Announcement Announcement Module
No announcement yet.
<ldap-user-service> attribute "user-search-base" doesn't seem to work Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • <ldap-user-service> attribute "user-search-base" doesn't seem to work

    I'm trying to authenticate against LDAP server, but can't make it work. This is my configuration:

    <ldap-server id="ldapServer" url="ldap://localhost:10389/" manager-dn="uid=admin,ou=system" manager-password="pswd" />
    	<ldap-user-service id="ldapUserService" server-ref="ldapServer" user-search-base="ou=system" user-search-filter="uid={0}" group-search-base="ou=groups,ou=system"/>
    	<ldap-authentication-provider server-ref="ldapServer"/>
    	<http path-type="ant" realm="SavvyInsight">
    		<http-basic />
    		<intercept-url method="GET" pattern="/**" access="ROLE_SAMPLE"/>
    DNs are in form uid={user},ou=system, so I hope my configuration for ldap-user-service is fine. But, no matter how I configure, it always tries to authenticate as 'uid=user,ou=people'?!
    I understand this is still under development. Is LDAP support operational? I hope you guys can give me some poinerts about this.

  • #2
    The ldap-user-service element was only added a week or so ago, so it wouldn't suprise me if there was an issue. I'll check it out.

    BTW, please start a new thread unless your post is relevant to the original subject.


    • #3
      Ah, I see the confusion. The <ldap-provider/> and <ldap-user-service /> are actually independent. <ldap-authentication-provider /> is rather limited at the moment as to the configuration operations that are available. <ldap-user-service /> just creates a UserDetailsService object that uses LDAP.

      I've added support to the authentication-provider element to handle an embedded ldap-user-service, so you should be able to use:

          <ldap-user-service />
      which should allow you to authenticate against the retrieved user data from the directory. Of course this relies on the password being readable.

      At some point, I'll add more options to <ldap-authentication-provider /> to make it more flexible.
      Last edited by Luke Taylor; Jan 31st, 2008, 03:06 PM.


      • #4

        I am utilizing the build in LDAP server but I want to use the user cache. Can I do this with namespace configuration? This is the configuration that I have.
        Thanks a lot.

        <ldap-server root="dc=springframework,dc=org" id="testServer" />
          <ldap-authentication-provider group-search-filter="member={0}" group-search-base="ou=groups" user-search-base="ou=people" user-search-filter="uid={0}" /> 
        	<authentication-manager alias="authenticationManager" />