Announcement Announcement Module
No announcement yet.
Anonymous bind required for roles Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Anonymous bind required for roles

    Kia ora

    I am using openldap to store user information for logging into a web app with acegisecurity providing authentication. I'm trying to secure my openldap repository and discovered that in order to determine the user's roles, I need to allow anonymous "read" access to the roles ou. I really only want to allow anonymous "auth" access to the user's userPassword attribute which is required to allow the user to login. Is this a known issue with the ldap support in acegisec or am I just doing it wrong?

    Thanks for any assistance.

  • #2
    Could you post some code? I can't quite follow your question.


    • #3
      You should post any questions related to Acegi or Spring Security in their forum.


      • #4
        Yep, I've already tried that forum and received no response and thought I would try a little cross pollination. At this stage I guess I'm just stuck with allowing more anonymous access than I really want.


        • #5
          FWIW, the problem was that I hadn't provided credentials for an acegisecurity identity in my applicationContext.xml so it was trying to use anonymous access to search for user roles.

          <bean id="initialDirContextFactory"
                  <constructor-arg value="ldap://localhost:389/dc=base,dc=co,dc=nz"/>
                  For bind authentication don't require managerDn, but it is used for 
                  picking roles without requiring anon access.
                  <property name="managerDn">
                  <property name="managerPassword">