
@Configuration
@EnableWebSecurity
public class SecurityConfig
extends WebSecurityConfigurerAdapter
{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().contextSource().url("ldap://192.168.48.30/dc=gft,dc=com").port(389);
auth.ldapAuthentication()
.userDnPatterns("cn={0},ou=users")
.groupSearchBase("ou=frankfurt,ou=gftobjects");
}
}
Which is not correct and produced the following error:
java.lang.IllegalArgumentException: Either an LdapUserSearch or DN pattern (or both) must be supplied.
The reason these were null even though I was setting them was because each call of "ldapAuthentication" created a new instance of the Authenticator, of which only one had the proper values set. So, I change it to:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>
configurer = auth.ldapAuthentication();
configurer.contextSource().url("ldap://192.168.48.30/DC=gft,DC=com").port(389);
configurer//.userDnPatterns("cn={0},ou=users,ou=frankfurt,ou=gftobjects")
//.userSearchBase("OU=users,OU=frankfurt,OU=gftobjects")
.userSearchBase("OU=users,OU=frankfurt,OU=gftobjects")
.userSearchFilter("sAMAccountName={0}")
;
}
Now, I've got the following error.
org.springframework.security.authentication.InternalAuthenticationServiceException: Uncategorized exception occured during LDAP processing; naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind connection., data 0, v1db1 ]; remaining name 'ou=users,ou=frankfurt,ou=gftobjects'
Which translated means:
Cause: The DN path which points to where the users are located in the directory is invalid.
I changed the code now to:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>
configurer = auth.ldapAuthentication();
configurer.contextSource().url("ldap://192.168.48.30/dc=gft,dc=com").port(389);
configurer.userDnPatterns("cn={0},ou=users,ou=frankfurt,ou=gftobjects")
}
but still had no luck. The resulting error was:
HTTP Status 500 - Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name ''
Which seemed closer. The problems was the authorization. The authentication was working!I found this class. NullLdapAuthoritiesPopulator. The default one, DefaultLdapAuthoritiesPopulator , looks for occurrences of "uniqueMember" in the user's profile, which in my case didn't exist.
 |
| After failed login attempt |
 |
| After successful login |
Miscellaneous:
To search for users in AD, execute the following from he command line:
%SystemRoot%\SYSTEM32\rundll32.exe dsquery,OpenQueryWindow
ldap online training| ldap training| call us+919000444287 ...
ReplyDeletewww.21cssindia.com/courses/ldap-online-training-103.html
LDAP Online Training, LDAP training, LDAP course contents, LDAP , call us: +919000444287,contact@21cssindia.com.