Announcement Announcement Module
Collapse
No announcement yet.
Help converting LDAP config from namspace to bean Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help converting LDAP config from namspace to bean

    I have a working LDAP namespace config like this:

    HTML Code:
    <ldap-server id="my_ldap" url="ldap://host.com:389/"/>
    
    <ldap-authentication-provider server-ref="my_ldap"
          user-search-filter="(cn={0})"
          user-search-base="o=mycompany">
    </ldap-authentication-provider>
    I had to switch to a bean config because I need to get roles from DB. So how do I configure the above using bean config? This is what I have but it doesn't work (I successfully configured my local LDAP that had "user-dn-pattern="uid={0},ou=people" in the ldap-authentication-provider, but I'm not sure where to specify the user-search-filter and user-search-base):


    HTML Code:
    <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
          <beans:constructor-arg value="ldap://host.com:389/" />
    </beans:bean>
    
    <beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
          <custom-authentication-provider />
          <beans:constructor-arg ref="bindAuthenticator" />
          <beans:constructor-arg ref="ldapRolesPopulator" />
    </beans:bean>
    
    <beans:bean id="bindAuthenticator" class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
          <beans:constructor-arg ref="contextSource" />
          <beans:property name="userDnPatterns">
             <beans:list><beans:value>(cn={0}),o=mycompany</beans:value>
             </beans:list>
          </beans:property>
    
          <!-- I tried this as well but didn't work: -->
    <!--
          <property name="userSearch">
             <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <constructor-arg index="0" value="" />
                <constructor-arg index="1" value="(cn={0})" />
                <constructor-arg index="2" ref="contextSource" />
             </beans:bean>
          </property>
    -->
    </beans:bean>
    
       <!-- This is what makes possible to assign Roles to LDAP users -->
    <beans:bean id="ldapRolesPopulator" class="com.mycompany.LdapRolesPopulator">
          <beans:property name="dataSource" ref="dataSource" />
    </beans:bean>

    This must be simple but I can't figure it out even looking at the documentation.
    Thanks in advance for any guidance.

  • #2
    There are two general approaches to figuring out the wiring of beans. One is to take a look at the spring-security-config source code and find out what the BeanDefinitionParsers are doing. The second option is to wire it using the namespace and add a debug point to what you are trying to wire up. You should then be able to inspect the objects and turn it into a Spring configuration.

    For your specific situation, I would take a look at the Spring Security ldap sample application as it demonstrates two equivalent ldap providers (one using namepace config and one using traditional config).

    HTH,

    Comment


    • #3
      Just to report the solution. I haven't been able to setup env where I can debug Spring Security code, maybe I just need to spend enough time. But after just a few minutes of fiddling with the config, the following works (yellow=added, gray=removed--only showing beans that changed from my original post):

      HTML Code:
      <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
         <beans:constructor-arg value="ldap://host.com:389/" />
         <beans:property name="userDn" value="o=mycompany"/>
      </beans:bean>
      
      <beans:bean id="bindAuthenticator" class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
            <beans:property name="userSearch">
               <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                  <beans:constructor-arg index="0" value="" />
                  <beans:constructor-arg index="1" value="(cn={0})" />
                  <beans:constructor-arg index="2" ref="contextSource" />
               </beans:bean>
            </beans:property>
      </beans:bean>

      Comment

      Working...
      X