Change @domain ending when searching against AD

Question

Domain

DC=red,DC=xyz

userPrincipalName: [email protected] in AD

@Bean
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider ap =
                new ActiveDirectoryLdapAuthenticationProvider(domain, url);

        ap.setSearchFilter("(userPrincipalName={0})"); //change @ ending here?
        ap.setConvertSubErrorCodesToExceptions(true);
        ap.setUseAuthenticationRequestCredentials(true);
        ap.setUserDetailsContextMapper(userDetailsContextMapper);

        return ap;
    }

This code authenticates against AD successfully and tries to search the tree DC=red,DC=xyz using userPrincipalName: [email protected]

Search fails since @red.xyz is obsolete and @blue.com is used. How can I reconfigure the @ ending in java without changing domain?

Noripsni Noripsni · Accepted Answer · 2017-01-25T08:44:27

Problem was that userPrincipalName was different than AD username and domain end. ActiveDirectoryLdapAuthenticationProvider adds search parameter username@domain by default.

As a solution I overrided ActiveDirectoryLdapAuthenticationProvider and changed the search filter to sAMAccountName and value to plain username without domain.

Change @domain ending when searching against AD

1 Answers