Spring ActiveDirectoryLdapAuthenticationProvider issue - Getting Supplied password was invalid

1
votes

Please take a look on configuration as shown below:

 ldap.urls=ldap://***.***.local:8389
    ldap.base.dn=dc=test,dc=com
    ldap.user.dn.pattern=(&(objectClass=user)(userPrincipalName={0})(memberof=CN=Group Name,OU=***,OU=****,DC=test,DC=com))

WebSecurityConfig.java

 @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.url}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;

        @Override
        protected void configure(HttpSecurity http) throws Exception {


            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);

            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
                adProvider.setSearchFilter(this.ldapUserDnPattern);
            }

            auth.authenticationProvider(adProvider);

        }

    }

Can someone please tell me how to specify the userDn and password while configuring using ActiveDirectoryLdapAuthenticationProvider?

1
spring-bootspring-securityactive-directoryspring-ldap
stackoverflow.com/a/21070619/6572971 might help you. - Alien
Actually i also followed the same configuration even getting "Supplied password was invalid". I have setting up the userDN using pattern using setSearchFilter as shown above. Can you please help me out from this error. Thanks @Alien - Rajeswari Reddy
your missing property ldap.base.dn=test.com. - TomB
Where i am missing, Can you please help on this. Thanks @TomB - Rajeswari Reddy

1 Answers

0
votes

define ldap.domain=test.com in your properties.

 @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.url}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapBaseDN;

        @Value("${ldap.domain}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;

        @Override
        protected void configure(HttpSecurity http) throws Exception {


            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl, this.ldapBaseDN);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);

            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
                adProvider.setSearchFilter(this.ldapUserDnPattern);
            }

            auth.authenticationProvider(adProvider);

        }

    }