I'm trying to setup Spring Security for LDAP authentication on my Spring MVC application. I can't seem to get the simple/principal authentication to work with the LdapAuthenticationProvider, so I'm trying to use the ActiveDirectoryLdapAuthenticationProvider, which does it by default.
I get a NameNotFoundException with the detailMessage after the context is created (and I think LDAP bind has occurred), from this line (310 in ActiveDirectoryLdapAuthenticationProvider.java):
return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context,
searchControls, searchRoot, searchFilter,
new Object[] { bindPrincipal });
Error message:
[LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=my,DC=company,DC=com']
The search filter is looking for an object with class "user" with a userPrincipalName equal to the username I authenticated with, and concatenated with the domain name for my domain. For example, "[email protected]". The attribute with that value exists, as I can authenticate with JXplorer in this method, and subsequently perform that search to find my user object.
The configuration for my WebSecurityConfigurerAdapter subclass, where I wire in an AuthenticationManagerBuilder, is basically this:
@Autowired
public void init(AuthenticationManagerBuilder auth) throws Exception {
ActiveDirectoryLdapAuthenticationProvider provider =
new ActiveDirectoryLdapAuthenticationProvider("my.company.com", "LDAPS://ad.my.company.com:636/dc=my,dc=company,dc=com");
provider.setConvertSubErrorCodesToExceptions(true);
auth.authenticationProvider(provider);
}
What is causing the NameNotFoundException? Is this the proper way to configure ActiveDirectory Authentication?
