Announcement Announcement Module
No announcement yet.
baseDN problem Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • baseDN problem

    Hi, i've got a problem in the sense that i try to connect to an Active Directory server. I have set the baseDN in the folowing way:
       <bean id="userContextSource" class="">
             <property name="authenticationSource"
             <property name="url" value="ldap://"/>
             <property name="base" value="CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro" />
    ldapUserAuthService is a bean for a class that implements AuthenticationSource.

    Problem is that i cannot auth against the AD, if from ldapUserAuthService
    public String getPrincipal() {
            return "CN=Administrator";
    the method returns only this relative name.

    If I return the full DN: CN=Administrator, CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro it works.

    and it is confirmed by the post "If you are using the distinguished name form, even if your initial LDAP Context URL is something like:

    "LDAP:// Admins,DC=Antipodes,DC=Com"

    you cannot just use the Relative Distingusihed Name (RDN)

    "CN=John Smith", you must use the full distinguished name:

    "CN=John Smith,OU=IT Admins,DC=Antipodes,DC=Com"


    Ok, they way i thought of getting over it was that i will need to override the method in AbstractContextSource
    protected void setupAuthenticatedEnvironment(Hashtable env) {
                    .put(Context.SECURITY_PRINCIPAL, authenticationSource
            log.debug("Principal: '" + userName + "'");
            env.put(Context.SECURITY_CREDENTIALS, authenticationSource
    to .put(Context.SECURITY_PRINCIPAL, username + baseDN);
    But how can i get my hands on baseDN since base is private and there is no getter for it?
    But i guess my solution of overriding the method may be a wrong one and there is a more simpler, logical solution.

  • #2
    There's probably no elegant way to go about it at the moment.

    As you say, in the general case there is really no connection between the base path and the serurity principal. This is because the base path is for convenience in LDAP operations and it's quite possible (and not uncommon) that the security principal is placed elsewhere in the LDAP tree.

    It really should be the AuthenticationSource's responsibility to return the full DN, but I realize it would be awkward to supply the base path to that instance as well.

    There is a workaround, not all that ugly. We store away the base DN in the environment for use in DefaultDirObjectFactory, so you can retrieve it from there:
    protected void setupAuthenticatedEnvironment(Hashtable env) {
      DistinguishedName baseName = (DistinguishedName) env.get(DefaultDirObjectFactory.JNDI_ENV_BASE_PATH_KEY);
      if(baseName == null){
        baseName = DistringuishedName.EMPTY_PATH;
      env.put(Context.SECURITY_PRINCIPAL, baseName.toString());
      env.put(Context.SECURITY_CREDENTIALS, authenticationSource
    That should work for the time being. We'll add a protected getter for you to get the base path in a subclass in a future version.


    • #3
      Thanks for the answer guys.