Spring 3.1 LDAP Authentication Process: “Bad Credentials” msg When Credentials Are Good

Question

Spring 3.1 Tomcat 6.*

I\'m working on making a Spring 3.1 webapp, authenticating with LDAP.

I tested the LDAP credentials (username, password, ldap URL, sear

Answer 1

Your Java example is using standard bind authentication, but you have set the Spring Security configuration to do an LDAP compare operation on the user's password. This will fail because the LDAP server is not using the same password encoding format as Spring Security's MD5 encoder. For a compare operation to succeed, the stored value must match the string that is sent to the directory. In most cases you want to use standard LDAP (bind) authentication. You'll probably need to use a bean configuration for the authentication provider. Try using:

 
   
     
     
       uid={0},ou=People
     
   
 
 
   
 
  
    
       
    
     



  

I'd recommend you also read the LDAP chapter of the reference manual.

Also, if you want to know why an authentication is failing, the best place to find out is the log for the LDAP server itself. If you don't have full access, then find out how it is set up and use a local server (such as OpenLDAP) where you have full control.