Announcement Announcement Module
Collapse
No announcement yet.
LDAP authorities Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP authorities

    Hi everyone,

    I am currently trying to query an Active Directory server. I am successfully authenticating the user but I am having problems when trying to get the userís roles.
    The problem I'm having is that I don't know how to specify which attributes I want my LDAP query to return. In my case, I want my query to return all the attributes "memberOf" that a specific user has.

    My applicationContext.xml looks like this:

    Code:
    <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
           <constructor-arg value="ldap://ldapServerName:389"  />
           <property name="base" value = "OU=Wrap Users,OU=UK,DC=CORP,DC=CH,DC=NT"/>
    </bean>
    
    <bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    	<constructor-arg>
    	  <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
    	    <constructor-arg ref="contextSource"/>
    	    <property name="userDnPatterns">
    	      <list>
    	      		<value>CN=John Smith</value>
    	      	</list>
    	    </property>
    	  </bean>
    	</constructor-arg>
    	<constructor-arg>
    	   <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    	     <constructor-arg ref="contextSource"/>
    	     <constructor-arg value="CN=John Smith"/>
    	     <property name="rolePrefix" value="ROLE_"/>
    	     <property name="groupSearchFilter" value="(memberOf=*)"/>
    	     <property name="groupRoleAttribute" value="cn" />
    	     <property name="searchSubtree" value="true" />
    	   </bean>
    	 </constructor-arg>
    </bean>
    I used a program called Wireshark to intercept the LDAP query that I am sending to the server and my LDAP query returns 0 result. I have attached the request and response made to the LDAP server.

    I also used a program called LDAP Browser that allows a user to make LDAP queries. When using this program, the LDAP query returns the values of the "memberOf" attributes correctly. I've also attached the screenshots for the LDAP queries intercepted by Wireshark

    Any help would be very much appreciated!

    Thanks!

  • #2
    I'd take a look at the source of DefaultLdapAuthoritiesPopulator. If you look at the consturctor you are passing "CN=John Smith" as the group search base. You might try enabling debug for this class and see what it is actually using to search.

    Comment


    • #3
      Thank you for your post. The query that DefaultLdapAuthoritiesPopulator uses seems fine (see LDAP_Request.JPG, attached in my first post). Is there any way I can specify in my applicationContext.xml which attributes I want the LDAP server to return?

      Comment

      Working...
      X