The following function authenticates my user successfully. I have been trying to convert this code into Spring XML with an "ldap-authentication-provider" but so far no success (authentication returns an error, which I cannot debug/log).
public void auth(String user, String password)
{
try
{
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://172.18.0.240:389");
//
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "PFA\\"+user);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);
boolean result = ctx != null;
if(ctx != null)
ctx.close();
return result;
}
catch (Exception e)
{
return false;
}
}
In theory (using the tutorials all around the web) it should look something like this:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true">
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/auth" access="permitAll" />
<intercept-url pattern="/favicon.ico" access="permitAll" />
<intercept-url pattern="/dashboard" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login
login-page="/auth"
default-target-url="/dashboard"
authentication-failure-url="/auth?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/auth?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<ldap-authentication-provider user-dn-pattern="uid=PFA\\{0}"/>
</authentication-manager>
<ldap-server url="ldap://172.18.0.240:389/" />
</beans:beans>
if in stead of LDAP i the following authentication, it works just fine:
<authentication-provider>
<user-service>
<user name="peter" password="verysecurepassword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
What am I doing wrong?
EDIT:
After getting some more information about the active directory we use I have edited the XML:
<authentication-manager>
<ldap-authentication-provider user-search-filter="(uid={0})"
user-search-base="ou=Company"/>
</authentication-manager>
<ldap-server url="ldap://172.18.0.240:389/dc=pfa,dc=local" />
the full path to my own user is: pfa.local/Company/Users Company/Office/Suboffice/
When I try to login now I get the following error message:
Reason: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name 'ou=Company'
This seems to have to do with being able to query the active directory. However with the LdapCtxFactory example this was not needed. Can I get around this ?
