Announcement Announcement Module
Collapse
No announcement yet.
Retrieving Groups from Opend DS -- Spring Security LDAP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Retrieving Groups from Opend DS -- Spring Security LDAP

    Hi, I am using Spring Security LDAP in my application.
    I am able to validate the user but I am not able to retrieve the Group of the user.

    The following is the XML snippet I am using.

    <bean id="secondLdapProvider" class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
    <constructor-arg>
    <bean class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userSearch">
    <bean id="userSearch" class="org.springframework.security.ldap.search.Fi lterBasedLdapUserSearch">
    <constructor-arg index="0" value="ou=people"/>
    <constructor-arg index="1" value="(uid={0})"/>
    <constructor-arg index="2" ref="contextSource" />
    </bean>
    </property>
    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="ou=groups" />
    <property name="groupSearchFilter" value="(member={0})"/>
    <property name="rolePrefix" value="ROLE_"/>
    <property name="searchSubtree" value="true"/>
    <property name="convertToUpperCase" value="true"/>
    </bean>
    </constructor-arg>
    </bean>
    The following is the Open DS structure.

    Can any body help to solve this?

    Attachment
    Attached Files

  • #2
    Not without more information. Please read this FAQ and follow the advice about getting plain LDAP to work before using Spring Security. It refers to authentication, but the same applies to any other LDAP access issues.

    Comment


    • #3
      Hi I have tried the code given in the Spring FAQ's. I am able to authenticate the user but not able to get roles...

      Comment


      • #4
        Hi Taylor, The following is the LDIF which is there in the OpenDS.

        dn: cn=role1,ou=Groups,dc=anil,dc=com
        cn: role1
        objectClass: top
        objectClass: groupOfUniqueNames
        uniqueMember: uid=user.2,ou=People,dc=anil,dc=com
        uniqueMember: uid=user1,ou=People,dc=anil,dc=com

        I feel I am missing some config parameters which i need to change/add.

        Please help me. I am dead in water.

        Comment


        • #5
          To being with, you need to use "uniqueMember", rather than "member" in the filter.

          As I said before, you are best to write some basic Java LDAP code (consult the Java LDAP tutorial if necessary) before trying to get a Spring Security configuration to work.

          Comment


          • #6
            Thank you.

            Originally posted by Luke Taylor View Post
            To being with, you need to use "uniqueMember", rather than "member" in the filter.

            As I said before, you are best to write some basic Java LDAP code (consult the Java LDAP tutorial if necessary) before trying to get a Spring Security configuration to work.

            Comment


            • #7
              Also I would suggest using some standard LDAP tools, such as Apache Directory Studio, when testing search criteria and examining results, prior to actually trying to get the whole thing to work. As Luke says, if you aren't familiar with LDAP concepts you will have a very hard time implementing this in Spring Security.

              Comment

              Working...
              X