spring-boot-starter-security 2.2.4.RELEASE, jdk 11
The org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues method is used for the group search during the web request authentication. The request passed the authentification. However, no user groups are found.
It uses the search controls with the scope SearchControls.OBJECT_SCOPE. The search controls prepared by the following method com.sun.jndi.toolkit.ctx.LdapCtx.c_getAttributes.(Name name, String[] attrIds, Continuation cont) As the result no any groups are found. If I using the ldap template for the search with the same input (group search base, group search filter, group role attribute) but with the SearchControls.SUBTREE_SCOPE all groups are found.
What I need to change in org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder configuration to use the SearchControls.SUBTREE_SCOPE for the group search?
Thank you!
SpringSecurityLdapTemplate
directly or is it through something like anLdapAuthoritiesPopulator
? – jzheauxSpringSecurityLdapTemplate
usesSUBTREE_SCOPE
by default, so I guess I'm not clear on what you are asking. If you are constructing it directly, then you can always callsetSearchControls
with whatever you need. – jzheaux