I want to use LDAP in my application in order to authenticate
I used in my previous config the database to authenticate
this is my previous config :
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/test/**" access="hasRole('ADMIN')" />
<intercept-url pattern="/test1/**" access="hasRole('USER')" />
<form-login login-page="/index.htm" authentication-success-handler-ref="authenticationSuccessRedirecthandler"
default-target-url = "/test/MainHealthCertificat.htm"
authentication-failure-url="/index.htm?error=1"/>
<logout logout-success-url="/index.htm" />
</http>
<beans:bean class="com..CustomAuthenticationHandler" id="authenticationSuccessRedirecthandler"></beans:bean>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, enabled from users where username=?"
authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =? "
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
this is my java class :
public class CustomAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
String adminTargetUrl = "/test/mypage.htm";
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ADMIN")) {
getRedirectStrategy().sendRedirect(request, response, adminTargetUrl);
}else {
super.onAuthenticationSuccess(request, response, authentication);
return;
}
}
}
No I want to use ldap to authenticate
I modified security-app-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/test/**" access="hasRole('ADMIN')" />
<intercept-url pattern="/test1/**" access="hasRole('USER')" />
<form-login login-page="/index.htm" authentication-success-handler-ref="authenticationSuccessRedirecthandler"
default-target-url = "/test/MainHealthCertificat.htm"
authentication-failure-url="/index.htm?error=1"/>
<logout logout-success-url="/index.htm" />
</http>
<beans:bean class="com..CustomAuthenticationHandler" id="authenticationSuccessRedirecthandler"></beans:bean>
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(uid={0})"
user-search-base="ou=users"
group-search-filter="(uniqueMember={0})"
group-search-base="ou=groups"
group-role-attribute="cn"
role-prefix="ROLE_">
</security:ldap-authentication-provider>
</security:authentication-manager>
<security:ldap-server url="ldap://192.168.0.88:389" manager-dn="uid=admin,ou=system" manager-password="secret" />
</beans:beans>
but when I test I have this error :
Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0
honestly I'm lost in settings ldap parameter : ou dc, cn,
I need help to configure the parameter of ldap in security-app-context.xml
this is a correct parameter of ldap which should be used in security-app-context.xml
Base Provider URL
ldap://192.168.0.88:389
Base DN
DC=MINISTER,DC=FR
Principal
CN=LDAP Requester,OU=Users,OU=Technical Accounts,OU=P9 Accounts,DC=MINISTER,DC=FR
Credentials
minister$9999
Users
Authentication Search Filter
(&(objectClass=person)(mail=@email_address@))
Import Search Filter
(objectClass=person)
User Mapping
Screen Name
sAMAccountName
Password
userPassword
Email Address
Full Name
cn
First Name
givenName
Middle Name
middleName
Last Name
sn
Group
memberOf
Groups
Import Search Filter
(&(objectClass=group)(|(cn=MinisterUsers)(cn=MinisterAdministrateurs)(cn=Minister_*)))
Group Mapping
Group Name
cn
Description
sAMAccountName
User
member
Export
Users DN DC=MINISTER,DC=FR
Groups DN DC=MINISTER,DC=FR