Announcement Announcement Module
No announcement yet.
Spring 3.0 Security with Active Directory and Lightweight Directory Services Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring 3.0 Security with Active Directory and Lightweight Directory Services

    Hello folks,

    I am hoping someone can help me out with Spring Security, LDAP, AD and LDS. Being fairly new to Spring and Java this is first time I have tried to do this so apologies if any of this basic

    Firstly, does anyone know if Spring can connect to LDS?

    Secondly, how do you do it?! I have the following configuration but every time I try to validate I get a Bad Credentials error message:

    HTML Code:
    <authentication-manager alias="ldapAuthenicationManager"> 
        <ldap-authentication-provider user-dn-pattern="CN={0},OU=Users,O=JLP,C=UK" >
    </ldap-authentication-provider> </authentication-manager>
    <ldap-server url="ldap://server ip/o=JLP,c=UK" manager-dn="CN=Manager,O=JLP,C=UK" manager-password="manager" />
    I think the issue is to do with the Manager account connecting to AD but I cant be certain. Is there anything else I can check to make sure that is right?



  • #2
    Hi Morris

    I am currently connecting to a Server 2008 AD/LDS and I have authenticated against it in the past. So I know at least for 2008 its possible.

    A couple things ... The Spring Security 3 book by peter mularien was helpful

    Test your login with a ldap client outside Spring, 2008 has ldp.exe and I can also recommend the softteraa LDAP browser.

    for me the issue was what account I was using vs what AD expects ie does AD want the sAMAccount name ? the DN ? seems to depend and vary from server to server .

    in any case here is my manager string ..note the difference in manager-dn...In my caser I had to use all the parts .

    <ldap-server id="ldapServer" url="x.x.x.x:389/DC=com,DC=test,DC=server" manager-dn="CN=LookupUser,CN=Users,DC=com,DC=test,DC=server" manager-password="secret"/>
    good luck ...I understand that Spring security 3.1.0 has a more easily manipulated AD configuration


    • #3
      Hi Stimpy!

      Thanks for getting back to me, much appreciated for the help, it pointed me in the right direction and after a little bit of playing about I have got past this error.

      One other thing realised is that the user specified in the connection string must belong to the reader group (under roles in LDS) - oops, school boy error!

      Thanks again for the help,