Spring security 3.1 authentication LDAP with md5

0
votes

When we try to authenticate using the spring authentication manager, its says "bad credentials":

Authentication request = new UsernamePasswordAuthenticationToken("john", "johnldap");
result = authenticationManager.authenticate(request);

Here the SecurityApplicationContext.xml file:

  <authentication-manager alias="authenticationManager">
        <ldap-authentication-provider server-ref="ldapLocal"
            user-dn-pattern="uid={0},ou=People,dc=example,dc=com">         
        </ldap-authentication-provider> 
    </authentication-manager>
    <ldap-server url="ldap://127.0.0.1:389/dc=example,dc=com" manager-dn="admin" manager-password="xxxxxxxx" id="ldapLocal"  />

However using "ldapsearch" we can connect successfully:

ldapsearch -D "uid=john,ou=People,dc=example,dc=com" -w johnldap  -L "objectClass=*"

At first time we thought the issue was that we've to tell spring to do a md5 of the password before call LDAP. So we add it to the applicationSecurtyContext.xml:

    <beans:bean id="passwordEncoder"  class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
    </beans:bean>
    <authentication-manager alias="authenticationManager">
        <ldap-authentication-provider server-ref="ldapLocal"
            user-dn-pattern="uid={0},ou=People,dc=example,dc=com">  
         <password-compare>
            <password-encoder ref="passwordEncoder"> </password-encoder>
        </password-compare>
        </ldap-authentication-provider> 
    </authentication-manager>
    <ldap-server url="ldap://127.0.0.1:389/dc=example,dc=com" manager-dn="admin" manager-password="xxxxxxxx" id="ldapLocal"  />

But when we add the tag it says:

LDAP: error code 34 - invalid DN]

What's wrong here?

2
springspring-securityspring-ldap

2 Answers

1
votes

If I remember correctly the user-dn-pattern should not contain the root dn, as it will be automatically appended. So try using:

user-dn-pattern="uid={0},ou=People">

And I don't think you need the password-encoder if you only want to do a simple bind authentication.

0
votes

I spent a lot of time trying to connect with spring security, looking at stackoverflow I also thought that it may be problem with encoding, because passwords are in md5, though I had to add mentioned above root dn separately, password gets encoded by ldap server. Below is my working version:

<ldap-server url="ldap://dsa.company.com:389/" manager-dn="cn=manager,dc=company,dc=com"
    manager-password="pass"></ldap-server>
<authentication-manager>
    <ldap-authentication-provider
        user-dn-pattern="cn={0},ou=people,dc=company,dc=com"
        group-search-base="ou=groups,dc=company,dc=com" />
</authentication-manager>