Announcement Announcement Module
Collapse
No announcement yet.
wrong configuration LDAP and spring security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • wrong configuration LDAP and spring security

    Hi,

    I plan to use LDAP on Jboss with Spring Security Framework.
    My first test runs successfully with following structure and configuration (buttom).

    ou=people,dc=test,dc=server
    uid="username"

    Now i what to find a way to extend this configuration to find the users in the following structure.

    cn="FULL NAME",ou=people,dc=test,dc=server
    uid="username"

    But i don't know what i need to change in the configuration.
    If i have a User "foo bar" with uid "bar" the structure is

    cn="foo bar",ou=people,dc=test,dc=server
    uid="bar"

    Is it possible to get the full name to complete the search string where the user with password can be find?
    Or can i use easily wildcard in the constructor-arg of the userSearch Bean.

    for example:

    Code:
           <bean id="userSearch"
                class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <constructor-arg index="0" value="ou=people"/>
                <constructor-arg index="1" value="cn=*"/>
                <constructor-arg index="2" value="(uid={0})"/>
                <constructor-arg index="3" ref="contextSource" />
            </bean>
    Code:
        <security:http auto-config="false" access-denied-page="/aa/login/login-repeated.html"
            path-type="regex" entry-point-ref="authenticationProcessingFilterEntryPoint">
            <security:intercept-url pattern="/aa/login[^/].*$" access="IS_AUTHENTICATED_FULLY"/>
            <security:intercept-url pattern="/.*" filters="none" />
            <security:form-login
                authentication-failure-url="/aa/login/login-repeated.html"
                default-target-url="/aa/login/missing-target.html" />
        </security:http>
    
        <bean id="authenticationProcessingFilterEntryPoint" 
                class="de.escidoc.core.aa.springsecurity.EscidocAuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl" value="/aa/login/login.html"/>
        </bean>
    
            <bean id="contextSource"
                class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
                <constructor-arg value="ldap://127.0.0.1:389/dc=test,dc=server"/>
            </bean>
    
            <bean id="userSearch"
                class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <constructor-arg index="0" value="ou=people"/>
                <constructor-arg index="1" value="(uid={0})"/>
                <constructor-arg index="2" ref="contextSource" />
            </bean>
    
            <bean id="ldapAuthProvider"
                class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
                <constructor-arg>
                    <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                        <constructor-arg ref="contextSource"/>
                        <property name="userSearch" ref="userSearch" />
                    </bean>
                </constructor-arg>
                <constructor-arg>
                    <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
                        <constructor-arg ref="contextSource"/>
                        <constructor-arg value="ou=group"/>
                        <property name="groupRoleAttribute" value="cn"/>
                        <property name="groupSearchFilter" value="(memberUid={1})"/>
                        <property name="rolePrefix" value=""/>
                        <property name="convertToUpperCase" value="false"/>
                    </bean>
                </constructor-arg>
                <property name="userDetailsContextMapper">
                    <bean class="de.escidoc.core.aa.ldap.EscidocLdapContextMapper"/>
                </property>
                <security:custom-authentication-provider />
            </bean>
    Best regards
    Wiesel
    Last edited by wiesel82; Aug 21st, 2012, 08:11 AM. Reason: resolved

  • #2
    Try using an empty String for the search base. For example:
    Code:
    <bean id="ldapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <constructor-arg>
            <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <constructor-arg ref="contextSource" />
                <property name="userSearch">
                    <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                      <constructor-arg index="0" value=""/>
                      <constructor-arg index="1" value="(uid={0})"/>
                      <constructor-arg index="2" ref="contextSource" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                <constructor-arg ref="contextSource" />
                <constructor-arg value="ou=groups" />
                <property name="groupSearchFilter" value="(member={0})"/>
                <property name="rolePrefix" value="ROLE_"/>
                <property name="searchSubtree" value="true"/>
                <property name="convertToUpperCase" value="true"/>
            </bean>
        </constructor-arg>
    </bean>
    Depending on your version of Spring Security, you could do something similar with the namespace configuration:

    Code:
        <security:authentication-manager>
            <security:ldap-authentication-provider
                group-search-filter="member={0}"
                group-search-base="ou=groups"
                user-search-base=""
                user-search-filter="uid={0}"
            />
        </security:authentication-manager>

    Comment


    • #3
      Hi,
      thank you.

      It works fine with your solution and i found also a second solution which work.

      <bean id="userSearch"
      class="org.springframework.security.ldap.search.Fi lterBasedLdapUserSearch">
      <constructor-arg index="0" value="ou=people"/>
      <constructor-arg index="1" value="(&amp;(uid={0})(cn=*))"/>
      <constructor-arg index="2" ref="contextSource" />
      </bean>

      Best regards

      Wiesel

      Comment

      Working...
      X